Professional Documents
Culture Documents
10 SDN-CloudVPN Solution Overview ISSUE1.00
10 SDN-CloudVPN Solution Overview ISSUE1.00
10 SDN-CloudVPN Solution Overview ISSUE1.00
Portal
The eCommerce portal, tenant portal, and mobile app provide self-services to tenants.
Tenants can subscribe to service packages, and activate, adjust, and monitor services by
themselves.
The carrier portal monitors and manages system resources and services.
Service collaboration layer
Huawei IES provides service collaboration capabilities, including ICT-Orchestrator (ICT-O)
and ICT-Assurance (ICT-A).
The ICT-O supports global service collaboration. It provides end-to-end (E2E) lifecycle
management, automatic deployment, and monitoring on network and IT services as well as
on physical and virtual resources.
The ICT-A provides management and O&M of global services, networks, and DC
resources, covering collection of global faults and performance data, automatic analysis on
root causes, automatic fault location, and troubleshooting assistance to administrators.
Management and control layer
The Agile Controller-Campus (AC-Campus) supports network modeling and instantiation. It
transforms service models into network models and delivers configurations to physical and
virtual network elements (NEs).
The Content Security Manager (CSM) controls and manages Virtualized Network Function
(VNF) NEs. It distributes, deploys, and monitors VNF resources, expands and decreases
the capacity of VNF NEs, and manages deregistration of VNF NEs.
The FusionSphere/OpenStack cloud platform manages virtual machine (VM) resources.
Network device layer
Multiple device types: physical CPEs (network devices) and VNF devices (VAS devices,
such as CloudCPEs and CloudFWs)
Multiple network topologies: L2 access, L3 access, and 1:N centralized deployment
Unified tenant account design: The ICT-O synchronizes tenant account information
to the SDP eCommerce platform, mobile app server, tenant portal, and carrier
portal.
ESN obtaining design: After CPEs are delivered to a site, a tenant administrator
logs in to the mobile app, selects the current site in the site list, and scans CPE
barcodes to import ESNs.
VXLAN tunnels are overlay tunnels and set up to connect virtual networks of
different branches of an enterprise.
IPSec tunnels provide NAT traversal and encryption capabilities to ensure
environment adaptability and security of the overlay network.
Note: When L3 CPEs are deployed, bandwidth limits are not supported for downlink
traffic sent to sites from the Internet, other sites, and DCs.
The following management components are all deployed in a data center: CloudCPE,
CloudFW, eCommerce platform, IES, MANO, AC-Campus, and eLog server.
Data centers are constructed in compliance with Huawei's security standards.
Security management and control are performed on virtual networks, functional
zones, demilitarized zone (DMZ), and data centers.
CPEs are deployed as egress gateways at sites.