Product Description: Esight V300R002C01

eSight
V300R002C01
Product Description
Issue 01
Date 2016-04-30
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://e.huawei.com
Issue 01 (2016-04-30) Huawei Proprietary and Confidential i

Copyright © Huawei Technologies Co., Ltd.
eSight
Product Description About This Document
About This Document
Purpose
This document describes the product positioning, architecture, functions, and applications of
eSight and provides configuration requirements and technical counters for eSight.
This document helps you understand eSight functions and basic operations in eSight.
Intended Audience
This document is intended for:
l Huawei pre-sales engineers

l Huawei technical support engineers
l Partner pre-sales engineers
l Partner technical support engineers
l Enterprise pre-sales engineers
l Enterprise administrators
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates an imminently hazardous situation which, if not

avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not

avoided, could result in death or serious injury.

avoided, may result in minor or moderate injury.
Issue 01 (2016-04-30) Huawei Proprietary and Confidential ii

eSight
Product Description About This Document
Symbol Description

avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
injury.
Calls attention to important information, best practices and

tips.
NOTE is used to address information not related to
personal injury, equipment damage, and environment
deterioration.
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Updates in Issue 01 (2016-04-30)

This issue is the first official release.
Issue 01 (2016-04-30) Huawei Proprietary and Confidential iii

eSight
Product Description Contents
Contents
About This Document.....................................................................................................................ii

1 Product Positioning and Features...............................................................................................1
1.1 Positioning...................................................................................................................................................................... 2
1.2 Features...........................................................................................................................................................................2
2 Functions and Features................................................................................................................. 7

2.1 eSight Platform............................................................................................................................................................... 8
2.1.1 Security Management.................................................................................................................................................. 8
2.1.2 Log Management....................................................................................................................................................... 13
2.1.3 Resource Management.............................................................................................................................................. 14
2.1.4 Alarm Management................................................................................................................................................... 15
2.1.5 Performance Management......................................................................................................................................... 21
2.1.6 Topology Management.............................................................................................................................................. 25
2.1.7 View Display on Home Pages................................................................................................................................... 28
2.1.8 Big Screen Monitoring.............................................................................................................................................. 28
2.1.9 Maintenance Tool...................................................................................................................................................... 29
2.1.10 Lower-Layer NMSs................................................................................................................................................. 30
2.1.11 License Management............................................................................................................................................... 30
2.1.12 Database Overflow Dump....................................................................................................................................... 31
2.1.13 Two-Node Cluster System.......................................................................................................................................31
2.2 Network Device and Service Management.................................................................................................................. 32
2.2.1 Network Device Management................................................................................................................................... 32
2.2.2 Configuration File Management................................................................................................................................33
2.2.3 User-defined Device Management............................................................................................................................ 35
2.2.4 Terminal Resources................................................................................................................................................... 38
2.2.5 Link Management......................................................................................................................................................42
2.2.6 IP Topology Management..........................................................................................................................................42
2.2.7 Smart Configuration Tool.......................................................................................................................................... 44
2.2.8 NE Software Management.........................................................................................................................................46
2.2.9 MIB Management......................................................................................................................................................47
2.2.10 Report Management................................................................................................................................................ 48
2.2.11 WLAN Management................................................................................................................................................48
2.2.12 BGP/MPLS VPN Management............................................................................................................................... 56
Issue 01 (2016-04-30) Huawei Proprietary and Confidential iv

eSight
2.2.13 BGP/MPLS Tunnel Management............................................................................................................................60

2.2.14 SLA Management....................................................................................................................................................62
2.2.15 QoS Management.................................................................................................................................................... 69
2.2.16 NTA Management................................................................................................................................................... 70
2.2.17 VLAN Management................................................................................................................................................ 77
2.2.18 iPCA Management.................................................................................................................................................. 80
2.2.19 SVF Management.................................................................................................................................................... 83
2.2.20 PON Management................................................................................................................................................... 84
2.2.21 AR Voice Management............................................................................................................................................85
2.2.22 IPSec VPN Management......................................................................................................................................... 86
2.2.23 Secure Center Management.....................................................................................................................................93
2.2.24 LogCenter Management........................................................................................................................................ 123
2.3 Unified Communications & Collaborations Management......................................................................................... 124
2.3.1 Unified Communications Management...................................................................................................................124
2.3.1.1 Managing UC Devices..........................................................................................................................................125
2.3.1.1.1 IP PBX Management......................................................................................................................................... 125
2.3.1.1.2 U2900 Management.......................................................................................................................................... 127
2.3.1.1.3 USM Management.............................................................................................................................................129
2.3.1.1.4 EGW Management............................................................................................................................................ 129
2.3.1.1.5 IAD Management.............................................................................................................................................. 130
2.3.1.1.6 UAP3300 Management..................................................................................................................................... 132
2.3.1.2 Managing UC Applications.................................................................................................................................. 133
2.3.1.3 Managing Meeting Applications.......................................................................................................................... 137
2.3.1.4 Managing CC Applications.................................................................................................................................. 138
2.3.1.5 Managing VTM Devices...................................................................................................................................... 139
2.3.1.6 Managing UC Outsourced Devices...................................................................................................................... 140
2.3.1.7 Voice Quality Monitoring..................................................................................................................................... 141
2.3.1.8 Managing the certificate....................................................................................................................................... 142
2.3.1.9 Device Information Export................................................................................................................................... 143
2.3.2 Telepresence Meeting Management........................................................................................................................ 143
2.3.2.1 Telepresence Device Management....................................................................................................................... 143
2.3.2.2 Network Diagnosis............................................................................................................................................... 145
2.3.3 Video Surveillance Management.............................................................................................................................145
2.3.3.1 Managing IVS Applications................................................................................................................................. 146
2.3.3.2 Data Analysis........................................................................................................................................................147
2.3.4 IP Phone Management.............................................................................................................................................148
2.3.5 Third-Party Application Management.....................................................................................................................150
2.4 Server Management.................................................................................................................................................... 151
2.4.1 Server Device Management.....................................................................................................................................151
2.4.2 Server Stateless Computing Management............................................................................................................... 153
2.4.3 Server Deployment Management............................................................................................................................ 156
2.4.4 Firmware Version Management...............................................................................................................................157
Issue 01 (2016-04-30) Huawei Proprietary and Confidential v

eSight
2.5 Storage Management.................................................................................................................................................. 157

2.5.1 Storage Device Management...................................................................................................................................157
2.5.2 Storage Report Management................................................................................................................................... 161
2.5.3 Storage Capacity Management................................................................................................................................ 162
2.6 Host Management.......................................................................................................................................................164
2.7 Computing Virtualization Management..................................................................................................................... 165
2.8 MicroDC Management............................................................................................................................................... 165
2.9 Infrastructure Management.........................................................................................................................................168
2.10 eLTE Management....................................................................................................................................................171
2.10.1 eLTE CPE Management........................................................................................................................................ 171
2.10.2 eLTE eNodeB Management...................................................................................................................................173
2.10.3 eLTE eCNS Management...................................................................................................................................... 175
2.10.4 eLTE Service Channel Diagnosis.......................................................................................................................... 176
2.11 Application Management..........................................................................................................................................176
2.11.1 Monitoring of Diversified Resources.................................................................................................................... 176
2.11.2 Resource Management...........................................................................................................................................177
2.11.3 Performance Management..................................................................................................................................... 178
2.11.4 Business View........................................................................................................................................................179
2.11.5 Alarm Management............................................................................................................................................... 180
2.11.6 SLA........................................................................................................................................................................180
2.11.7 Home Page.............................................................................................................................................................180
2.11.8 Report Management...............................................................................................................................................181
3 Deployment Mode.....................................................................................................................185
3.1 Standalone Mode........................................................................................................................................................ 186
3.2 Distributed Deployment Mode................................................................................................................................... 186
3.3 Two-Node Cluster Deployment Mode........................................................................................................................188
4 Networking Mode..................................................................................................................... 191

4.1 eSight and NE Networking.........................................................................................................................................192
4.2 eSight and OSS Integration........................................................................................................................................ 194
4.3 Hierarchical Deployment Mode................................................................................................................................. 195
5 Configuration............................................................................................................................. 196
5.1 Software Configuration Requirements....................................................................................................................... 197
5.2 Hardware Configuration Requirements......................................................................................................................199
5.3 Client Configuration Requirements............................................................................................................................212
5.4 Network Bandwidth Requirements............................................................................................................................ 213
6 Technical Counters....................................................................................................................215
7 Standard and Protocol Compliance....................................................................................... 216
A Glossary......................................................................................................................................217
Issue 01 (2016-04-30) Huawei Proprietary and Confidential vi

eSight
Product Description 1 Product Positioning and Features
1 Product Positioning and Features
About This Chapter
1.1 Positioning
1.2 Features
Issue 01 (2016-04-30) Huawei Proprietary and Confidential 1

eSight
1.1 Positioning
The eSight system is a new-generation comprehensive operation and maintenance solution
developed by Huawei for the network infrastructure, unified communications, telepresence
conferencing, video surveillance, and data center in enterprises. eSight supports unified
monitoring and configuration management over devices of various types and from various
vendors, monitors and analyzes network and service quality, and delivers unified management
over and association analysis among enterprise resources, services, and users. Meanwhile,
eSight offers a flexible and open platform for enterprises to customize software development
and build an intelligent management system tailored to individual needs.
1.2 Features
Lightweight and Web-Based Client
The B/S architecture allows you to access eSight anywhere and anytime using a standard web
browser. Only the server software needs to be updated during system upgrade or maintenance,
reducing the costs and workload involved in system maintenance and upgrades, and therefore
lowering customers' total cost of operation (TCO).
The B/S architecture also has the advantages of the distributed feature, you can perform
operations like querying and browsing anywhere anytime.
Supporting Various Operating Systems and Databases

eSight can be installed on the Windows and SUSE Linux operating systems and supports
Oracle, MySQL, and SQL Server databases.
Large-Scale Management Capabilities

eSight manages a maximum of 20000 NEs and supports a maximum of 100 online clients.
Comprehensive Device Management Capabilities

eSight can manage:
l Huawei devices: switch, router, unified communications (UC) device, telepresence
device, video surveillance device, server, and storage device
l Third-party devices: devices from H3C, Cisco, and ZTE; and IT devices from IBM, HP,
and SUN
eSight pre-configures the capabilities to manage mainstream devices from H3C, Cisco, and
ZTE. eSight allows users to flexibly customize management capabilities for third-party
devices that are not pre-configured with the capabilities:
l Third-party devices that support standard MIB (RFC1213-MIB, Entity-MIB, SNMPv2-
MIB, and IF-MIB): eSight allows users to set custom parameters so that these devices
can be managed in the same way as third-party devices with pre-configured management
capabilities.
l Third-party devices that do not support standard MIB: eSight manages these devices
through network element (NE) adaptation packages.

