Course Name P-0

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-1

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-2

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-3

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-4

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-5

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-6

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-7

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-8

Confidential Information of Huawei. No Spreading Without

Permission
 Course Name P-9

 For carriers, this solution has the following benefits:

 High-quality leased line services on any IP network The CloudVPN Solution uses the overlay technology to
enable any-to-any VPN connections on any accessible networks that have reachable IP addresses,
including carrier-built on-net networks or the off-net networks for third-party access.
 Self-service provisioning of enterprise leased lines
 The CloudOpera Orchestrator uniformly schedules network resources. It is associated with the Agile
Controller to dynamically set up connections between branches of an enterprise based on the tenant's
resource request. This simplifies network configuration and reduces the service provisioning time.
 On-demand VASs The CloudVPN Solution provides carriers and enterprises with flexible VASs with
virtualized VAS devices, which can dynamically direct traffic and automatically deploy VAS policies as
required.
 Plug-and-play CPEs The CloudVPN Solution supports one-stop enterprise site CPE model selection, self-
service subscription, automatic delivery, and automatic login. CPEs are plug-and-play and require no onsite
manual installation or commissioning, reducing labor costs and saving time.
 For enterprise tenants, this solution has the following benefits:
 One-click enterprise leased line deployment and self-service provisioning The CloudVPN Solution offers
self-service interfaces such as a carrier portal, tenant portal, and mobile app to allow users to purchase and
configure services on demand. A user only needs to log in to the portal page and purchase or adjust
resources, including branch site equipment or services, bandwidth, VASs, or reliability service.
 One-stop enterprise DC service and leased line subscription and provisioning Currently, enterprise DC
services and leased lines are applied for and provided independently. An enterprise needs to plan, apply
for, monitor, and analyze leased line resources and DC resources separately. As services are rapidly
developed and diversified, enterprises require one-stop leased line and DC service subscription and
provisioning.
 The CloudVPN Solution meets this requirement. It coordinates resources on enterprise branch and DC
networks to implement coordinative deployment. The Orchestrator decomposes network resources of the
enterprise DC, branches, and cloud. Tunnels are set up using IPSec VPN to transmit services between
enterprise branches and the DC at Layer 3.
 Self-maintenance tenant networks The CloudVPN Solution offers tenants a portal and app to display
application distribution and implement self-maintenance operations, including group-based adjustment,
bandwidth management, and traffic control, anytime, anywhere.

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-10

Confidential Information of Huawei. No Spreading Without

Permission
 Course Name P-11

 Portal
 The eCommerce portal, tenant portal, and mobile app provide self-services to tenants.
Tenants can subscribe to service packages, and activate, adjust, and monitor services by
themselves.
 The carrier portal monitors and manages system resources and services.
 Service collaboration layer
 Huawei IES provides service collaboration capabilities, including ICT-Orchestrator (ICT-O)
and ICT-Assurance (ICT-A).
 The ICT-O supports global service collaboration. It provides end-to-end (E2E) lifecycle
management, automatic deployment, and monitoring on network and IT services as well as
on physical and virtual resources.
 The ICT-A provides management and O&M of global services, networks, and DC
resources, covering collection of global faults and performance data, automatic analysis on
root causes, automatic fault location, and troubleshooting assistance to administrators.
 Management and control layer
 The Agile Controller-Campus (AC-Campus) supports network modeling and instantiation. It
transforms service models into network models and delivers configurations to physical and
virtual network elements (NEs).
 The Content Security Manager (CSM) controls and manages Virtualized Network Function
(VNF) NEs. It distributes, deploys, and monitors VNF resources, expands and decreases
the capacity of VNF NEs, and manages deregistration of VNF NEs.
 The FusionSphere/OpenStack cloud platform manages virtual machine (VM) resources.
 Network device layer
 Multiple device types: physical CPEs (network devices) and VNF devices (VAS devices,
such as CloudCPEs and CloudFWs)
 Multiple network topologies: L2 access, L3 access, and 1:N centralized deployment

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-12

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-13

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-14

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-15

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-16

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-17

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-18

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-19

Confidential Information of Huawei. No Spreading Without

Permission
 Course Name P-20

 Unified tenant account design: The ICT-O synchronizes tenant account information
to the SDP eCommerce platform, mobile app server, tenant portal, and carrier
portal.
 ESN obtaining design: After CPEs are delivered to a site, a tenant administrator
logs in to the mobile app, selects the current site in the site list, and scans CPE
barcodes to import ESNs.

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-21

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-22

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-23

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-24

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-25

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-26

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-27

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-28

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-29

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-30

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-31

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-32

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-33

Confidential Information of Huawei. No Spreading Without

Permission
 Course Name P-34

 VXLAN tunnels are overlay tunnels and set up to connect virtual networks of
different branches of an enterprise.
 IPSec tunnels provide NAT traversal and encryption capabilities to ensure
environment adaptability and security of the overlay network.

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-35

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-36

Confidential Information of Huawei. No Spreading Without

Permission
 Course Name P-37

 Note: When L3 CPEs are deployed, bandwidth limits are not supported for downlink
traffic sent to sites from the Internet, other sites, and DCs.

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-38

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-39

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-40

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-41

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-42

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-43

Confidential Information of Huawei. No Spreading Without

Permission
44
45
46
47
48
Course Name P-49

Confidential Information of Huawei. No Spreading Without

Permission
 Course Name P-50

 The following management components are all deployed in a data center: CloudCPE,
CloudFW, eCommerce platform, IES, MANO, AC-Campus, and eLog server.
 Data centers are constructed in compliance with Huawei's security standards.
Security management and control are performed on virtual networks, functional
zones, demilitarized zone (DMZ), and data centers.
 CPEs are deployed as egress gateways at sites.

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-51

Confidential Information of Huawei. No Spreading Without

Permission
52
Course Name P-53

Confidential Information of Huawei. No Spreading Without

Permission
Course Name P-54

Confidential Information of Huawei. No Spreading Without

Permission