Huawei eSight Full Product Datasheet

HUAWEI TECHNOLOGIES CO., LTD.

 Component Description

Provides compact, standard, and professional editions for enterprise users.

In addition to unied management of devices from various vendors, topology
management, fault management, performance management, a smart
configuration tool, configuration file management, and a Simple Network
eSight Unied Network Management Platform
Management Protocol (SNMP) northbound interface, the eSight Unified
Network Management Platform allows users to customize third-party devices,
helping establish a network management system customized to their own
needs.
Provides preset report templates to meet requirements in most management
scenarios.
eSight Smart Reporter
Provides a professional report design tool for users to customize statistics
reports.
Implements visible monitoring on network quality by combining the following

Huawei eSight Full Product Datasheet
Product Overview
With the development of enterprise network applications and the expansion of network scale, a large number
of routers, gateways, and Wireless Area Network (WLAN) devices are used on enterprise campus and branch
networks. Enterprises must provide multiple mobile offices, rather than a fixed location, for their employees,
and support diversified services, complicating network management. They urgently need a unified network
management system to improve efciency and ensure normal operation of enterprise services.
Huawei eSight is based on the following concepts: topology-centric, simplified management, and improved
Operation and Maintenance (O&M) efciency. Network administrators can gain an overall understanding of the
network status by viewing the topology. eSight not only provides basic network management capabilities (alarm,
topology, performance, and conguration) but also proactive warnings of potential network faults. In addition,
eSight provides abundant fault location methods to help administrators effectively locate and rectify faults. eSight
provides an all-round, open, and unied management platform, and various service components, to implement
unied management of devices, services, and applications.
Product Features
Easy to Use
eSight SLA Manager
eSight Network Trafc Analyzer
eSight LogCenter Manager
eSight WLAN Manager
methods: simulation ow-based and real service ow-based network quality
detection.
Monitors network quality using simulation ows by integrating with devices'
Network Quality Analysis (NQA) function to diagnose and measure link
performance between network devices 24x7 and displays Quality of Service
(QoS) statistics.eSight noties administrators remotely when QoS reaches the
threshold set by administrators.
Administrators can use the quick diagnosis function to monitor link
performance in real time and diagnose faults, which improves management
efciency.
Implements network quality detection based on iPCA, which is the industry's
rst multiple-input-multiple-output quality measurement technology and solves
the N2 connection problem in traditional point-to-point quality measurement
technologies. iPCA technology uses the enhanced area-based packet
conservation mechanism to monitor the quality on a connectionless network
and also provides accurate fault location capabilities.
Collects router and Layer 3 switch trafc, analyzes network trafc based on
NetFlow, NetStream, and sFlow protocols, and allows users to customize
reports. This helps network administrators monitor traffic and bandwidth
usage and detect network bottlenecks in a timely manner, providing evidence
for network planning and fault diagnosis.
Provides a platform for collecting, storing, and auditing multiple types of large-
scale logs in a unied manner.
Manages logs from Huawei and other vendors'devices.
Provides industry-leading Network Address Translation (NAT) tracing and
security events analysis functions.
Provides integrated management of wired and wireless networks.
Supports wizard configuration to improve deployment efficiency of wireless
services.
Displays information about WLAN network quality, interference sources,

Easy to Use
User-friendly Graphical User Interface (GUI) and smooth operations
wireless intrusion, and access terminals.
Active monitoring and visible O&M Supports one-click diagnosis, interference source locating, and spectrum
analysis to implement highly efcient troubleshooting.
Unified Management Integrates scattered VPN information into visible management objects and
ement
Unified Manag
Multi-type
- device management displays the information using gures and graphs.
Multi-vendor device management eSight MPLS VPN Manager Provides End-to-End (E2E) service deployment and hierarchical fault diagnosis
capabilities. Administrators can easily deploy, monitor, and diagnose VPN

Smart O&M
services to guarantee quality and reliability for key services.
Smart O&M
Automatically discovers Multiprotocol Label Switching (MPLS) Traffic
Plug-and-play
-
Engineering (TE) and Label Distribution Protocol (LDP) tunnels that have been
Automatic network quality sensing eSight MPLS Tunnel Manager
deployed on the network, monitors tunnels in real time, dynamically displays
tunnel operating status, and monitors active-standby switchover and bypasses.
Automatically discovers IPSec VPN services on the hub-spoke and site-to-
site networks and provides all-round monitoring and diagnostic functions,
eSight IPSec VPN Manager
including service alarm status monitoring, service topology, performance
monitoring, service diagnosis, and historical tunnel information display.
Provides unied security services management functions for the entire network,
Product Components including Huawei firewalls, Unified Threat Management (UTM), and Access
Routers (AR).
eSight Secure Center
Provides policy redundancy analysis, risk analysis, policy matching analysis,
eSight provides a unified O&M platform and specific components to meet enterprise user and comprehensive analysis for USG series rewalls to provide basis for policy
requirements. optimization.
 eSight can manage devices from different vendors and multiple resources to provide
unified management across the entire network.
Unified management of multi-vendor devices: eSight can manage devices from mainstream vendors,
including Huawei, Cisco, Juniper, Ruijie, H3C, Brocade, BDCOM, and Maipu.
Unied management of multi-type devices: eSight can manage network devices such as routers, switches,
rewalls, and WLAN devices, and IT resources such as servers and work stations.
Customized device management: eSight allows customers to customize vendor names, device types, panel
style, performance presentation, and alarms for rapid device adaptation.

eSight Unified Network Management Platform

Product Overview
As the network scales and the number of enterprise network applications continues to grow, more devices
are deployed. Multiple service routers, security gateways, and Wireless Local Area Network (WLAN) Access
Points (APs) are used to implement communications and collaboration services in decentralized enterprise
campus and branch ofce networks. Enterprises are using an increasing number of core and access devices
provided by multiple vendors. Each device has its own management system, creating confusion for system
and network administrators.
To alleviate the operational burden, Huawei has developed the eSight Unified Network Management
Platform, a unied network management system that provides a comprehensive view and management of all eSight provides rights-based, domain-based, and time-based authorization, and flexible
network and system resources, ensures network stability, and improves O&M efciency.
network user authentication methods.
The eSight Unied Network Management Platform provides compact, standard, and professional editions
for enterprise users. In addition to unified management of devices from various vendors, topology eSight enables rened management authorization by assigning different user names and passwords to
management, fault management, performance management, a smart conguration tool, conguration le administrators and by controlling administrator management authority, management range, time range
management, and a Simple Network Management Protocol (SNMP) northbound interface, the eSight Unied allowed to log in, and IP range allowed to log in.
Network Management Platform allows users to customize third-party devices, helping establish a network eSight supports Lightweight Directory Access Protocol (LDAP), RADIUS, and local authorization methods.
management system customized to their own needs.
The comprehensive fault monitoring system enables real-time fault diagnosis and quick
troubleshooting.
Features
eSight provides unied monitoring of alarms on the entire network and informs maintenance personnel of
The eSight Unified Network Management Platform provides compact, standard, and the alarms in the rst instance through alarm sounds, remote alarm notication (email and SMS), and the
professional editions for enterprise users. alarm panel, ensuring timely troubleshooting.
eSight supports alarm analysis and processing. eSight provides alarm locating functions to switch to NEs,
ports, and services, shield, suppress, and categorize alarms, analyze alarm correlation, redene the alarm
Edition Functions severity, and maintain the experience library, improving troubleshooting accuracy and efciency.
eSight supports customization for alarm shield, redefinition, and alarm sounds to meet specific
Supports topology management, Network Elements (NEs), links, physical resources, requirements in different scenarios.
e-labels, alarms, performance, conguration les, logs, Virtual Local Area Network (VLAN)
management, customized device management, report management, a smart conguration eSight provides visual management of the entire network topology and status monitoring.
tool, WLAN, IPSec Virtual Private Network (VPN), Multiprotocol Label Switching (MPLS)
Compact edition
VPN, Service Level Agreement (SLA), IP topology, NTA, Policy Center, MPLS Tunnel
Manager, maintenance tools, SNMP northbound interface, security management, and
device software management.
Provides database backup tool and fault collection tool.
Supports all functions of the compact edition, and Smart Reporter, SNMP north bound
Standard edition interface, SLA Manager, WLAN Manager, NTA, MPLS VPN Manager, MPLS tunnel manager,
Secure Center, LogCenter, and IPSec VPN manager.
Supports all functions of the standard edition, and hierarchical Network Management
Professional edition
System (NMS), High Availability (HA).
 Convenient resource searching on the entire network helps administrators quickly locate resources and
access corresponding services.
Intelligent conguration: eSight is precongured with multiple common service conguration templates.
Users can select an appropriate template to perform the same congurations on devices in a batch or use
a le to perform congurations on groups of devices in a batch.
Conguration le management: Conguration les for multiple devices can be backed up, compared, and
restored. The backup function includes immediate backup and periodic backups, and backups triggered by
device conguration changes. When the device conguration changes, eSight can trigger alarms and send
alarm notication through email.
MIB management: eSight provides Management Information Base (MIB) compilation, loading functions
and Get, GetNext, Walk, and TableView operations.