eSight
Southbound Interfaces
eSight supports the SNMP, Telnet/sTelnet, FTP/SFTP/FTPS, TR069, Huawei MML, SMI-S,
Modbus southbound and HTTPS interfaces.
Type Description
SNMP The SNMP interfaces help achieve basic management functions such as
interfaces automatic NE discovery, service configuration data synchronization, fault
management, and performance management.
Telnet/STelnet Telnet and Secure Shell Telnet (STelnet) interfaces are basic NE
interfaces management interfaces used for remote NE login and management.
NOTE
The Telnet protocol transfers communication data in plaintext, which is risky. You
are advised to use it together with other secure protocols such as SSH.
TFTP/FTP/ FTP, SFTP, and FTPS interfaces are used to back up NE data.
SFTP/FTPS NOTE
interfaces FTP is an insecure protocol. SFTP and FTPS are recommended because they are
secure.
TR-069 Technical Report 069 (TR-069) is used to connect to terminals such as IP

Interface phones, EGWs, SBCs and eLTE terminals.
MML Interface Man-Machine Language (MML) interface is used to accept the

performance and alarm data of wireless base stations and core network
devices.
SMI-S The eSight supports storage device access and management through
Interface standard SMI-S interface, providing resource monitoring, performance
analysis, and fault monitoring of storage devices.
Modbus The Modbus protocol allows controllers from different vendors to form
Interface industrial networks and support centralized monitoring.
HTTPS eSight obtains host, server CPU, memory, network port rate, and disk
Interface usage information through the HTTPS protocol, to support host and
server management.
Multiple Editions Catering for Differentiated Needs

To serve enterprise customers with different needs, eSight System is classified into Compact,
Standard, and Professional editions, as described in the following table.
Edition Management Function

Capability
eSight Compact 40 network This edition provides only simple management

(network device) devices functions for network devices. It neither provides
additional components nor supports service
expansion.

eSight
Edition Management Function

Capability
eSight Compact 100 rack servers This edition provides only simple management
(server) and 5 frame functions for servers, including device
blade servers management, configuration deployment, and
stateless computing. It neither provides additional
components nor support service expansion.
eSight Standard 5000 NEs This edition manages a wide array of network
devices and supports various service components
that can be selected based on the site
requirements.
eSight 20000 NEs In addition to providing all functions of the

Professional Standard Edition, This edition provides enhanced
management capabilities and supports
hierarchical network management.
Multiple Service Management Components

Depending on the component-based design, eSight offers a diversity of components for users
to choose. The following figure shows the eSight component-based architecture.
Independent NE Adaptation Capability

eSight provides an extension point mechanism, which allows incremental development of
functions and NE version adaptation packages. New functions and NE adaptation packages
can be added without changing code in earlier release packages. The modular Open Services
Gateway initiative (OSGi)-based framework enables service components to be upgraded and
patched independently.

eSight
To add new functions, develop new function plug-in packages and deploy them in eSight. To
manage new devices, simply add new NE adaptation packages. Function plug-in packages
and NE adaptation packages are deployed in the eSight OSGi container as bundles (plug-ins).
System Reliability
In order to improve system reliability, eSight supports automatic restart when a process
exception occurs, and supports data backup and restore.
l Automatic Restart when Exception
The maintenance tool can monitor eSight processes. When the maintenance tool detects
that these processes are unexpectedly terminated, the maintenance tool automatically
restarts the eSight processes, which keeps the system running properly in unattended
mode and reduces the fault recovery time.
l Data Backup and Restore
The eSight supports automatic and manual data backup and restore. The eSight can
automatically back up data in a preset backup period. Alternatively, users can manually
back up data any time. Users can save the backup data to an external device. The restore
mechanism allows users to restore the system using the latest backup data if the system
breaks down or an upgrade fails.
Security
The eSight provides security mechanisms in terms of system, network, data, and operation
and maintenance.
Security Description Security Policies

Mechani
sms
System The system security l Patch policies

security mechanism ensures that l Security hardening policies
the operating system,
database, and l Password policies
middleware are running l Authentication and authorization
properly to support l Data encryption
normal application
operation. l Security logs
l Minimum permission rule
l File property management
Network The network security l Routers are deployed to separate local area
security mechanism ensures that networks from external networks, enhancing
the switches, routers, data communication security.
and firewalls are l A network firewall is configured for the eSight,
running properly. ensuring network security.
l Rights accessible to external systems are
controlled and managed.

eSight
Security Description Security Policies

Mechani
sms
Data The data security l Encryption policies define encrypted storage

security mechanism ensures and transmission of sensitive data.
storage, transmission, l User management policies specify minimum
and management authorization.
security of user
information, system l Backup and restore policies ensure important
configuration data backup.
information, run l Data storage security supports switchover of the
operations, and HA system to recover system running in a
database data. timely manner.
Operation The operation and l Access mechanism by group and permission

and maintenance security l Access control policies: Access control policies
maintenan mechanism provides include password policies, login lock and
ce security security for users, unlock, and authentication policies.
applications, and audits.
l Log audit: Logs consist of security logs,
operation logs, and system logs.
l Automatic client logout mechanism.
l Application security mechanism: The eSight
provides password and identity authentication.
The system encrypts and stores sensitive user
information using a strong data encryption
algorithm. The system assigns a password to
each user, and verifies the user password when
providing services. This ensures user
information security.
Scalable Architecture
The eSight provides a scalable architecture to expand the management capacity by adding
servers. This architecture allows old hardware to be used to expand a live network, which
ensures smooth expansion with the existing investment.
Integration Capability
The eSight is based on open buses, open interfaces, and information modeling. It supports
heterogeneous system integration and can be quickly interconnected with a third-party
system. eSight can provide alarm, performance, link, and resource information to upper-layer
operations support systems (OSSs) through northbound interfaces.

eSight
Product Description 2 Functions and Features
2 Functions and Features
About This Chapter
2.1 eSight Platform

2.2 Network Device and Service Management
2.3 Unified Communications & Collaborations Management
2.4 Server Management
2.5 Storage Management
2.6 Host Management
2.7 Computing Virtualization Management
2.8 MicroDC Management
2.9 Infrastructure Management
2.10 eLTE Management
eSight offers the following eLTE device management functions: CPE management, eNodeB
management, eCNS management and service channel diagnosis.
2.11 Application Management

eSight
2.1 eSight Platform
2.1.1 Security Management

Security management controls the security of eSight itself. Security management includes
user management, role management (authorization management, that is, rights- and domain-
based management), user login management, and a series of other security policies. These
functions together safeguard the eSight. The security solution of the eSight is further
improved by log management (recording user login, operation, and system logs) and database
backup.
Figure 2-1 shows the implementation mechanism of eSight security management.
Figure 2-1 Security management overview
NOTE
This section focuses on eSight user security.

l For details about log management, see section 2.1.2 Log Management.
l For details about database backup and restore, see section 2.1.9 Maintenance Tool.
User Management
eSight provides the following user management functions:
l Creating and deleting users

eSight
A newly installed eSight provides only one default user admin who has all operation and
management rights. Other users are directly or indirectly created by the admin user.
Users can be created one by one or in batches
l Querying and modifying user attributes
User attributes include the user name, password, roles, description, and access control.
– To successfully log in to an eSight client and perform maintenance and
management operations, users must obtain a correct user name and password.
– User passwords are stored in the database and encrypted using SHA256, an
irreversible encryption algorithm.
– User passwords can be reset by the administrator or be changed.
NOTE
The password for the admin user cannot be reset.

– Users in different roles have different operation and management rights.
– Access control limits the time and IP addresses available for users to log in to the
eSight, which ensures eSight access security.
l Enabling and disabling users
A user account is automatically disabled if it is unused within the period specified in the
account policy. The user account can also be manually disabled if it is not needed.
A disabled user account can be enabled if needed.
Role Management (Rights- and Domain-based Management)

Each role is a set of rights. If a user needs certain rights, the corresponding role must be
granted to it. Role management makes user rights management easier. After an eSight user is
planned, a role needs to be granted to it so that the new user has sufficient rights to manage
devices.
Roles can be created, modified, and deleted on the eSight. Their attributes can be queried.
The eSight provides one default role Administrators who has operation rights for all
managed objects (MOs) and cannot be modified.
Role attributes include the role name, user, MO, operation, and description.
l MO: This attribute specifies the objects and range of configuration data that can be
managed by a role. If role A cannot manage device C or object group D, the topology
view hides device C and devices in object group D from users in role A.
An object group is a group of devices. Object groups can be created, modified, and
deleted on the eSight.
l Operation: This attribute specifies the operations that can be performed by a role.
Operation rights for a device may be assigned to different roles. Therefore, different
roles have different operation rights for the same device.
The eSight achieves rights- and domain-based management by providing the MO and
operation attributes:
l Domain-based management is the operation of assigning different MOs to different
roles. This function allows engineers from different O&M departments to manage
different network objects.
l Rights-based management is the operation of assigning different operations to different
roles.

eSight
Rights-based management and domain-based management together allow engineers with

different duties (at different positions or from different O&M departments) to perform
different operations on MOs in the same area. Users can perform operations only on the
NEs they have rights for.
NOTE
Users in the Administrators role or with the user management rights can assign MOs and
operations to other users.
Rights- and domain-based management unifies device and function management. Specifically,
MOs are assigned based on devices; operation rights are assigned based on functions on
devices.
User Authentication
The eSight uses three modes to authenticate users: local authentication, Remote
Authentication Dial In User Service (RADIUS) authentication, and Lightweight Directory
Access Protocol (LDAP) authentication.
l Local authentication: User management, authentication, and security policies are all
controlled by the eSight server. The eSight uses this mode by default. For details about
this mode, see the "Local Authentication" section.
l RADIUS authentication: When a user logs in, the eSight verifies and authenticates the
login request through the RADIUS server, finds the role of the user based on the user
group obtained from the RADIUS server, and authorizes the user. For details about this
mode, see the "RADIUS Authentication" section.
l LDAP authentication: When a user logs in, the eSight verifies and authenticates the login
request through the LDAP server, finds the role of the user based on the user group
obtained from the LDAP server, and authorizes the user. LDAP authentication is similar
to RADIUS authentication except that the two modes use different authentication
protocols. For details about this mode, see the "LDAP Authentication" section.
Local Authentication
In the local authentication mode, user security management ensures the security of the eSight
on multiple levels, including the local user management, rights management, password policy,
account policy, login control, and automatic client logout. Password and account policies,
after being configured, take effect on all eSight users.
l Password policy
– Minimum password length (8 characters by default)
– Maximum attempts to enter the password the same as old passwords (3 attempts by
default)
– Maximum number of occurrences of a character in a password (3 times by default)
– Minimum time interval between password change attempts (5 minutes by default)
– At least one special character in a password (not limited by default)
– Password validity period, including the number of days (90 days by default) within
which a password is valid and the time (7 days by default) when the eSight sends a
warning before a password expires
l Account policy
– Minimum length of a user name (6 characters by default)

eSight
– Account invalidation: the number of days (60 days by default) within which an
account is inactive
– Account locking: the maximum number of failed login attempts (5 attempts by
default) within a certain period (10 minutes by default) before an account is
automatically locked (for 30 minutes by default)
l Login control
Login control includes time and IP address control.
– Time control specifies the time during which users can log in. Users cannot log in to
the eSight beyond the specified time.
– IP address control specifies the IP addresses that the eSight clients can use to log in
to the eSight server. IP address control prevents those who steal user names and
passwords from logging in to the eSight server and therefore further enhances the
eSight security.
l Automatic client logout
To prevent other users from performing unauthorized operations, the eSight allows users
to set the client to be automatically logged out. If a user does not perform any operations
within a specified period of time, the client is automatically logged out.
RADIUS Authentication
When RADIUS authentication is adopted, the administrator does not need to create a user
account on the eSight in advance. The user account for logging in to the eSight is an existing
account that can pass the authentication of the RADIUS server.
When a user enters the user name and password, the security process of the eSight server
sends the user name and password to the RADIUS server. If the user is authenticated by the
RADIUS server, the security process obtains the user group of the user from the RADIUS
server, finds the matched role on the eSight, and authorizes the user.
NOTE
Before using the RADIUS authentication mode, ensure that the name of the role defined on the eSight is
the same as that defined in the account database of the RADIUS server. In addition, ensure that the
account to be authorized is added to a user group.
For the RADIUS authentication process, see Figure 2-2.

eSight
Figure 2-2 RADIUS authentication
LDAP Authentication
As a distributed client/server system protocol, LDAP is used in the VPN and WAN to control
user access to the network and prevent unauthorized users from accessing the networks.
The LDAP authentication mode is similar to the RADIUS authentication mode, but they have
different authentication protocols. The LDAP authentication mode supports the following
features that are not supported by RADIUS authentication:
l Common mode (encryption-free), secure sockets layer (SSL) mode, and transport layer
security (TLS) mode for communication between the eSight and LDAP servers.
l Multiple LDAP authentication servers.
For the LDAP authentication process, see Figure 2-3.

eSight
Figure 2-3 LDAP authentication
Online User Management

The eSight has the following online user management functions:
l Querying online users

Online user information can be queried, including the user name, login time, and login IP
address.
l Logging out of users
When viewing online users, you can force an unauthorized user to log out. This prevents
the unauthorized user from performing unauthorized operations on the eSightclient.
l Switching the user login mode
The user login mode specifies whether to allow multiple users to log in to the eSight
client concurrently. The multi-user mode is used in most cases. The single-user mode is
used to prevent interference from other users when a user needs to perform special
operations on the eSight server.
– In single user mode, the eSight allows only the current user to log in to the eSight
client, and other all online users are forcibly logged out.
– After the current user exits the single user mode, other users can log in to the client
again.
2.1.2 Log Management

eSight logs record important user operations. You can view the log list or details about a log,
or export operation logs, operation logs, or system logs. The eSight provides information
about logs with three levels (warning, minor, and critical).

eSight
Security Log
Security logs record the security operations that are performed on the eSight client, such as
logging in to the server, changing passwords, creating users, and logging out of the server.
You can query security logs to understand the information about eSight security operations.
System Log
System logs record the events that occur on the eSight. For example, the eSight runs
abnormally, the network is faulty, and the eSight is attacked. System logs help analyze the
operating status of the eSight and rectify faults.
You can query system logs to understand the information about eSight system operations.
Operation Log
Operation logs record the operations that are performed on the eSight, such as adding a
monitoring view and modifying the resource manager.
You can query operation logs to understand the information about user operations.
2.1.3 Resource Management

Resource management involves adding NEs and subnets, and managing NEs and subnets.
Adding NEs
l Auto Discovery for NEs:sets the eSight to automatically discover NEs. You can set the
eSight to automatically search for NEs in a specified network segment and adds the
found NEs.
eSight supports SNMP, UC-SNMP, UC-TR069, UC-TCP, ICMP, SMI-S, TLV, and REST
protocols.
l Adding a single NE: This mode applies to the scenario in which you want to add a few
NEs with IP addresses and protocols available.
l Exporting NEs: You can record NE information to an .xls file and export the NEs to the
eSight. This mode improves work efficiency for adding a large number of NEs.
Managing NEs or Subnets

NE or subnet management includes the following functions:
l Searches for NEs or subnets.
You can search for NEs or subnets by setting search criteria.
l Creates, modifies, or deletes subnets.
– You can group NEs into subnets based on the user-defined logic.
– You need to modify the attributes of a subnet if the subnet information changes.
– You can delete the subnets that do not need to be managed by the eSight.
l Views subnet information.
You can view the basic information about a subnet.
l Views NEs information.

eSight
You can view the basic information and protocol information about an NE.
l Adjusts the relationships between NEs and subnets or between subnets.
You can adjust the relationships between NEs and subnets or between subnets if the
network structure changes.
Group Management
Creating a Group
You can create a group and add NEs in different subnets to the group, which is considered as
one object. You can assign the object (a group of NEs) to a user, which achieves NE
assignment in batches.
l Viewing groups
You can learn group details.
l Modifying groups
You can modify groups to meet management requirements.
l Deleting groups
You can delete groups that are not required by the system.
Device Resources
l You can search for device resources based on the network service classification, such as
network devices, storage devices, unified communication devices, hosts and eLTE
devices.
l You can perform service operations for a single device or devices in batches, such as
deleting, setting protocol parameters, synchronizing devices, or moving to another
subnet.
l By default, devices under a single subnet can be managed. With configuration, devices
under multiple subnets can be managed.
l By default, management clients under a single subnet can log in to eSight. With
configuration, management clients under multiple subnets can be log in to eSight.
2.1.4 Alarm Management

When an exception occurs on a network, the eSight needs to notify maintenance engineers in
a timely manner so that they can recover the network quickly.
The eSight has the following alarm management functions:
l Monitoring network-wide alarms and remotely sending alarm notifications.

The eSight informs maintenance engineers of faults immediately after the faults occur,
ensuring troubleshooting in a timely manner.
l Masking alarms, and providing the alarm maintenance experience base.
These functions improve alarm handling accuracy and efficiency.
l Synchronizing alarms, which ensures reliable alarm management.
l Providing customized functions such as alarm filter and alarm severity redefinition to
meet requirements in various scenarios.

eSight
Alarm Severity
There are four alarm severities: critical, major, minor, and warning, as shown in Table 2-1.
You can take different measures for different severities of alarms.
Table 2-1 Alarm severities

Alarm Severity Description
Critical An alarm severity that indicates a severe resource problem disrupting

or severely impeding normal use.
Major An alarm severity that indicates the possibility of some service-related

problems with the resource. The severity of the problem is relatively
high and the normal use of the resource is likely to be impaired.
Minor An alarm severity that indicates the problems without affecting

services. The problems of this severity may result serious faults, and
therefore you need to take some corrective actions.
Warning An alarm severity that indicates a condition exists that could

potentially cause a problem with the resource.
Alarm Status
l Alarm acknowledgment and clearance.
– Alarm acknowledgment: A user has tracked or handled an alarm.
– Alarm clearance: When the fault triggering an alarm is rectified, the device
recovers. The alarm status changes to cleared.
l Alarm status classification
Alarms can be classified into different status based on whether the alarms are cleared or
acknowledged. Table 2-2 describes the four alarm status.
Table 2-2 Alarm status

Alarm Type Alarm Status
Current Alarms Unacknowledged and uncleared
Acknowledged and uncleared
Unacknowledged and cleared
Historical Alarms Acknowledged and cleared
l Status Change
Table 2-3 describes the alarm status change description.

eSight
Table 2-3 Status change
Status Change Type Description
Clearance status change If the condition that generated the alarm disappears, and
the device becomes normal, the device reports a clear
alarm and the alarm status is changed from uncleared to
cleared.
Acknowledgment status The acknowledged alarms refer to alarms that have

change already been handled, or will be handled. When the
alarm is acknowledged, the alarm is changed from
unacknowledged to acknowledged.
If you want to have concerns over the acknowledged
alarm again, you can unacknowledge the alarm. When
the alarm is unacknowledged, the alarm is changed from
acknowledged to unacknowledged.
Figure 2-4 shows the relationship between alarm status.
Figure 2-4 Alarm status relationship
Faults, Alarms and Events

l Faults and alarms
An alarm is a message reported when a fault is detected. Not all faults result in alarms.
Only the faults that the system can detect result in alarms. The others do not result in
alarms, but they still persist.
l Alarms and events
– Similarity: Both alarms and events are the presence of anything that takes place on
the managed object detected by the eSight.
– Difference: An alarm is a message reported when a fault is detected by eSight. An
event is anything that takes place on a managed objects. When an alarm is
generated, you need to troubleshoot the fault. Otherwise, the services may run
abnormally. If an event occurs, the managed object has changes but the service may
not be affected.