eSight supports wired and wireless convergence management.

Various device discovery methods: eSight can discover devices automatically, separately, or in a batch.
Unified configuration for wired and wireless services: eSight supports the unified configuration of
The automatic device discovery model can add new devices periodically. eSight supports management of
wired and wireless services based on the service matrix (including resource groups and service proles),
devices with IPv6 addresses.
improving configuration efficiency. When a device goes online, the device is automatically added to
Simplified management on network topologies: eSight provides physical and IP topologies and shows the specied resource group and is granted with the corresponding policies. Plug-and-play is therefore
network structure hierarchically. Administrators can view network resource alarm states and basic link implemented.
information, such as device name, link type, link state, bandwidth, reception speed, package reception
error rate, package sending error rate, reception package loss rate, and sending package loss rate.
Administrators can set the device icon size according to device importance, customize the cross-sectional
area of links according to the bandwidth, and zoom out or in on the topology view for a global view or to
display details. eSight allows administrators to quickly view device state and link trafc through integration
of service components.
eSight shows device, frame, board, subcard, port on panel, and port state, and allows administrators to
enable or disable ports.
Powerful performance management: eSight provides performance parameter management templates,
supports batch device performance monitoring, visual performance data view, and history date analysis.
Administrators can set different alarm severity and threshold levels and determine whether to send an
alarm based on the number of times that performance indexes exceed the threshold value, lowering report
Unied management on wired and wireless users: eSight monitors wired and wireless users in a unied
errors and improving alarm accuracy.
manner. When associated with WLAN Manager, eSight can quickly rectify faults on wireless users.
Terminal resource management: eSight provides comprehensive terminal access records, including MAC,
IP address, device name, and port number, helping administrators nd the switch and port on the switch
through which a terminal is connected to the network. Administrators can configure the authorized
terminal IP address, MAC address, and PORT-IP, PORT-MAC, and IP-MAC matching rules. When a terminal
accesses the network illegally, eSight sends emails and records comprehensive information about the
illegal terminal, providing the basis for audits of illegal users.
Group-based management: After a device is added to eSight, the device is automatically added to the
group based on the specied rules and is granted with policies in the group.
Display of wired and wireless devices on one panel: Based on super virtual fabric (SVF) technology, eSight
Hierarchical network management: Users at headquarters can view alarm, topology, and performance
manages multiple access and aggregation switches as one switch. Information about access switches, APs,
information from lower-level network management systems. Hierarchical network management meets
and users is displayed on one panel.
large scale network management requirements.

Simple and convenient daily maintenance operations and lower technical requirements
improve work efficiency.
The customized portal allows users to receive all information on the home page. eSight can also integrate
third-party software portals with the home page.
 Operating Environment
Conguration requirements for the eSight Unied Network Management Platform (compact edition) are as
follows:

Operating System Configuration Requirements

CPU: 1 x dual-core 2 GHz or higher
Memory: 4 GB
Disk space: 40 GB
Windows7
Database: MySQL 5.5

PC servers are recommended.

Configuration requirements for the eSight Unified Network Management Platform (standard and
professionaleditions) are as follows:

Operating System Configuration Requirement

CPU: 1 x dual-core 2 GHz or higher
Memory: 4 GB
Disk space: 40 GB
eSight supports unified VLAN resource management.
Database: MySQL 5.5, Microsoft SQL Server 2008 R2 standard
Windows Server 2008 R2 standard
eSight allows administrators to create and delete VLAN resources, deliver VLAN configurations, view
resources in the VLAN topology, and collect VLAN statistics on the entire network. PC servers are recommended.
VLAN resource management: eSight displays VLAN resources on the entire network. Administrators can Determine the hardware specications based on the network scale and
add, delete, and modify VLANs, and view devices and interfaces whose packets can pass through the required components.
specied VLAN. When administrators delete a VLAN, eSight can display all devices and interfaces related CPU: 1 x dual-core 2 GHz or higher
to the VLAN to prevent misoperation. Memory: 4 GB
VLAN device management: eSight allows administrators to perform interface and VLAN congurations for Disk space: 40 GB
multiple devices in a batch and can quickly switch to the NE manager. Administrators can view, add, and Novell SUSE Linux Enterprise Server-Multi- Database: Oracle Database Standard Edition 11g R2
modify VLAN information on the device panel of the NE manager and can also congure voice VLANs. language-Enterprise-11.0 SP1
PC servers are recommended.
Visible VLAN topology: eSight can lter device and link information based on the VLAN. Administrators
Determine the hardware specications based on the network scale and
can add or remove multiple devices and links to a VLAN. eSight can also lter MSTP loop prevention ags
required components.
based on the VLAN.

eSight standard and professional editions can run on VMs. Requirements for VMs are as follows:

Operating System Configuration Requirement

VMWare ESXI 5.0
CPU: 1 x quad-core 2 GHz or higher
Memory: 6 GB
Disk space: 300 GB
Windows Server 2008 R2 standard
Database: Microsoft SQL Server 2008 R2 standard

Determine the hardware specications based on the network scale and

required components.

B/S architecture supports multiple operating systems.

eSight uses Browser/Server (B/S) architecture, which does not require any client software. The server need
only be updated when the software updates.
The platform supports Windows and SUSE Linux operating systems and Oracle, MySQL, and SQL Server
databases.