eSight
Alarm Reporting and Handling Flowchart

Figure 2-5 shows the alarm reporting and handling flowchart of the eSight.
Figure 2-5 Alarm reporting and handling flowchart
The following sections describe eSight alarm functions based on the flowchart.
Alarm Synchronization
After generating an alarm, a device reports the alarm to the eSight within less than 10s and the
eSight then displays the alarm in the alarm list. After communication between the eSight and
an NE recovers from an interruption, or the eSight is restarted, some alarms on the NE are not
reported to the eSight. The NE alarms on the eSight are different from the actual alarms on
the NE. In the case, you need to synchronize alarms to ensures that the eSight displays the
current operating status of the NE correctly.
Alarms are synchronized according to the following rules:
l If an alarm is cleared from an NE but remains uncleared on the eSight, the alarm will be
cleared from the eSight.
l If an alarm is present on an NE but absent on the eSight, the alarm will be added to the
eSight.
Alarm Severity Redefinition

The eSight allows users to redefine (increase or reduce) the severities of some device alarms
based on their actual concerns.
Alarm Masking
l Users can set alarm masking rules to mask unimportant alarms. Alarm masking rules
include the date, time, alarm source, and alarm name.
l While an NE is being repaired, tested, or deployed, the NE may report a large number of
alarms which can be ignored. In this case, you need to mask these alarms so that the
eSight neither displays nor saves them.
Network-Wide Alarm Monitoring

In traditional domain-based maintenance, cross-domain faults are manually handled, which is
inefficient. The eSight provides the network-wide alarm monitoring function that enables
users to learn the running status of the entire network. The eSight also provides the template-

eSight
based alarm filter function. Specifically, the eSight allows users to set alarm filter templates
with common filter criteria such as the location, type, and network layer of devices that
generate alarms. The templates facilitate alarm queries.
On the eSight, users can monitor alarms by severity or device.
l By severity: Users can monitor network-wide alarms of each severity. For details, see the
"Alarm Monitoring by Severity" section.
l By device: Users can view alarms of network-wide devices. For example, a user can
view all current alarms of a device or a type of device. For details, see the "Alarm
Monitoring by Device" section.
Alarm Monitoring by Severity

Alarms can be monitored by severity on the alarm panel and in the current-alarm list and by
alarm sound. Figure 2-6 shows the alarm panel.
Figure 2-6 Alarm board
Table 2-4 Alarm monitoring by severity

Function Description
Alarm panel The alarm panel displays the total number of current alarms of
each severity on an MO. It provides an overall view of system
faults and can serve as the monitoring board.
Alarm sound Users can specify sounds for alarms of different severities. After
an alarm is generated, the sound box on an eSight client plays the
specified sound.
Current-alarm list Users can set filter criteria and enter keywords to search for alarms
that have not been acknowledged or cleared.
Figure 2-7 shows the Current Alarms page.
Figure 2-7 Current Alarms

eSight
Table 2-5 lists the functions on the Current Alarms page, which are marked by numbers in
Figure 2-7.
Table 2-5 Functions on the Current Alarms page

No. Function Description
1 The following global operation buttons in this area take effect on all selected
alarms:
l Lock/Unlock
Users can click Lock or Unlock to specify whether newly generated alarms
are added to the current-alarm list. In the lock state, newly generated alarms
are not added to the current-alarm list; acknowledged and cleared alarms are
not added to the historical-alarm list before the current-alarm list is unlocked.
l Export
Users can click Export to export alarm information, which helps diagnose
faults and back up data.
l Acknowledge
Users can click Acknowledge to acknowledge alarms. Acknowledged alarms
can be ignored by other users.
l Clear
Users can click Clear to manually clear the alarms that cannot be
automatically cleared or do not exist on devices.
l Remark
Users can click Remark to enter information, for example, alarm handling
progress and status.
2 Users can select or set filter criteria to browse desired current alarms.
The eSight provides the following six default filter criteria:
l Alarm alarms
l Unacknowledged critical alarms
l Unacknowledged major alarms
l Uncleared critical alarms
l Uncleared major alarms
l Alarms generated during the past 24 hours.
Users can set desired filter criteria in the Selected area.
3 Users can customize the columns to be displayed in the alarm list.
4 Users can locate the object that generates an alarm in the topology view.
5 Users can perform other operations on an alarm, for example, setting alarm
masking rules and redefining alarm severities.
Alarm Monitoring by Device

Users can view alarms of network-wide devices. For example, a user can view all current
alarms of a device or a type of device. In the topology view, the device icons are color-coded
by the highest severity of alarms generated on the devices.

eSight
Remote Alarm Notification

Users can set rules for sending remote alarm or event notifications. After alarms or events that
match the rules are generated, the eSight sends them to specified recipients by short message
or email. This helps remote maintenance personnel learn the alarms or events in a timely
manner and take appropriate measures.
Users can customize the required notification template and recipient groups.
Alarm Analysis
By querying and analyzing historical alarms and events and masked alarms, users can learn
the alarm status of a device and improve device performance accordingly. The eSight can
collect alarm statistics based on the statistical conditions that are set by users. The statistical
conditions include the subnet or device, alarm or event name, first generation time, and alarm
severity. Users can use some of these conditions to collect alarm statistics.
Alarm Handling
l Viewing alarm details
Users can click a current, historical, or masked alarm in the alarm list to view the alarm
details in the Alarm Details dialog box. Alarm details include the alarm name, handling
suggestions, and location information.
l Acknowledging and clearing alarms
Figure 2-7 show the buttons for acknowledging and clearing alarms.
l Adding alarm maintenance experience
In the Alarm Details dialog box, users can add alarm maintenance experience for
maintenance personnel to refer to when they handle the same alarm in the future.
2.1.5 Performance Management

The performance of a network may deteriorate because of internal or external factors and
faults may occur. To achieve good network performance for live networks and future
networks while controlling costs, network planning and monitoring are necessary. In addition,
network efficiency such as throughput rate and resource usage needs to be measured. The
performance management function enables you to detect the deteriorating tendency in
advance and solve the potential threats so that faults can be prevented.
Performance Management Process

The eSight uses a graphical user interface (GUI) to monitor key network indicators and
display statistics on the collected performance data, as shown in Figure 2-8

eSight
Figure 2-8 Performance management process
eSight performance management includes an impressive array of functions, including counter

template management, collection task management, historical performance data query, real-
time performance data query, and performance counter collection status monitoring. The
following describes performance management modules.
Counter Template Management

Devices of the same type have the same counter attributes that can be specified in a counter
template. The counter template can be directly loaded to quickly set collection counters for
specified devices when you create a performance collection task.
The eSight offers the following counter template management functions:
l Add, delete, or modify counter templates.

l Set counters in counter templates (performance data to collect).
l Specify performance counter thresholds in counter templates. If a counter has met
threshold conditions for several consecutive times, an alarm is generated. You can
monitor the performance of specified resources through alarms.
Thresholds include the upper and lower limits for triggering and clearance. Threshold
alarms are classified into upper limit alarms and lower limit alarms.
Collection Task Management

The eSight allows you to manage performance data collection tasks. Collection tasks define
the devices and counters to collect performance data. After the counter data about a device is
collected, you can view historical performance data about the device.
By default, the eSight offers the following global collection tasks to collect performance data
about network-wide devices:
l Connect Status Monitor

l CPU Usage Monitor

eSight
l Memory Usage Monitor

l Packet Loss Rate Monitor
l Port Usage Monitor
l Response Time Monitor
You can customize the following information about global collection tasks:
l Start or stop a collection task.
l Change the collection interval.
l Check the counter collection status of devices.
The eSight also offers the following performance task management functions:
l Add, delete, start, stop, and modify performance collection tasks.
l View the counter collection status.
Performance Counter Collection Status Monitoring

After a performance collection task is created, you can regularly monitor the performance
counter collection status to rectify collection faults in a timely manner and ensure that the
collection task collects correct data for your query and analysis.
The eSight allows you to monitor the performance counter collection status by resource type
and collection task.
On the page where performance counter data is displayed, you can also view historical
performance data and check statistical diagrams about historical data.

eSight
Querying Real-Time Performance Data

You can query real-time performance data to monitor the running status of devices, which
enables you to take prompt measures in response to exceptions. For example, when a
threshold alarm (such as high CPU usage) is reported, you can check the real-time
performance data and determine whether an exception occurred.
The eSight displays real-time data in curve graphs.
l You can query real-time performance data by specifying search criteria.
l You can export query results as .csv files.
l This can be saved to the favorites folder. Users can directly perform real-time monitoring
after accessing the favorites folder.
Querying Historical Performance Data

After the eSight collects device performance data, you can query historical performance data
by counter and resource on the eSight client, which helps you keep abreast of the performance
trend and prevent fault occurrence.

eSight
Users can modify indicators on the historical data page. Users can drag the time slider to
change the time range of the curve in the chart. Users can also change the page layout and set
the quantity of columns (1, 2, or 3) to be displayed on the page.
Users can save indicator and layout configurations to the favorites folder, from which users
can directly display historical curves of specific indicators without entering the overview
page.
My Favorites
You can organize and manage your concerned data through the My Favorites function.
Overview data, historical performance data, and real-time performance data can be saved to
my favorites.
2.1.6 Topology Management

Topology management involves creating and managing the topology of the entire network.
You can learn about the operating status of the entire network based on the colors and status
of the NE icons in the physical view.

eSight
Table 2-6 Terms in topology management
Term Description
NE Core unit of topology management, which is used to identify managed devices. In

a topology view, different icons indicate different types of NEs.
Subnet Smaller networks divided from a large network based on the region or device type
to simplify network management.
Link Physical or logical connection between devices.
Figure 2-9 Topology Management page
Managing Topology Objects

Topology objects include subnets, physical NEs, virtual NEs, links, and subordinate
resources.
l Create or delete a virtual NE

Virtual NEs are those that cannot be managed by the eSight on the entire network.
– Adding virtual NEs to the physical view helps you understand the operating status
of the entire network.
– You can delete unused virtual NEs from the physical view when the network
structure changes.
l Create or delete a virtual link
Virtual links do not actually exist on the network. They represent logical relationships
between topology objects.
– By creating virtual links, you can learn about the relationships between topology
objects.
– You can delete unused links from the physical view when the network structure
changes.

eSight
l Delete a subnet
You can delete a subnet that does not need to be managed by the eSight.
Adjusting the Physical View

Physical view adjustment includes the following functions:
l Adjust the relationship between an NE and a subnet
When the network structure changes, you need to adjust the positions of NEs or subnets
in the topology view to update the relationships between the subnets or NEs and other
topology objects. Adjusting the relationship between an NE and a subnet involves:
– Adjusts the positions of NEs or subnets in the physical view
– Adjusts the relationships between NEs and subnets
– Adjusts the relationship between subnets
l Set the topology background
You can set a background based on the layout of topology objects. The background helps
you understand the positions of the topology objects.
l Rearrange topology objects in a physical view
The eSight allows users to arrange topology objects in the following ways:
– Round: Topology objects are arranged in a loop.
– Symmetry: Topology objects are symmetrically arranged.
– Star: Topology objects are arranged in the form of a star.
– From Top to Bottom: Topology objects are arranged from top to bottom.
Browsing the Physical View

l Searches for a topology object
You can use the search function to quickly locate an object, such as an NE, a link, or a
subnet.
l Zooms in or out on the physical view
You can zoom in or zoom out on the physical view, restore the physical view to its initial
state, and make the physical view fit into the screen or display the physical view in full
screen.
l Views the physical view in full screen or aerial view
You can view the physical view in full screen or in aerial view. The aerial view helps you
browse the entire physical view and locate the area displayed in the topology window.
l Prints, exports, or saves the physical view
l Sets a device label
The device label information includes the name, IP address and system name of a device.
Monitoring the Network Running Status in the Physical View

By monitoring the network running status in the physical view, you can:
l Monitor the NE alarm status
The NE running status can be presented by rendering the NE icons. When an NE
becomes faulty, the NE icon color changes to map the alarm severity.

eSight
l Monitoring the NE connection status

The NE connection status can be presented by rendering the NE icons. When an NE
becomes offline, the NE icon color changes to gray.
l Monitoring the alarm status of the device set on a subnet
The device set running status on a subnet can be presented by rendering the subnet icon.
When devices on the subnet become faulty, the subnet icon color changes to map the
highest alarm severity of the device on the subnet.
l Monitoring the connection status of a device set on a subnet
The device set connection status on a subnet can be presented by rendering the subnet
icon. When a device on the subnet becomes offline, the subnet icon color changes to
gray.
2.1.7 View Display on Home Pages

The eSight can use portlets on home pages to display key device data. This helps you monitor
device status, detect abnormal devices, and handle faults in a timely manner, which ensures
proper device running.
Home Page Management

l Creating a home page
The eSight provides only one default home page. You can create multiple home pages
and display portlet views that you concern on different home pages by type.
l Modifying a home page name
You can modify a home page name to re-identify the home page.
l Displaying a home page on the top
You can display a home page that you concern on the top.
l Deleting a home page
You can delete redundant home pages.
Portlet Management
Portlets are views that display devices and network-wide device status in lists, curves, and bar
charts. Portlets are displayed in areas of a home page.
l Creating a user-defined portlet
You can integrate third-party interfaces to the eSight home page to monitor them.
l Displaying and hiding a portlet
You can display only the portlets that you concern on a home page and hide those that
you do not concern.
l Manually updating portlet data or setting the period for updating portlet data
You can update monitoring data in real time.
l Zooming in on and zooming out of a portlet
You can zoom in on and out of a portlet as required.
2.1.8 Big Screen Monitoring

In the scenarios such as operation and maintenance (O&M) centers and exhibition halls,
information such as topologies, alarms, and performance is displayed in big screens. The big

eSight
screens and the high resolution meet user requirements and facilitate centralized monitoring,
presentation, and reporting.
l The screen layout (number of horizontal screens x number of vertical screens, for
example, 2 x 2) can be set.
l The resolution (horizontal pixel x vertical pixel, for example, 1680 x 1050) of each
screen can be set.
l Big screen monitoring views can be created.
l Monitoring views can be displayed in a big screen.
2.1.9 Maintenance Tool

The maintenance tool allows you to manage the eSight server and its databases and processes.
You can monitor the running status of the eSight server and identify exceptions in a timely
manner, which ensures normal running of the eSight server.
Monitoring the System

l View the status of all products managed by the maintenance tool.
l View the distributed deployment of a product.
l Start or stop a product.
l Start or stop a process.
Managing the eSight Server

l Views the basic server information.
l Views process information.
l Monitoring the thresholds of server resource usage
You can use the maintenance tool to monitor the CPU usage, memory usage, disk usage,
and database usage of the eSight server. When the usage reaches its threshold, the
maintenance tool reports an alarm to the eSight.
Managing the Database

l Monitoring the database
You can monitor the database status of the eSight server to view the information such as
the database name, server name, and database status.
l Changing a database user password
Changing database user passwords regularly can ensure data security.
– Changes the password of a Database Administrators.
NOTE
Administrator names vary with databases. The administrators for different databases are as
follows:
root: MySQL database administrator
sa: SQL Server database administrator
system: Oracle database administrator
– Changes the password of a NMS database user commonuser.

eSight
Managing the HA System

l Connecting the primary server to the secondary server
After the eSight is installed at the primary and secondary servers, you can use the
maintenance tool to connect the primary server to the secondary server.
l Forcibly making a server become the primary server
When the HA system is in the recovery state, you can use the maintenance tool to
forcibly make one server become the primary server to ensure proper running of the HA
system.
l Disconnecting the primary server to the secondary server
When you need to uninstall the eSight or do not need the HA system, you can use the
maintenance tool to disconnect the primary server from the secondary server.
Backup and Restore

You can customize backup policies, or back up and restore data manually. The backups
include configuration files and database data.
Managing the Maintenance Tool

l Changes the maintenance tool user password.
Regularly changing the password of the sys user helps improve security of user
information.
l Queries the operation logs of the maintenance tool.
The operations that the sys user performs on the maintenance tool client are recorded, for
example, starting and stopping the eSight and changing user passwords.
NOTE
The maintenance tool can record a maximum of 20000 operation logs. When there are more than
20000 operation logs, the maintenance tool automatically deletes the earliest 1000 logs.
2.1.10 Lower-Layer NMSs

eSight allows you to divide a network into several layers and manage NEs on the network by
layer. Links of lower-layer NMSs are displayed on the eSight home page. You can click a link
to access the lower-layer NMS management page and check alarms, performance counters,
reports, and the network topology on a lower-layer NMS.
The following lower-layer NMS management functions are provided:
l On the lower-layer NMS management page, you can add, delete, and modify lower-layer
NMSs and manually check the connections between eSight and lower-layer NMSs.
l On the Portal for lower-layer NMSs, you can monitor the connections in real time and
click a link to access a lower-layer NMS.
2.1.11 License Management

License refers to the permission that the vendor grants for users with the eSight management
capacity, number of connected clients, and duration. License management involves querying
license information, obtaining an ESN, revoking a license, importing a license, and sending
license alarms.
The eSight has the following license management functions:

eSight
Querying License Information

You can query the license authorization and consumption information about the eSight client.
Obtaining an ESN
You can obtain an ESN from the eSight client. The ESN is required when you apply for a new
license.
Revoking a License
When the ESN changes or the network is adjusted, you can revoke the current license and use
the generated invalidity code to apply for a new license.
NOTE
Only the user with the Revoke License permission can revoke the current license.
A trial license cannot be revoked.
Importing a License File

You can import a new license file from the eSight client to the eSight server.
NOTE
Only the users with the Update License permission can import license files.
Sending License Alarms

When a license becomes abnormal, the system displays the license status and sends a license
alarm, which prevents service interruption due to license expiry.
2.1.12 Database Overflow Dump

eSight provides the database overflow dump function to ensure sufficient database space.
eSight checks the database space every day for modules that have a large amount of data. If
data overflow occurs, eSight automatically dumps data to the specified path.
Data overflow dump includes overflow dump for logs, alarms, performance data, SLA data,
nCenter data, NTA data, config file manager data, and terminal access data.
2.1.13 Two-Node Cluster System

The eSight high-availability system offers two-node cluster hot standby and switchover
functions. Software and hardware requirements for active and standby servers are the same.
The Veritas remote hot standby technology is used to synchronize data between active and
standby servers in real time, and dynamically monitor eSight running status. In case of a
hardware, operating system, or key application fault, eSight automatically switches services to
the standby server within 15 minutes.
Two-Node Cluster Deployment

Two-node cluster deployment involves the installation of the RAID disk partition tool, Linux
operating system, Veritas software, Oracle database, and eSight software. To reduce
installation complexity and improve installation efficiency, the Linux operating system can be

eSight
installed through a single mouse click. The Veritas software and Oracle database can be
installed jointly.
Two-Node Cluster Association

After the software is installed, associate active and standby servers.
Two-Node Cluster Disassociation

You can also disassociate active and standby servers.
2.2 Network Device and Service Management
2.2.1 Network Device Management

eSight offers network equipment management functions, and integrates entries for
information query, maintenance, and operation of a single NE to one page, which facilitates
monitoring and maintenance of a single NE.
Functions
l View
– Basic Information: provides an overview of NE management, including basic
information about an NE, KPIs, top N alarms, and interface traffic.
– Device Panel: displays an NE in graphics.
– Alarm List: displays an NE's active alarms.
– Performance Status: displays an NE's performance counters.
l Device Configure
– WEB NMS: displays the web management page provided by an NE.
– Service Configuration: uses an intelligent configuration tool to configure an NE.
– Interface Manager: lists an NE's interfaces and allows you to enable or disable an
interface and suppress or allow an alarm.
– IP Addresses: lists an NE's IP addresses.
– Configuration Files: allows you to view and back up an NE's configuration files.
l Protocol Parameters
– Telnet Parameters: allows you to modify an NE's Telnet parameters.
– SNMP Parameters: allows you to modify an NE's SNMP parameters.
– NetConf Parameters: allows you to modify an NE's NetConf parameters.
Polling Parameter Settings