Disaster Recovery (DR) protection ensures service continuity and system reliability.
Sight supports two-node clusters in hot standby mode.
eSight supports the Linux operating system.
Deployment Scenarios
Ordering Information
The eSight network does not have special requirements when managed devices are connected to the eSight
server and devices support the Simple Network Management Protocol (SNMP). Table 2-1 Ordering information for eSight compact edition
eSight compact edition applies to small- and medium-sized enterprises.
Item Quantity Remarks
eSight Application Base-Compact (includes 40 device Mandatory for eSight Unified Network
1
licenses) Management Platform

Table 2-2 Ordering information for eSight standard edition

eSight Compact Edition
Item Quantity Remarks
eSight Application Base-Standard (includes 60 device Mandatory for eSight Unified Network
1
licenses) Management Platform
eSight Standard NMS License (for 25 incremental One license manages 25 incremental
Optional
devices) devices.
eSight Standard NMS License (for 50 incremental One license manages 50 incremental
Internet devices)
Optional
devices.
eSight Standard NMS License (for 100 incremental One license manages 100 incremental
Optional
devices) devices.
eSight Standard NMS License (for 200 incremental One license manages 200 incremental
Optional
devices) devices.
eSight Standard NMS License (for 300 incremental One license manages 300 incremental
Optional
devices) devices.
eSight Standard NMS License (for 500 incremental One license manages 500 incremental
Optional
devices) devices.
eSight Standard NMS License (for 1,000 incremental One license manages 1,000 incremental
eSight standard edition applies to medium- and large-sized enterprises. Optional
devices) devices.
eSight Standard NMS License (for 2,000 incremental One license manages 2,000 incremental
Optional
devices) devices.
eSight Standard NMS License (for 5,000 incremental One license manages 5,000 incremental
Optional
eSight Standard Edition devices) devices.
Branch
eSight SNMP NBI Component Optional Adds SNMP northbound interfaces.
VPN

VPN
Table 2-3 Ordering information for eSight professional edition
Branch Headquarters
Item Quantity Remarks
eSight Application Base-Professional (includes 60 device Mandatory for eSight Unified Network
1
licenses) Management Platform
eSight Professional NMS License (for 50 incremental One license manages 50 incremental
Optional
devices) devices.
eSight professional edition applies to ultra-large enterprises and is deployed at headquarters. eSight standard
eSight Professional NMS License (for 100 incremental One license manages 100 incremental
or professional edition is deployed at branches. Administrators at headquarters can check the network status Optional
devices) devices.
of each branch.
eSight Professional NMS License (for 200 incremental One license manages 200 incremental
Optional
devices) devices.
eSight Professional NMS License (for 300 incremental One license manages 300 incremental
eSight Standard or Professional Edition Optional
devices) devices.
eSight Professional Edition eSight Professional NMS License (for 500 incremental One license manages 500 incremental
Optional
Branch devices) devices.
VPN
eSight Professional NMS License (for 1,000 incremental One license manages 1,000 incremental
Headquarters Optional
devices) devices.
VPN
eSight Professional NMS License (for 2,000 incremental One license manages 2,000 incremental
Optional
Branch devices) devices.
eSight Professional NMS License (for 5,000 incremental One license manages 5,000 incremental
Optional
devices) devices.

eSight SNMP NBI Component Optional Adds SNMP northbound interfaces.

eSight Standard or Professional Edition
 Statistics in multiple dimensions allow users to understand data from various perspectives.
eSight Smart Reporter provides statistics in different dimensions, including top N statistics, statistics at
different levels (NE level, subnet level, and regional level), interface information (interface connection and
disconnection, interface trafc, and interface performance), device resource usage (CPU and memory), and
wireless resource usage (access users, AP trafc, AP rate, AP access failure, air interface usage, and AP radio).

Reports in multiple modes present statistics directly and intuitively.

eSight Smart Reporter supports not only tables but also graphs such as line, column, and pie charts,
presenting users with concise and direct statistics.

eSight Smart Reporter

Product Overview
With rapid network development and continual integration of network applications and service management,
Reports in multiple file formats apply to various scenarios.
information growth is exploding. Administrators, however, cannot extract the critical information they need
from the bulk; therefore, enterprises urgently need an information management system that can collect, eSight allows users to export report statistics into Excel, Word, or PDF les.
arrange, analyze, and display data to help improve operating efficiency. The information display mode
directly affects user understanding and provides the basis for decision making. In response to these needs,
eSight provides Smart Reporter as a powerful reporting tool.
Huawei eSight Smart Reporter provides preset report templates to meet requirements in most maintenance
scenarios and a professional report design tool for users to customize statistics reports.

Features
eSight Smart Reporter supports rights- and domain-based management and preset report
templates to meet requirements in most maintenance scenarios.
eSight provides dozens of preset report templates for various statistics elds, such as performance, alarm,
resources, WLAN, Service Level Agreement (SLA), and Quality of Service (QoS), helping users easily obtain
statistics.

Flexible report settings meet various statistics requirements.

eSight supports both manual and periodic reports. Users can specify the time interval to periodically
execute report tasks.
Users can set the time range for statistics.
eSight can collect statistics on multiple NEs simultaneously.
eSight can automatically send reports to users by email.
 Users can specify the times for eSight to collect data generated during peak hours.

Operating Environment
eSight Smart Reporter is installed on the same server as eSight Unified Network Management Platform
standard or professional edition; therefore, conguration requirements for the operating environments are
the same. eSight SLA Manager
Deployment Scenarios
Deployment scenarios for eSight Smart Reporter are the same as those for eSight Unified Network
Management Platform. Product Overviewt
Currently, most IP networks use coarse-grained bandwidth management polices and do not have quality
Ordering Information monitoring or guarantee mechanisms. Therefore, IP networks provide only connectivity and cannot ensure
good user experience. Users often experience service quality issues such as video pixelation, fuzzy voice, slow
network access, and slow response of cloud desktop. However, the networks and network administrators
Item Quantity Remarks are unaware of these issues because there is no system to monitor service quality on the entire network.
Administrators try to locate network problems only after receiving complaints from users. However, it
eSight Application Base-Standard (includes 60 often takes a long time to locate and solve a problem due to lack of real-time monitoring mechanisms and
device licenses)Or Mandatory for eSight Unified Network effective problem location methods. This problem location process is inefcient and severely affects user
1
eSight Application Base-Professional (includes 60 Management Platform experience.
device licenses)
Huawei eSight SLA Manager implements visible monitoring on network quality by combining the following
eSight Smart Reporter 1 Mandatory for eSight Smart Reporter methods: simulation ow-based and real service ow-based network quality detection.
Huawei eSight SLA Manager monitors network quality using simulation flows by integrating with the
eSight Smart Reporter-Special Services-customized
Optional Indicates the number of customized templates. devices' NQA function to diagnose and measure link performance between network devices 24 hours a
template development (per template)
day and displays QoS statistics. Administrators can set the QoS threshold, and eSight noties administrators
remotely when QoS reaches the threshold. Administrators can use the quick diagnosis function to monitor
link performance in real time and diagnose faults, which improves management efciency.
Huawei eSight SLA Manager implements network quality detection based on iPCA, which is the industry's
rst multiple-input-multiple-output quality measurement technology and solves the N2 connection problem
in traditional point-to-point quality measurement technologies. iPCA technology uses the enhanced area-
based packet conservation mechanism to monitor the quality on a connectionless network and also provides
accurate fault location capabilities.