On the polling polling parameter settings page, you can set the periodical synchronization
time and intervals for interface status polling, IP address polling, and device status polling.
Periodical device synchronization: Synchronizes device data, such as the interface, entity, and
IP address, at regular intervals. This operation consumes more system resources and is
supposed to be performed during off-peak hours.

eSight
Interface status polling: Queries device interface status at regular intervals and perceives the
status change of device interfaces, independent of device Trap to report interface status
change that trigger alarms. The device and link status on the topology management and IP
topology management pages are updated based on alarms.
IP address polling: Queries device interface IP addresses at regular intervals, perceives the
interface IP address change, refreshes the IP topology, and generates IP address change
identifiers.
Device status polling: Queries the online and offline status of devices through ICMP Ping,
perceives the device status change, generates alarms when devices go offline abnormally, and
refreshes devices on the topology management and IP topology management pages.
Physical Resource Management

l Frame Resources
You can query and export frame resources and modify frame remarks.
l Board Resources
You can query and export board resources and modify board remarks.
l Subcard Resources
You can query and export subcard resources and modify subcard remarks.
l Port Resources
You can query and export port resources and modify port remarks.
Electronic Labels
You can search for and export electronic labels of devices.
NOTE
Electronic labels are used to identify devices. They are used in network design, planning, and
maintenance, asset management (including spare part management), order, account management,
settlement, investment tracing, and warranty.
2.2.2 Configuration File Management

eSight allows you to back up, restore, and compare device configuration files and manage
baseline file versions. When faults occur on the network, you can compare the configuration
file in use with the configuration file that was saved when the network was running properly.
By checking the added, modified, and deleted information, you can quickly locate the fault
and resolve it.
You can also manage configuration changes. eSight automatically compares the differences
between backup and original configuration files to obtain configuration changes and notifies
you of the changes by email.
Device Configuration Management

l Backup task
eSight can be configured to periodically (daily, weekly, or monthly) back up
configuration files of devices specified in a backup task, at a specified time. It can also
be configured to trigger a backup upon the generation of a device configuration change
alarm. You can receive backup implementation results by email. The devices that cannot

eSight
be backed up are listed in the attachment.
l Configuration file
You can back up the configuration file of a specified device, configure a configuration
file as a baseline version, use the backup configuration file to replace the existing
configuration, and view the configuration on a device.
Figure 2-10 Setting a configuration file as a baseline version
Configuration files that have been backed up to a local disk can be viewed online.
Figure 2-11 Viewing a configuration file online
You can view, compare, and delete configuration files that are backed up on a local computer.
The file comparison function allows you to compare configuration files backed up on the
eSight server.

eSight
Figure 2-12 Comparing configuration files backed up on the eSight server
l Configuration change
After a configuration file is backed up, eSight automatically compares the differences
between backup and original configuration files to obtain configuration changes. You can
check the detailed configuration changes, including adds, deletes, and modifies.
Figure 2-13 Configuration change page
System Parameter Management

l Backup parameter
You can set the maximum number of configuration files that can be stored on the eSight
server for each device. If the number of a device's configuration files on the eSight
server exceeds the maximum, eSight automatically deletes the earliest configuration file.
You can determine whether to trigger a backup upon device configuration changes.
l Email notification
You can create a backup task execution result notification and a configuration file change
notification. eSight allows you to select a recipient from existing users or user groups
(set in System > System Settings > Set Notified User > User Group) and set the email
subject and notification sending time for the configuration file change notification.
2.2.3 User-defined Device Management

eSight provides user-defined device management to help enterprise users manage devices
from different vendors. You can customize device types, performance counters, alarm
parameters, configuration file parameters, and device panels.
Vendor Information Customization

You can add, delete, and modify parameters to customize the basic information about a
vendor.

eSight
In the preceding figure:
l Vendor Name: name of a device manufacturer.

l Vendor Description: description of a device manufacturer. This parameter is optional.
l Vendor Phone: customer service phone number of a device manufacturer. This
parameter is optional.
l Vendor Contact: device maintenance personnel of a device manufacturer. This
parameter is optional.
l Definition Type: indicates whether the basic information about a device manufacturer is
customized by eSight developers or users. The options are as follows. Default: The basic
information is customized by eSight developers. User-defined: The basic information is
customized by users.
NE Type Customization
When a non-predefined device type is added to eSight, the device type is shown as unknown.
eSight allows you to view only basic information about unknown devices. Management
capabilities, for example, alarm functions, are not provided. You must customize the device
type so that eSight can display the device information and monitor alarms and performance
counters of the device.
l NE OID: NE type identifier.

l NE Category: category of an NE, for example, switch, router, server, printer, or security
device.
l Web NMS URL: URL of a web-based network management system (NMS). Some
devices have their own web-based NMSs. After adding the link to a device's web-based
NMS in eSight, you can click the link to access the web-based NMS.
l Current NE Icon: device type, which can be customized by users.
l Definition Type: indicates whether device information is customized by eSight
developers or users.
Alarm Parameter Customization

You can add, delete, and modify SNMP v1 or SNMP v2c/v3 alarm parameters as required.
eSight discards alarms that are not predefined. When an alarm is customized, eSight's alarm
module parses and displays the alarm on the eSight client.
When you delete a user-defined alarm's parameters, eSight does not delete the alarm's
historical information. eSight's alarm module, however, no longer parses or displays the
alarm.
eSight allows you to modify the alarm severity, event type, alarm cause, handling method,
details, and fault locating parameters.
l Vendor Name: name of a device manufacturer. Alarm customization varies according to

device manufacturer because the alarm parameters differ depending on the device
manufacturer.
l Alarm Name: name of an alarm.

eSight
l Alarm Severity: severity of an alarm. There are four alarm severities: warning, minor,
major, and critical. They are the same as those defined in the alarm module.
l Notification Type: alarm category. There are three alarm categories: clear alarm, fault
alarm, and event.
l Event type: alarm type. The following alarms are available: communications alarm,
equipment alarm, processing error alarm, QoS alarm, environmental alarm, integrity
alarm, operational alarm, physical resource alarm, and security alarm.
l SNMP Version: SNMP version supported by a device. eSight supports SNMPv1 and
SNMP v2c/v3.
l Generic, Specific, and Enterprise ID: key parameters for locating an SNMP v1 alarm.
l Alarm OID: identifier of an SNMP v2c/v3 alarm, which is the same as the trap OID in
an alarm packet.
l Alarm Cause: possible cause of an alarm.
l Clearance Suggestion: method of clearing an alarm.
l Details: indicates alarm details.
l New Parameter: parameter for locating the fault that causes an alarm.
Performance Indicator Customization

You can add, delete, and modify performance counters as required. After customizing
performance counters, you can create a monitoring instance in the performance management
module. The performance management module then collects the user-defined performance
counters in the next data collection period.
l Indicator Name: name of a performance counter whose data needs to be collected.
l Measurement Object Type: group of collected performance counters whose data
collection objects are the same, for example, user-defined device counter group, frame
counter group, board counter group, and interface counter group. To collect a user-
defined interface performance counter, select the user-defined interface counter group.
l NE Type: type of devices whose user-defined performance counters can be collected.
l Calculation Formula: expression for calculating performance counters for an MIB
object.
NE Panel Customization
By default, eSight displays default NE panels for user-defined devices. You can upload a
device photo or high-fidelity picture to customize the NE panel. An NE panel includes
information about the frame, board, subcard, and ports. After customization, the device photo
or high-fidelity picture is displayed when you open the NE panel.
Configuration File Customization

You can customize configuration file backup, configuration file restoration, and restart
commands for devices. After customizing a device's configuration file, you can create a
backup task for the device in the configuration file management module. eSight then
automatically backs up the device's configuration file.

eSight
l NE Type: type of devices whose configuration file commands must be customized.

l Backup command: command for backing up a device's configuration file.
l Restore command: command for restoring a device's configuration file.
l Restart command: command for restarting a device.
Telnet Customization
With Telnet customization, you can customize Telnet parameters for different device types.
Telnet parameters include basic Telnet information and privilege mode information. Basic
Telnet information include prompts for the login user name and password, login failure, and
command delivery; exit commands; and remarks. Privilege mode information include
privilege commands, privilege password prompts, More prompts, output control commands,
interactive selection prompts, interactive selection commands, failure prompts, and failure
troubleshooting.
After Telnet parameters are customized, you can test the Telnet connectivity to devices. The
system can read customized Telnet parameters to manage and back up configuration files,
deliver configuration commands through the smart configuration tool, and configure and
parse services.
2.2.4 Terminal Resources

Terminal resources provides detailed information about access terminals and offers a unified
approach for you to manage access terminals.
Terminals that have accessed the network can be discovered either by a manually conducted
immediate discovery or a periodically conducted automatic discovery.
Figure 2-14 Terminal access solution
Terminal Discovery Configuration

You can configure:

eSight
l Whether to parse terminal names.

l Whether to enable automatic discovery.
l Intervals of automatic discovery.
l Discovery scope, which applies to both immediate discovery and automatic discovery.
Figure 2-15 Discovery Configuration page
Whitelist
You can configure a whitelist that contains authorized IP addresses and MAC addresses.
When the configuration takes effect, eSight checks whether a discovered terminal is
authorized. If not, eSight records its details for you to acknowledge the unauthorized terminal.
Figure 2-16 Whitelist page
Access Binding Rule

You can configure Port-IP or Port-MAC rules to restrict access terminals under device ports.
Yon can also configure IP-MAC rules to restrict binding relationships between IP and MAC
addresses. eSight identifies terminals that break these rules as unauthorized terminals and
records detailed access information.

eSight
Figure 2-17 Access binding rule
Terminal Access Record

In terminal access record, you can:
l Check terminal access details and history.

l Check unauthorized access logs.
l Jump to the topology view to view the access device of a terminal.
l Jump to interface management from access port of a terminal.
l Jump to the device panel to view the access port of a terminal.
l Configure remarks for a terminal.
Figure 2-18 Terminal Access Record page
Suspicious Terminal Report