Features
The network quality emulation test helps users discover network quality problems in
advance.
Service-oriented SLA and easy operation simplify O&M needs. Users can create an SLA service to carry
out E2E network QoS monitoring and evaluate network and service QoS based on SLA compliance. eSight
has more than 20 SLA service conguration items for video, audio, and network applications, allowing
customers to dene SLA services to meet their unique requirements.
 eSight SLA Manager displays network QoS statistics and generates alarms in advance to ensure user
experience. After a user creates an SLA task, it will be executed periodically. QoS statistics are displayed
based on daily compliance. When QoS meets the threshold conditions, eSight notifies administrators
remotely, enabling administrators to diagnose faults in advance to ensure the user experience.

eSight SLA Manager provides a quick diagnosis function to narrow the fault scope and shorten fault Users can further view real-time data on devices and links as well as packet loss in a port queue or on a
diagnosis time. The quick diagnosis function helps users locate faults by link segments, narrowing the fault port with the specied MAC address.
scope.

Network-level measurement
Network-level measurement targets an area to implement visible monitoring on the area network quality.
Visible historical network data provides a basis for network optimization. In actual applications, QoS values
indicate services of different priorities. Different services on a same link can be compared, and the result
shows whether QoS on a network has taken effect and provides a basis for QoS policy adjustment.

Path hop-by-hop detection can locate the node or link where packets are lost in an area.

eSight SLA Manager provides real-time QoS monitoring, multi-dimensional data analysis,
and graphical data display.
eSight uses the unied dashboard panel to vividly display QoS information, simplifying network management.
The dashboard displays and manages various QoS information in a centralized manner to administrators,
informing them of bandwidth usage and network exception information in real time. The QoS information
includes top bandwidth usage, top discarding rate, top Peak Information Rate (PIR), and top matching rate.

eSight supports network quality detection based on real service ows.

Device- or link-level measurement
After iPCA is enabled for agile devices and links in batches, quality status of devices and links is clearly
displayed in the topology. When the device or link quality threshold is exceeded, an alarm is generated and
reported to the administrator in a timely manner.
Operating Environment
eSight SLA Manager is installed on the same server as eSight Unified Network Management Platform
standard or professional edition; therefore, conguration requirements for the operating environments are
the same.

Deployment Scenarios
Deployment scenarios for eSight SLA Manager are the same as those for eSight Unified Network
Management Platform. Source devices must be added to eSight, and the IP addresses of the source and
destination devices can be pinged.

Ordering Information

Item Quantity Remarks

eSight Network Traffic Analyzer

eSight Application Base-Standard (includes 60
device licenses)Or Mandatory for eSight Unied Network Management
1
eSight Application Base-Professional (includes 60 Platform
device licenses)
eSight SLA Manager 1 Mandatory for eSight SLA Manager

Product Overview
Fast and stable access speeds improve ofce work efciency, while low access speeds can negatively affect
productivity. Administrators must determine which applications consume the most bandwidth and generate
heavy trafc, and which employees use these applications, and then change the network QoS policy and
expand the network when necessary.
eSight Network Trafc Analyzer (NTA) supports NetFlow, NetStream, and sFlow. It collects trafc information
output by routers and Layer 3 switches and provides user-defined reports to network administrators for
analysis of trafc and bandwidth usage and network bottleneck detection. eSight Network Trafc Analyzer
also provides information for network planning and troubleshooting.

Features
eSight Network Traffic Analyzer supports mainstream network traffic protocols, including NetStream,
NetFlow, and sFlow.
shows the customized dashboard that displays network status.
Figure 5-1 Customized dashboard

Multiple dimensions: eSight Network Trafc Analyzer ranks the trafc on devices and interfaces, including
interface usage, application, host, session, and Differentiated Services Code Point (DSCP) trafc.
Customization: eSight Network Trafc Analyzer allows users to customize the presented content, format,
and formatting style and supports partial trafc updates without changing the Graphical User Interface
(GUI).
 The interface traffic and usage rankings display interface traffic statistics, including the incoming and
outgoing rate and incoming and outgoing data packets. Clicking an interface will reveal information about
Interface Traffic Analysis
the trafc composition at different times, in multiple dimensions, including the application, host, session,
and DSCP.

Customized Traffic Applications and Group Network Traffic

Customization options for trafc applications and group network trafc, as follows:
Customized applications
Customized DSCP group
Customized application group
Customized IP address group or interface group

Customized Applications
eSight Network Trafc Analyzer components are recognized based on the protocol and port number, and
hundreds of standard applications and common Layer 4 applications are preset. Protocols and port numbers
can also be added for unknown applications, and network administrators can add applications as required.
Users can customize applications based on the specied protocol, port number, and IP address ranges.

Customized DSCP Group

DSCP group is a logical group, and users can create a group to differentiate DSCP composition. For example,
in WAN QoS monitoring, users can create a voice group (EF), a video group (AF31), and a group for the
other DSCP; therefore, eSight Network Trafc Analyzer can provide a reference for proper enterprise QoS
bandwidth and key service bandwidth planning.

Customized Application Groupt

Create application groups as required to obtain comprehensive information about specific applications.
For example, create an application group named Mail Service, and combine Lotus Notes, pop3, and SMTP
applications into the group to learn about mail application trafc.

Customized IP Address Group or Interface Groupt

Users can consider the IP addresses or interfaces in a certain range as a whole to calculate trafc statistics.
For example, assume that an enterprise has two oors and the total enterprise trafc must be calculated.
Simply combine all switch interfaces on the two oors into an interface group and analyze the total trafc.

Monitoring Multi-dimensional Traffic with Simple Configurationt

Overall network trafc analysis depends on high performance trafc analysis. Network administrators need
only add a monitoring interface and congure the trafc sampling ratio before monitoring and analyzing
interface trafc from multiple dimensions, including the following:
Interface trafc analysis
Application trafc analysis
Source/Destination host trafc analysis
DSCP trafc analysis
Session trafc analysis

Users can analyze trafc on the trafc trend diagram, which displays trafc and packets, respectively, on two
coordinates.

Interface traffic analysis checks the traffic trend for a specified interface, time range, and incoming and
outgoing trafc. Based on interface trafc analysis, network administrators can identify the interfaces that are
used most frequently on the network to gain a comprehensive understanding of the entire network status.
Administrators can detect interfaces with abnormal trafc and locate faults before network performance is
affected.

Application Traffic Analysis

Application trafc analysis checks the trend of application changes for a specied interface, time range, and
incoming and outgoing trafc. Administrators can locate the host that causes performance problems based
on the source ranking and destination hosts using a specic application.
 Source/Destination Host Traffic Analysist
Source/destination host trafc analysis checks the trend in source/destination host bandwidth usage changes
for a specified interface, time range, and incoming and outgoing traffic. Based on source/destination
host analysis, network administrators can identify the host that consumes high bandwidth and solve any
bandwidth problems in a timely manner to ensure bandwidth usage efciency.

Session Traffic Analysis

Session trafc analysis checks the trend of session trafc for a specied interface and time range. Session
traffic analysis provides detailed session information the network administrator can use for further fault
location.

DSCP Traffic Analysis

DSCP trafc analysis checks the DSCP trafc trend for a specied interface and time range, ensuring proper
QoS bandwidth planning and the quality of key services.

Group Traffic Analysis

Group traffic analysis displays the DSCP group, interface group, application group, and IP group traffic
statistics on specified interfaces within a specific time range. Network administrators can conveniently
analyze specic trafc as required to satisfy special maintenance requirements.
Operating Environment
Threshold Value Alarm eSight Network Trafc Analyzer can be deployed on the same server as eSight Unied Network Management
eSight allows administrators to set trafc threshold values for applications and hosts. When the number of Platform standard or professional edition, or on a different one. When they are congured on one server,
times that the monitored value exceeds the threshold values within a specied time reaches the preset value, they can manage no more than 10 NEs, and the conguration requirements are the same as those of the
eSight sends alarm notications through email. platform. When they are congured on different servers, conguration requirements are as follows:

Customized Traffic Report Operating System Configuration Requirement

eSight Network Trafc Analyzer can customize reports by specifying ltering rules, report type, and report CPU: 1 x quad-core 2 GHz or higher
layout conguration. Trafc reports provide references for further network planning. Memory: 4 GB
Disk space: 120 GB
Windows Server 2008 R2 standard Database: MySQL 5.5, Microsoft SQL Server 2008 R2 standard

PC servers are recommended.

Determine the hardware specications based on the network scale.

When eSight Network Trafc Analyzer and eSight Unied Network Management Platform are deployed on
different servers, eSight Network Trafc Analyzer can be deployed on a VM. VM resource requirements are
as follows:

Operating System Configuration Requirement

VMWare ESXI 5.0
CPU: 1 x quad-core 2 GHz or higher
Memory: 6 GB
Disk space: 300 GB
Windows Server 2008 R2 standard
Database: MySQL 5.5, Microsoft SQL Server 2008 R2 standard

PC servers are recommended.

Determine the hardware specications based on the network scale.

Deployment Scenarios

Original Data Stream Facilitates Fault Location

NTA can extract an original data stream based on a specified time range and filtering rules for further
Branch 1
analysis and fault location. Original trafc information includes the router, source, and destination address,
application, source and destination port, protocol, TCP ag, next hop, inbound and outbound interface, and
DSCP, trafc, and data packets.
Users can create trafc investigation tasks for suspected abnormal trafc on the NTA page to extract original WAN
data stream information about the current trafc. Branch 1

eSight network traffic system

 eSight Network Trafc Analyzer enables NetStream on an enterprise's WAN-link device interfaces to send
trafc information to the eSight Network Trafc Analyzer. eSight NTA provides the following functions in this
scenario:
Analyzes the current WAN link trafc composition.
Helps recognize abnormal trafc and junk applications.
Quickly locates the IP address of the terminal generating abnormal trafc.
Optimizes link application trafc distribution.
Improves WAN link usage.
Recognizes DSCP bandwidth distribution on the enterprise branch egress.
Adjusts service priority policies.
Periodically generates a link interface trafc report.
Detects network application trafc increase.
Facilitates advance network planning and expansion.

Ordering Information eSight LogCenter Manager

Item
eSight Application Base-Standard (includes 60
device licenses)Or
eSight Application Base-Professional (includes 60
device licenses)
eSight Network Trafc Analyzer
eSight NTA License-Incremental 1 Device License
Quantity Remarks
Mandatory for eSight Unified Network
1
Management Platform
Product Overview
1 Mandatory for eSight Network Trafc Analyzer Massive application systems and network devices are deployed in an enterprise, including hosts, databases,
other application systems, switches, and rewalls. Due to inconsistent device log formats, low readability,
Optional One license manages one incremental device. and difculties storing massive logs, major security risks cannot be promptly detected from logs.

eSight NTA License-Incremental 2 Device Licenses
eSight NTA License-Incremental 5 Device Licenses
Optional One license manages two incremental devices.
Government agencies and industrial organizations provide guidance and stipulations through internal control
laws and standards, which impose higher requirements on the completeness, accuracy, and effectiveness of
run logs and user logs.
Optional One license manages ve incremental devices.
eSight LogCenter:
Provides a platform for collecting, storing, and auditing multiple types of large-scale logs in a unified
manner.
Supports log management of Huawei and third-party vendors.
Provides industry-leading NAT tracing function and security event analysis.

Features
Unified Log Management and Quick Matching Capability
eSight LogCenter supports multiple log collection modes, including Syslog, session, SFTP, FTP static le,
FTP dynamic file, and Windows Management Instrumentation (WMI). Users can collect, classify, filter,
summarize, analyze, store, and monitor logs reported from the application systems or NEs to help the
administrator manage massive logs and learn NE running status, trace network user behaviors, and quickly
recognize and eliminate security risks.
eSight LogCenter supports prompt notications of key logs. The administrator can customize keywords,
log type, and log level thresholds. When logs match customized keywords, log type, or log level, eSight
LogCenter generates alarms in real time and noties users through SMS messages or emails.

Professional NAT Tracing and Automatic Association with User information to Meet Secure
Audit Requirements
eSight LogCenter collects and analyzes logs about sessions on NAT devices to obtain NAT information,
including the IP address, destination port, NAT source IP address, and protocols. eSight LogCenter uses the
NAT information and the data source provided by the Authentication, Authorization and Accounting (AAA)
server to ensure secure audit and trafc investigation.

Profound User Online Behavior Analysis

eSight LogCenter works with Huawei USG and ASG devices to analyze user online behaviors, including user
trafc, online time, keywords, web access trends, emails, applications, network threats, and outgoing les.

Rich Security Event Analysis Reports Showing Network Security Status

eSight LogCenter collects security event logs about network security devices and systems, such as Huawei
network UTM system, firewalls, intrusion protection system, and Anti-DDoS system, analyzes them, and
 generates reports to help users learn the network security status. eSight LogCenter supports DDoS attack Log Collector: Receives, summarizes, formats, lters, counts, and stores logs and generates alarms.
event analysis, plug-in block analysis, access control event analysis, policy matching analysis, IPS analysis, URL Log Analyzer: Manages policies, reports, devices, systems, and users.
lter analysis, and email lter analysis.
Log Console: Provides an interaction GUI for managing foreground and background using the web.

Centralized deployment: When performance requirements are low, eSight LogCenter can
also be deployed in a centralized way.