In suspicious terminal report, you can:
l Check for the ports connecting to multiple MAC addresses to detect devices accessing
eSight with the same port.
l Check for duplicate MAC addresses to detect MAC address theft.
l Check for duplicate IP addresses to detect IP address theft.

eSight
Figure 2-19 Suspicious Terminal Report page
Unauthorized Access
eSight detects unauthorized terminal access based on the IP and MAC address whitelists
configured. With unauthorized access management, you can:
l View unauthorized access logs and unauthorized terminal details.
l Export unauthorized terminal details.
l Acknowledge unauthorized terminals.
Figure 2-20 Unauthorized Access page
Remote Notification
You can configure eSight to send an email notification upon detecting unauthorized terminal
access.

eSight
Figure 2-21 Remote Notification page
2.2.5 Link Management

eSight automatically discovers links between devices, allows users to manually create link
connections, and displays the links in the topology view, implementing link management.
Users can monitor the link status to better understand the network topology and changes of
the monitored network.
Link Discovery
Currently, eSight supports automatic link discovery based on the MAC forwarding table and
interface IP address using the LLDP protocol, and allows users to manually adjust links.
Display Rule
On the display rule page, you can select fields required for link name rules and tips rules. Tips
are displayed for links in the topology.
Link Deletion
The link deletion function applies to the following scenarios:
l Users want to hide a link in the physical topology and prevent it from being displayed
during automatic and manual discovery.
l An incorrect link exists in the topology and needs to be hidden.
Users can delete a link from the physical topology and link management page. Users can also
restore deleted links on the page for viewing deleted links.
2.2.6 IP Topology Management

You can go to the IP topology management page to check the links between routing devices
and layer-2 network devices.

eSight
Table 2-7 Terms in IP topology management
Term Description
NE Core unit of topology management, which is used to identify managed

devices. In a topology view, different icons indicate different types of NEs.
IP subnet IP network subdivision identified by a subnet mask and a range of IP

addresses.
Link Physical or logical connection between devices.
Routing Network device with routing capabilities.

device
Layer-2 Network device running on the data link layer of an Open System
device Interconnection/Reference Model (OSI/RM) network.
Figure 2-22 IP Topology Management page
Topology View
l The IP topology management page offers a tree structure on the left and a topology pane
on the right. Topology objects are organized hierarchically by subnet.
l eSight allows you to zoom in or zoom out in a topology view. Meanwhile, an aerial view
is provided for you to understand the entire topology structure.
l You can view the alarm status of devices and links. Detailed device or link information is
displayed in a tip when you bring focus to the device or link.
Operations in a Topology View

In a topology view, you can:
l Zoom in or zoom out.

l Export and print topology images and set a picture as the background of the topology
view.
l Move nodes and save their new positions.

eSight
l Use shortcut menus.
Display of Alarm Severities

The color of a node reflects the severity of the most severe alarm that the node is
experiencing. Update of such colors is real-time so you can respond to emergencies promptly.
Shortcut Access to NE Management

The topology view offers a shortcut menu for you to access the NE management page.
Interface IP Address Change History

You can view the interface IP address change history of an NE or the whole network.
2.2.7 Smart Configuration Tool

With the smart configuration tool, you can configure services for devices in batches by
template and planning table.
Figure 2-23 Smart configuration tool
A template is used to configure the same services for multiple NEs in batches. A planning
table is used to configure similar services for multiple NEs in batches. You can receive task
execution results by email for periodical delivery tasks.
Delivering Configurations Using a Template

You can use the preconfigured template or customize a template to deliver configurations to
multiple devices. The tool provides a wizard to guide you through the delivery.

eSight
Figure 2-24 Delivering configurations using a template
Delivering Configurations Using a Template Planning Table

To deliver configurations to multiple devices using a template planning table, export the table
and enter service configuration parameters in the table. Then import the table to the smart
configuration tool. The tool provides a wizard to guide you through the delivery.
Figure 2-25 Delivering configurations using a template planning table
Delivering Configurations Using a Command Planning Table

To deliver configurations to multiple devices using a command planning table, export the
table and enter CLI in the table. Then import the table to the smart configuration tool. The
tool provides a wizard to guide you through the delivery.

eSight
Figure 2-26 Delivering configurations using a command planning table
2.2.8 NE Software Management

NE software management is a functional module used to upgrade software versions of
managed devices. Users can upgrade software versions of fit APs using ACs. This module
offers task monitoring, wizard-based upgrade, and version management functions. The task
monitoring submodule manages all device upgrade tasks and refreshes the upgrade task in real
time. The wizard-based upgrade allows users to create upgrade tasks following a wizard. The
version management submodule allows users to manage device software mapping files by
device type.
Task Monitoring
The task monitoring submodule manages all device upgrade tasks and refreshes the upgrade
task in real time.
Figure 2-27 Task Monitoring
l The current version supports software upgrade of fit APs and displays the main menu
and authentication processing when the WLAN service component is installed.
l Users can upgrade one or more fit APs. If selected fit APs are of the same type and
belong to the same AC, only one task is created, improving efficiency and reducing the
load of Telnet connection channels.
l The status of upgrade tasks is refreshed in real time. Users can re-execute failed tasks.
Wizard-based Upgrade
The wizard-based upgrade allows users to create upgrade tasks following a wizard.

eSight
Figure 2-28 Wizard-based Upgrade
l The three-step wizard allows users to create upgrade tasks and check task summary
information.
l Users can continue to create upgrade tasks or go to the task monitoring page to check
task execution information.
l At the step for selecting an upgrade version, a link for creating a version is added,
increasing the ease of operations.
Version Management
The version management submodule allows users to manage device software mapping files
by device type.
Figure 2-29 Version Management
2.2.9 MIB Management

eSight offers the management information base (MIB) tool that can read, compile, store, and
use .mib files. eSight reads and monitors MIB data through SNMP V1, V2c, or V3, which
helps you to perform effective network management.
MIB Compiling
You can compile a MIB file and store the compiled file to a specified directory.
MIB Loading
You can upload, compile, load, unload, and delete MIB nodes, and create directories for MIB
nodes.
MIB Operation
After you enter device IP addresses in IP address text boxes, you can use the MIB tool to
perform Get/GetNext/Walk/TableView operations over SNMP-compliant devices.You can
click Stop to stop data acquisition.

eSight
2.2.10 Report Management

eSight generates instant and periodic reports and allows you to export reports to a file in any
of the following formats: PDF, Excel, and Word. eSight integrates a large number of report
templates to meet common operation and maintenance requirements. eSight also allows you
to customize report templates.
Report Task Management

You can create and manage report tasks on the eSight report task management page.
Report tasks are classified into instant tasks and periodic tasks. You can set email recipients
when configuring a task. After a task is executed, eSight automatically sends the generated
report to the specified recipients by email.
l Periodic Report Task
eSight executes periodic report tasks at the specified execution period. After a report task
is executed successfully, eSight saves the generated report. Users can view and manage
all reports generated by a periodic report task. eSight can also export the generated
reports as a file and send the file to users through email.
l Instant Report Task
Reports are generated immediately after users manually execute instant report tasks.
After an instant report task is executed successfully, the user can click View to open the
generated report. The user can also export the generated report in the specified format.
2.2.11 WLAN Management

The WLAN Manager offers an integrated solution that manages wired and wireless networks.
l Wizard-based batch service deployment: Delivers wireless service configurations to APs
in batches.
l Unified wireless resource management: Manages ACs, APs, wireless users, and regions.
l User fault diagnosis: Diagnoses users access network faults.
l Wireless network security check: Detects intrusion devices and non-Wi-Fi interference
sources and offers spectrum analysis.
l Visual management over the wireless network topology: Displays locations of APs by
area and coverage areas of the APs.
Service Management
The WLAN Manager supports wizard-based service configuration. Based on AP planning
sheets, the WLAN Manager delivers and deploys AP services end to end, which improves the
deployment efficiency (approximately 90% compared to manual deployment).

eSight
Figure 2-30 AC configuration wizard
Configuration Management
Figure 2-31 Managing ACs
An AC controls and manages APs on WLAN. With AC management, you can connect an AP
to WLAN in any of the following modes: confirm AP identities, add an AP in offline mode,
and add an AP to the whitelist.
l AC information
On the AC management page, you can set the source port, AP authentication mode,
country code and forwarding type.
l AP
An AP functions as a bridge to convert frames transmitted between wireless terminals
and a LAN. On eSight, you can configure basic AP information, manage radios, and bind
an extended service set (ESS) profile to a radio when creating an AP. You can also
import APs in batches from a predefined table and bind profiles to APs in batches. eSight
allows you to reboot APs, recover APs and replace APs.
l AP whitelist
You can configure a whitelist to allow authorized APs to go online. The AP whitelist
contains the MAC address and serial numbers of authorized APs. When the AC uses a

eSight
MAC address or an SN for authentication and automatically discovers that the MAC
address or SN of an AP is in the whitelist, the AP automatically goes online.
l Unauthorized AP
The Unauthorized AP page displays APs whose MAC addresses or SNs are not in the
whitelist. On this page, you can acknowledge unauthorized APs in batches to add them
to the whitelist. Then, APs in the whitelist are brought online.
l AP region
APs are added to different regions to reduce the time spent in adjusting AP parameters
and the impact of AP parameter adjustment on user access. Each AP region has a name,
a deployment mode, an alias, and a default region, and eSight allows you to tune radio
frequency (RF) of APs.
l AP blacklist
Network administrators can add MAC addresses of APs to an AP blacklist, preventing
unauthorized APs from going online.
l User blacklists
Network administrators can add MAC addresses of wireless users to a user blacklist,
preventing unauthorized users from connecting to APs. Network administrators can also
blacklist unauthorized users and configure the AP countermeasure mode to user
blacklist. The system performs countermeasure against devices from the user blacklist.
l SSID whitelist
Network administrators can configure SSID whitelists to detect unauthorized devices in
a more accurate and efficient manner. SSIDs that exist in surrounding environments but
have no impact on the wireless network quality are added to the whitelist and will not be
recognized as unauthorized devices.
The profile management function allows you to configure NE predefined profiles.
l AP profile
You can specify the maximum transmission unit of the AP Ethernet port and configure
log backup.
l Radio profile
The radio profile is used to specify parameters such as the radio type, rate, power, and
whether to occupy a channel during wireless transmission.
l ESS profile
The ESS profile is a set of service parameters, such as SSID, Service VLAN,
DataTraffer ESSIf, Access Max User, and WLAN User Access Security Manager.
After an ESS profile is bound to a specified radio on an AP, the service parameters are
applied to a virtual access point (VAP), a wireless service functional entity.