Huawei Log Analyzer

NAT
device
Million-level Log Processing per Second, Meeting Requirements of State-level Network
Auditing
eSight LogCenter meets the performance requirements of state-level network auditing and collects and
audits millions of system logs in a second, supporting high-performance log collection, storage, and audit
functions for large and ultra large networks. When fewer than 2,000 logs are managed every second in an SMB project, eSight LogCenter and an eSight
application base can be deployed on the same server.
Operating Environment
eSight LogCenter Manager can be deployed on the same server as eSight Unied Network Management
Ordering Information
Platform standard or professional edition, or on a different one. When they are configured on different
servers, conguration requirements are as follows: Description Quantity Remarks
Basic log management functions on eSight
Operating System Configuration Requirement LogCenter (including a small-scale log management 1 Mandatory
CPU: 1 x hexa-core 2 GHz or higher license)
Memory: 8 GB Extended eSight LogCenter management function
Optional. Extended functions include third-party
Disk space: 36 TB (The recommended available disk space is 33 TB.) components (including third-party device log 0 or 1
device log management and identity association.
Database: MySQL 5.5, Microsoft SQL Server 2008 R2 standard management and identity association)
Windows Server 2008 R2 standard
eSight LogCenter log management function Optional. The basic and expansible packages are
PC servers are recommended. 0 or 1
promotion packages included.
LogCenter supports distributed deployment. Determine the hardware
Optional. The log management capability is
specications and the number of servers based on the network scale.
Small-scale log management license (managing controlled by EPS (that is, the number of logs
250 Syslog logs every second for about 25 devices, collected every second). The value is calculated
Deployment Scenarios tracing 1,250 NAT logs with 250 Mbit/s outgoing Optional assuming that 10 Syslog logs are collected on
bandwidth, and supporting 250 GB storage for each device every second, and ve session logs
eSight LogCenter network can be deployed in centralized or distributed ways. about 60 days) are generated on 1 Mbit/s bandwidth every
second.
Distributed deployment: The Log Collector and the Log Analyzer are deployed separately
Medium-scale log management license (managing Project requirements in most scenarios can
on two servers.
1,000 Syslog logs every second for about 100 be met. Requirements can also be adjusted
devices, tracing 5,000 NAT logs with 1 Gbit/s Optional if customer requirements are decreased or
outgoing bandwidth, and supporting 1 TB storage increased. For example, if most devices on the
Log for about 60 days) user network are switches, which send fewer
Analyzer Syslog logs, a small-scale package can manage a
Large-scale log management license (managing
network consisting of 100 NEs; however, if the
2,500 Syslog logs every second for about 250
user network outgoing bandwidth is 200 Mbit/
devices, tracing 125,000 NAT logs with 2.5 Gbit/s Optional
s, while more than 2,000 sessions are generated
outgoing bandwidth, and supporting 2.5 TB storage
each second, two small-scale packages can be
for about 60 days)
used as required.
Storage expansion license for log management
components of eSight LogCenter-1 TB Optional
Congured only on one Log Collector
Storage expansion license for log management
Huawei components of eSight LogCenter-10 TB Optional The log storage expansion license is optional.
NAT Congured only on one Log Collector
device Storage expansion license for log management
Database storing SQL Server database for storing components of eSight LogCenter-30 TB Optional
original log text statistics logs and reports Congured only on one Log Collector
 Various Topology Views Show Wireless Network Status in Different Dimensions
Service topology: The service topology shows connections between the ACs, APs, and Stations (STAs)
and marks rogue APs. Users can view detailed information about the ACs, APs, STAs, and rogue APs and
diagnose wireless service faults (such as by the ping operation).

WLAN Manager

Product Overview
With network development, Wireless Fidelity (Wi-Fi), a low-cost and highly efcient network deployment
and maintenance mode, has been widely recognized by customers. However, Wi-Fi's high requirements on
the environment and distributed deployment of a large number of ACs and APs on WLAN networks make
maintenance costly and difcult; therefore, an easy-to-use and efcient WLAN management system is the
key to ensure enterprise E2E operations.
Huawei eSight WLAN Manager integrates the management of wired and wireless networks, supporting
wizard conguration to improve wireless services deployment efciency. It displays information about WLAN
network quality, interference sources, wireless intrusion, and access terminals. It also supports one-click
diagnosis, interference source locating, access terminal locating, and spectrum analysis at the terminal and
network side to implement highly efcient troubleshooting. Location topology: WLAN Manager can deploy APs to different areas in the physical topology and display
hotspots to help maintenance personnel discover radio signal coverage holes and channel collision areas.
It supports locating users, unauthorized devices, and interference sources, and displays historical tracks.
Features Administrators can determine whether to display or hide users of a specied area, rogue APs, unauthorized
users, and interference sources.
Unified Wired and Wireless Management

In eSight physical topology, users can monitor switches, routers, and security, IT, H3C, and Cisco devices in
a unied manner. Through centralized management of wired and wireless devices, such as ACs, Power over
Ethernet (PoE) switches, and APs, users can directly view device connections, status, and alarms on the entire
network.

Deploying Services on Wireless Devices in Batches, Improving Management Efficiency

Users can use the wizard to deploy services, accelerating service deployment, and manage Huawei ACs to
congure WLAN services. AP congurations are stored on the AC. After tunnels are set up between the AC
and APs, the APs can obtain congurations from the AC.
 Frequency spectrum analysis: Users can obtain the channel quality and interference source information
from spectrograms, which contain real-time, in-depth, channel quality, and channel quality trend grams,
and device duty cycle.

Wireless Network Security Detection

The Wireless Intrusion Detection System (WIDS) monitors intrusion devices and non-Wi-Fi interferences and
provides frequency spectrum analysis features. Quick network fault locating: Diagnose network quality from four aspects, including user, SSID, AP, and
AC. List possible problems and give corresponding solutions to help troubleshooting.
WIDS management: The WIDS manages wireless network interferences in different categories.
Interferences are classified based on user customized rules. Upon detecting an interference, the WIDS
chooses whether to generate an alarm based on user alarm configurations. The WIDS can also take
countermeasures for unauthorized devices.

Quick Service Adjustment, Covering Hotspots and Optimizing Radio Frequency

If a coverage hole exists on the network, users can use eSight WLAN Manager to quickly deploy services
on new APs to cover hotspots.

One-Click Diagnosis, Quickly Locating Faults

Diagnosis at the terminal side: WLAN diagnostic tools help rectify network faults caused by a terminal's
operating system version, wireless network adapter settings, and system service settings with one-click,
saving troubleshooting costs.
 When a carrier's APs or private APs occupy the planned channels and interfere with APs Deployment Scenarios
on the live network, users can use eSight WLAN Manager to quickly change the channel if
negotiation is unavailable.

Quick AP Fault Diagnosis

Ordering Information
Item Quantity Remarks
eSight Application Base-Standard (includes 60 device licenses)
Or Mandatory for eSight Unified
1
eSight Application Base-Professional (includes 60 device Network Management Platform
licenses)

eSight WLAN Manager (includes 5 APs) 1 Mandatory

One license manages ve incremental

eSight WLAN License-Incremental 5 AP Licenses Optional
APs
One license manages 50 incremental
eSight WLAN License-Incremental 50 AP Licenses Optional
APs.
eSight can restart, replace, and restore APs to factory settings in a batch. One license manages 100 incremental
eSight WLAN License-Incremental 100 AP Licenses Optional
APs.
During WLAN network debugging, or when APs are faulty, users can remotely restore APs to factory
settings in a batch. One license manages 200 incremental
eSight WLAN License-Incremental 200 AP Licenses Optional
APs.
During WLAN network debugging or when APs are upgraded, users can remotely restart APs in a batch.
One license manages 500 incremental
If an AP is faulty, users can quickly replace the AP in eSight. The replacement does not affect AP eSight WLAN License-Incremental 500 AP Licenses Optional
APs.
congurations.
One license manages 1,000
Resource Statistics Meeting O&M Requirements eSight WLAN License-Incremental 1,000 AP Licenses Optional
incremental APs.
Entire-network resource statistics: An online user line chart shows the top ve accessed t APs and SSIDs,
One license manages 2,000
top ve device alarms, and physical resource statistics on the entire network. eSight WLAN License-Incremental 2,000 AP Licenses Optional
incremental APs.
AC statistics: A line chart shows statistics about online users collected by the AC, including AP and domain
One license manages 5,000
information and the top ve AC alarms. eSight WLAN License-Incremental 5,000 AP Licenses Optional
incremental APs.
AP statistics: Shows the top ve AP alarms and performance counters (including the number of terminals
connected to APs, AP physical attributes and trafc, and radio trafc). eSight WLAN Real-Time Location System (RTLS) Optional WLAN positioning function

SSID statistics: Shows the number of APs, number of VAPs, and number of terminals connected to APs. One license manages ve incremental
eSight WLAN RTLS-5 AP Base Location Service Licenses Optional
Region and location statistics: Displays the total number of APs, number of online APs, and number of RTLS APs.
online STAs by region and location. One license manages 25 incremental
eSight WLAN RTLS-25 AP Base Location Service Licenses Optional
RTLS APs.
Operating Environment eSight WLAN RTLS-100 AP Base Location Service Licenses Optional
One license manages 100 incremental
RTLS APs.
eSight WLAN Manager is installed on the same server as eSight Unified Network Management Platform
standard or professional edition; therefore, the operating environment conguration requirements are the eSight WLAN Planning Tool Optional WLAN planning tool
same.
eSight WLAN Testing Tool Optional WLAN planning tool
 Simple and convenient auto-discovery of services simplifies O&M.
The MPLS VPN Manager combines policies and scopes for service discovery on the entire network. Users do
not need to specify device roles. The MPLS VPN Manager can detect various types of networks, including
full-mesh, hub-and-spoke, Multi-VPN-Instance CE (MCE), HoVPN, Inter-AS VPN-Option A, and Inter-AS VPN-
Option B networks.

One-click fault diagnosis enables fast fault identification.

The MPLS VPN Manager can identify service faults at different layers, including the access layer between
Provider Edges (PEs) and Customer Edges (CEs), and public routes and Label Switched Paths (LSPs) between
PEs.

MPLS VPN Manager

Product Overview
VPNs are complex, bearing various services such as data, voice, and video. Huawei eSight MPLS VPN
Manager is designed to deal with such complex scenarios as the following in routine maintenance:
Shielding complex services and allowing maintenance personnel to know the operating status of deployed
VPN services in real time and perform troubleshooting in a timely manner. Visual service management facilitates unified monitoring on the entire network and
provides real-time services operating status.
Monitoring the bandwidth usage of each service to ensure the priority of emergency command systems
and important users. The access topology view displays devices based on services currently running on them and displays alarms
Ensuring cross-regional video conferencing quality among provinces, cities, counties, and towns. and the link status of current services for quick diagnosis.
Huawei eSight MPLS VPN Manager integrates discrete VPN information on the network into visible
manageable objects and displays them in topology. Administrators can easily monitor VPN services and
diagnose faults to ensure QoS and reliability of key services.

Features
E2E wizard quickly deploys VPN services.
eSight MPLS VPN Manager provides E2E service deployment capabilities to help users quickly deploy new
VPN services, add new VPN access points, and change existing VPN services, improving service maintenance
efficiency. eSight MPLS VPN Manager supports static routes, OSPF, IS-IS, and Exterior Border Gateway
Protocol (EBGP) routing protocols between PEs and CEs on networks in full-mesh, hub-spoke, Multi-VPN-
Instance CE (MCE), and customized modes.

eSight MPLS VPN Manager interacts with report, SLA, and performance monitoring.
Intelligent interaction with performance monitoring: eSight MPLS VPN Manager allows users to customize
and view trafc statistics, Virtual Routing and Forwarding Tables (VRF) trafc statistics, and the number of
active VRF routes on the ve or ten most active access interfaces. eSight MPLS VPN Manager also provides
trafc trend charts with detailed counters.
 Ordering Information

Item Quantity Remarks

eSight Application Base-Standard (includes 60 device

licenses)Or Mandatory for eSight Unified Network
1
eSight Application Base-Professional (includes 60 Management Platform
device licenses)
eSight MPLS VPN Manager (includes 60 device Mandatory for eSight MPLS VPN Manager,
1
licenses) which can manage 60 PEs and CEs.
eSight MPLS VPN License-Incremental 50 Device One license manages 50 incremental PEs and
Optional
Licenses CEs.

eSight MPLS VPN License-Incremental 100 Device One license manages 100 incremental PEs
Optional
Licenses and CEs.
Intelligent interaction with SLA: eSight MPLS VPN Manager provides SLA assessment on service links eSight MPLS VPN License-Incremental 200 Device One license manages 200 incremental PEs
between a PE and a CE, and between PEs based on Internet Control Message Protocol (ICMP) Echo service. Optional
Licenses and CEs.
eSight MPLS VPN License-Incremental 500 Device One license manages 500 incremental PEs
Optional
Licenses and CEs.
eSight MPLS VPN License-Incremental 1,000 Device One license manages 1,000 incremental PEs
Optional
Licenses and CEs.
One license manages an unlimited number
of PEs and CEs, restricted only by the
eSight MPLS VPN License-Unlimited Device Licenses Optional
management capability of a specific eSight
version.

Intelligent interaction with reports: eSight MPLS VPN Manager provides interface traffic statistics and
service VRF statistics in reports, which customers can export.

Operating Environment
eSight MPLS VPN Manager is installed on the same server as eSight Unied Network Management Platform
standard or professional edition; therefore, the operating environment conguration requirements are the
same.

Deployment Scenarios
 eSight MPLS Tunnel Manager automatically discovers tunnels deployed on the network to
obtain information such as the number of tunnels, tunnel types, and tunnel status.
eSight MPLS Tunnel Manager uses the automatic discovery function to discover the MPLS TE tunnels (RSVP-
TE signaling-based dynamic tunnels and CR-Static signaling-based static tunnels) and LDP tunnels that have
been deployed on the network to eSight from specied or all devices.

eSight MPLS Tunnel Manager eSight MPLS Tunnel Manager monitors tunnels in real time and dynamically displays the
tunnel running status.
When receiving an alarm, eSight MPLS Tunnel Manager noties users of tunnel status changes in a timely
manner. The tunnel topology displays tunnel status and provides entries for users to view the link bandwidth
information (such as bandwidth on outbound or inbound interfaces and maximum reserved bandwidth), link
interface information, and whether MPLS is enabled on devices, helping users diagnose faults.
When receiving an alarm, users can directly access the Tunnel Topology page from the alarm page to check
the tunnel status.
Product Overview
Tunnel technology is widely used on enterprise networks. Enterprises choose tunnels based on service
features. Generally, LDP tunnels carry services with low bandwidth and QoS requirements, and MPLS TE
tunnels carry services with high bandwidth and QoS requirements. To ensure that services run properly,
administrators must know the following tunnel information on the current network: number of tunnels,
tunnel types, path of each tunnel, tunnels with the protection function, and whether a tunnel switchover
occurs.
eSight MPLS Tunnel Manager automatically discovers MPLS TE tunnels (RSVP-TE signaling-based dynamic
tunnels and CR-Static signaling-based static tunnels) and LDP tunnels that have been deployed on the
network. It monitors the tunnels in real time and displays tunnel running status dynamically. In addition,
eSight MPLS Tunnel Manager monitors active-standby switchover and bypasses.

Features
When detecting that the active LSP is faulty, eSight MPLS Tunnel Manager performs an active-standby
eSight MPLS Tunnel Manager allows users to easily and efficiently configure tunnel policies switchover or bypasses the faulty LSP. All paths of the original tunnel before the switchover or bypass are
using a template. unavailable. The active-standby tunnel switchover status is displayed in the tunnel topology.

The smart conguration tool can be used to deliver tunnel policies in a batch, which reduces errors and
improves efciency.
 When an LDP tunnel is faulty, all links in the tunnel topology are unavailable. Operating Environment
eSight MPLS Tunnel Manager is installed on the same server as eSight Unified Network Management
Platform standard or professional edition; therefore, the operating environment conguration requirements
are the same.

Deployment Scenarios

eSight MPLS Tunnel Manager works with MPLS VPN Manager to let users quickly locate
services affected by tunnel faults and check whether a service fault is caused by a tunnel
fault.
In the eSight MPLS VPN Manager service list, users can click Tunnel List to view tunnels that carry a VPN and
check whether a service fault is caused by a tunnel fault based on the tunnel status.

Ordering Information

Item Quantity Remarks

eSight Application Base-Standard (includes 60

device licenses)Or Mandatory for eSight Unied Network Management
1
eSight Application Base-Professional (includes 60 Platform
device licenses)
eSight MPLS Tunnel 1 Mandatory for eSight MPLS Tunnel Manager

In the eSight MPLS Tunnel Manager tunnel list, users can click View VPN to view VPNs carried on a tunnel
and learn which VPNs will be affected by a tunnel faul

eSight IPSec VPN Manager
Product Overview
Enterprises use the IPSec VPN network to carry service data, ensuring data security; however, IPSec VPN
technology is complex with multiple conguration parameters and commands, leading to troubleshooting
and routine maintenance difculties.
The eSight IPSec VPN management component automatically discovers IPSec VPN services on a hub-spoke
or site-to-site network to provide all-round monitoring and diagnosis, facilitating troubleshooting and
maintenance on the IPSec VPN network.
Features
Various Statistics Display, Showing IPSec VPN Network Performance Status
Automatic Service Discovery, Simplifying User Operation
eSight IPSec VPN Manager automatically discovers all or specified IPSec VPN services on a hub-spoke or
site-to-site network. Users can view service alarm status, encrypted service data direction, and packet loss
information on the service topology. Users can also view tunnel information and historical information about
tunnel setup to help locate service faults.
Quick Diagnosis, Improving Troubleshooting Efficiency
The quick diagnosis function allows users to find detailed causes for service faults, such as failure of
activating services and VPN faults. The following information can be diagnosed: interface status at two ends,
whether IPSec policies are applied to interfaces, whether the policies can initiate IPSec negotiation, IPSec
policy integrity, Internet Key Exchange (IKE) negotiation result, and IPSec negotiation result. Users can export
diagnosis results.
Operating Environment
eSight IPSec VPN Manager is installed on the same server as eSight Unied Network Management Platform
standard or professional edition; therefore, the operating environment conguration requirements are the
same.
Deployment Scenarios
Currently, eSight supports two IPSec VPN networking scenarios: site-to-site VPN (point-to-point) and hub-
spoke VPN (point-to-multipoint).
Site-to-site VPN
A site-to-site VPN implements communication between LANs; therefore, it is also called LAN-to-LAN VPN or
gateway-to-gateway VPN. Typical networking is shown below:
 PC PC
IPSec Tunnel

Headquarters Branch
Internet
Gateway A Gateway B

Server Server

Hub-spoke VPN
Hub-spoke VPN implements IPSec VPN communication between an enterprise headquarters and its multiple
branches. Typical networking is shown below:

eSight Secure Center

IPSec Tunnel

Branch 1
Gateway B Product Overview
eSight Secure Center provides security policy management functions (such as unified configuration and
Headquarters
Gateway A
Internet deployment of security application policies on the entire network) for Huawei UTM, firewalls, and ARs,
helping users manage multiple security devices in a unied manner and reducing security O&M costs.

Features
Branch 2
PC eSight Secure Center supports the unified configuration of security application policies.
Gateway C
IPSec Tunnel eSight Secure Center centrally manages security application policies on multiple devices, including Huawei
UTMs, rewalls, and ARs. Users can congure device security application polices based on the user, user
group, and device.

Ordering Information
Item Quantity Remarks

eSight Application Base-Standard (includes 60 device

licenses)Or Mandatory for eSight Unified Network
1
eSight Application Base-Professional (includes 60 device Management Platform
licenses)

eSight IPSec VPN Manager (includes 60 device licenses) 1 Mandatory. One license manages 60 devices.

eSight IPSec VPN License-Incremental 50 Device

Optional One license manages 50 devices.
Licenses
eSight IPSec VPN License-Incremental 100 Device
Optional One license manages 100 devices.
Licenses
eSight IPSec VPN License-Incremental 200 Device
Optional One license manages 200 devices.
Licenses
eSight IPSec VPN License-Incremental 500 Device
Optional One license manages 500 devices.
Licenses
eSight IPSec VPN License-Incremental 1,000 Device
Optional One license manages 1,000 devices.
Licenses
 eSight Secure Center supports intelligent security policy analysis to provide basis for Operating Environment
security policy optimization.
eSight Secure Center is installed on the same server as eSight Unified Network Management Platform
eSight Secure Center supports analysis on policy redundancy, policy risk, policy matching rate, and standard or professional edition; therefore, the operating environment conguration requirements are the
comprehensive policy analysis. same.
Policy redundancy analysis: Recognizes redundant policies on the network to ensure rationality of rewall
policies.
Deployment Scenarios
Policy risk analysis: Recognizes policies with potential risks and provides suggestions to ensure the conformity
and security of rewall policies. For example, if a policy is used to enable a port that must be disabled, or a Deployment scenarios for eSight Security Center are the same as those for eSight Unified Network
policy is applied to a wider network segment, potential risks exist. Management Platform.
Policy matching rate analysis: Recognizes policies with high matching possibilities to facilitate policy
optimization by O&M personnel. Ordering Information
Comprehensive policy analysis: Integrates analysis on policy redundancy, policy risk, and policy matching rate
to provide device robustness assessment.
Description Quantity Remarks

eSight Application Base-Standard (includes 60 device

licenses)Or Mandatory for eSight Unified Network
1
eSight Application Base-Professional (includes 60 device Management Platform
licenses)
Mandatory. One license manages 60
eSight IPSec VPN Manager (includes 60 device licenses) 1
devices.

eSight IPSec VPN License-Incremental 50 Device Licenses Optional One license manages 50 devices.

eSight IPSec VPN License-Incremental 100 Device

Optional One license manages 100 devices.
Licenses
eSight IPSec VPN License-Incremental 200 Device
Optional One license manages 100 devices.
Licenses
eSight IPSec VPN License-Incremental 500 Device
Optional One license manages 100 devices.
Licenses
eSight IPSec VPN License-Incremental 1,000 Device
Optional One license manages 100 devices.
Licenses
eSight Secure Center supports virtual firewall management.
eSight Secure Center automatically detects virtual rewalls and congures security policies on them and can
congure and manage security policies on hundreds of virtual rewalls in a unied manner.
Copyright Huawei Technologies Co., Ltd. 2014. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei
Technologies Co., Ltd.

Trademark Notice
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.

General Disclaimer
The information in this document may contain predictive statements including,
without limitation, statements regarding the future financial and operating results,
future product portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially from those
expressed or implied in the predictive statements. Therefore, such information is
provided for reference purpose only and constitutes neither an offer nor an
acceptance. Huawei may change the information at any time without notice.