eSight
Network Monitoring
This function allows you to view information such as all physical resources, unauthorized
APs, resource statistics, and performance counters.
l Physical resources
AC: AC status, name, type, IP address, AP authentication mode, forwarding type, and
country code
AP: AP status, name, type, SN, MAC address, IP address, AC name, home region,
location, bound radio profile, and bound ESS profile
Client: user's MAC address, IP address, user name, AC name, AP name, radio ID, and
service set identifier (SSID)
SSID: AC name, ESS profile, number of fit APs, number of VAPs, and number of clients
User access history: user name, MAC address, access AP, access AC, access result, and
detailed access result
Region: region name, total number of APs, total number of online APs, and total number
of clients.
l Resource statistics
Network overview: line chart for online users, top SSID user statistics and AP resource
statistics.
l Performance statistics
Terminals associated with APs, AP physical resources, AP traffic, radio traffic, and real-
time client traffic performance statistics
l Client access history query
eSight periodically parses logs to extract the login information and saves the log
information into the database in batches, allowing users to view historical data about user
access.
l Spectrum Analysis
After the AP radio spectrum function is enabled on devices, users can view the signal
interference information around APs in eSight. Users can judge the channel quality and
surrounding interference sources on spectrum charts. Spectrum charts include real-time,
depth, channel quality, channel quality trend, and device percentage charts.

eSight
Figure 2-32 AP spectrum chart
WLAN Location Topology

You can deploy APs in regions, view the hotspot coverage, and detect signal coverage blind
spots and conflicts promptly. In regions where license is available and location is enabled, the
topology refreshes the latest location of users, unauthorized devices, and Wi-Fi interference in
real time.
1. View the hotspot location and radio signal coverage in the location topology and mark
conflict regions.
2. Pre-deploy APs, view the simulated radio coverage, and review the actual radio coverage
after APs get online.
Figure 2-33 WLAN Location Topology page
3. Map settings: Hide and display nodes in regions by filter criteria. Filter criteria include
unauthorized AP, unauthorized user, unauthorized Ad Hoc, unauthorized bridge, and
interferer. Unauthorized APs can be displayed based on finer-grained rules.

eSight
4. If the location AP license is applied and location is enabled in a region, the locations of
users, unauthorized APs, and interference are refreshed in the topology at regular
intervals.
Figure 2-34 Topology node display control
WIDS Management
With Wireless Intrusion Detection Systems (WIDS) management, eSight monitors and
recognizes unauthorized devices, clients, interference, and attacks based on user-defined
rules, sends remote alarm notifications, and offers protection measures.
1. Support the statistics, display, and countermeasure of unauthorized devices.
2. Support the display, countermeasure, and suppression access protection of unauthorized
devices.
3. Support the statistics and display of unauthorized Wi-Fi interference.
4. Support the statistics, display, and countermeasure of attacks.
5. Classify unauthorized APs into: rogue, suspected-rogue, adjacent, suspected-adjacent,
and interferer. Supported rules include adjacent or same frequency interference, signal
strength, SSID (fuzzy or regular expression), number of detected APs, and attack.

eSight
Figure 2-35 Rogue Device list
Fault Diagnosis
1. WLAN user fault diagnosis: Diagnoses network quality for online users in terms of
users, SSIDs, APs, and ACs. If detecting any exception, the system displays potential
problems and gives suggestions for users to rectify the exception.
Figure 2-36 User fault diagnosis
2. Offer related fault alarms about communications, environments, unauthorized devices,

and unauthorized Wi-Fi interference to help users locate and rectify faults.
3. Monitor WLAN network devices and resources to help users better understand the
running status of the network and devices.

eSight
Integrated wired and wireless management

After the LLDP link discovery is enabled, users can view the links between wired POE
switches and wireless APs in the physical topology, enabling integrated wired and wireless
management.
Figure 2-37 Physical topology management
Report Management
eSight provides predefined reports for AP uplink interface traffic, channel usage, online radio
users, online wireless users, Top N user access failures, and Top N user login counts and
provides fast reports and predefined reports for AP association statistics, AP traffic statistics,
and AP rate statistics.
Energy Saving Management

eSight allows you to customize energy saving policies in terms of the AP, radio, and SSID.
You can immediately or periodically start energy saving tasks, or disable wireless signals.

eSight
Figure 2-38 Creating an energy efficiency policy
2.2.12 BGP/MPLS VPN Management

The BGP/MPLS VPN Manager offers end-to-end solutions for VPAN service deployment,
monitoring, and fault diagnosis.
l Wizard-based batch service deployment: Deploys VRF, interface, and routing data for
PEs and CEs in batches.
l Convenient and quick automatic discovery: Automatically discovers deployed VPN
services without specifying device roles.
l Visualized service topology: Visually displays the logical architecture of PE-PE and PE-
CE services, and shows service alarms in real time.
l Multi-dimensional service monitoring: Monitors the running status of monitoring
services in terms of the alarm, performance, and service link SLA.
l One-click fault diagnosis: Diagnoses VPN service faults by segment and layer, and using
diverse approaches.
Service Deployment
eSight offers graphical, wizard-based, and end-to-end service deployment capabilities and
helps you easily and quickly deploy new VPN services, add VPN access points, and adjust
existing VPN services, improving service maintenance efficiency. eSight allows you to deploy
services in the Full-mesh, Hub-Sopke, MCE, and customized networking types, and deploy
OSPF, ISIS, static, and EBGP routing protocols between PEs and CEs.

eSight
Figure 2-39 MPLS VPN service deployment
Figure 2-40 Creating detailed configuration
Automatic Discovery
eSight discovers MPLS VPN services automatically in the following network schemes: Full-
Mesh, Hub-Spoke, Multi-VPN-Instance CE (MCE), HoVPN, inter-AS Option A, and inter-
AS Option B. Figure 3 shows the page for discovering MPLS VPNs automatically.

eSight
Figure 2-41 MPLS VPN automatic discovery
MPLS VPN Monitoring

eSight monitors MPLS VPN services and displays MPLS VPN service configurations,
including configuration of links between PEs, configuration of links between PEs and CEs,
VRF instance configurations, and routing configurations.
eSight provides the following statistics tasks to monitor MPLS VPN performance:
l Access Interface Performance
l VRF Flow Performance
l VRF Route Performance
In addition, eSight monitors MPLS VPN service quality.
MPLS VPN Service Topology

eSight monitors service topologies, displays the VPN logical architecture, and manages user-
defined regions.

eSight
Figure 2-42 MPLS VPN service topology
Quick Diagnosis
eSight offers one-click fault diagnosis to diagnose faults by segment (PE-PE, PE-CE, CE-CE,
and PE-remote CE) and layer (L3 routing and MPLS forwarding layer) using multiple
approaches (ping, trace, and routing collection). eSight provides the causes to faults after
diagnosis, allowing you to quickly locate faults.
Figure 2-43 MPLS VPN quick diagnosis
Service Report
eSight offers statistical reports on interface traffic, VRF traffic, and VRF routing. Interface
traffic reports allow you to learn about the historical interface data about each VPN service.
VRF traffic reports allow you to learn about the distribution of VPN traffic on each PE. VRF
routing reports allow you to learn about the routing change information about CE access of a
VPN service. In terms of traffic and routing, the preceding three reports offer data reference
for you to perform some operations, such as capacity expansion.

eSight
Figure 2-44 MPLS VPN service report
2.2.13 BGP/MPLS Tunnel Management

MPLS Tunnel Manager monitors MPLS TE and LDP tunnels, including the tunnel running
status, backup status, tunnel topology, alarms, and tunnel-related VPN services.
Automatic Discovery
eSight automatically discovers MPLS tunnels on the network, including MPLS TE and LDP
tunnels.
Figure 2-45 MPLS tunnel automatic discovery
Tunnel Monitoring
eSight supports active-standby and bypass protection for MPLS TE dynamic tunnels and
monitors Static-CR signaling-based static tunnels. The following tunnel information is
monitored: tunnel backup status, running status, and tunnel alarms.
eSight supports interaction between MPLS tunnels and L3VPN services and allows you to
check VPN services carried on MPLS TE tunnels.
Tunnel Topology
eSight manages and monitors MPLS tunnels through tunnel topology and allows you to check
the following:

eSight
Figure 2-46 Tunnel topology view
l MPLS capabilities of MPLS TE tunnels and interfaces, DS-TE information, and link
bandwidth.
l MPLS capabilities of MPLS LDP virtual tunnels and interfaces.
Explicit Path List

eSight provides an explicit path list. You can view the detailed information about each explicit
path
Quick Diagnosis
eSight provides MPLS Tunnel quick diagnosis function, eSight can diagnose route
forwarding, label forward, and tunnel configuration at tunnel nodes. If a fault occurs, eSight
can diagnose and locate tunnel faults and give detailed diagnosis results. as shown in Figure
MPLS Tunnel quick diagnosis

eSight
Figure 2-47 MPLS Tunnel quick diagnosis
2.2.14 SLA Management

Service Level Agreement (SLA) Manager measures and diagnoses network performance. You
can create SLA tasks to periodically monitor the network delay, jitter, and packet loss, and
calculate the compliance between SLA services and the live network. By default, SLA
Manager offers 24 services. You can also customize services to meet your specific demands.
SLA Manager offers the Dashboard to globally monitor SLA tasks and allows you to quickly
learn about the quality of all or specific services on the live network. On the SLA view page,
you can establish a view that consists of multiple tasks, which helps you to compare task data.
Quick diagnosis helps you to quickly diagnose the links and carried services between source
and destination devices, facilitating network fault location.
Figure 2-48 SLA management overview
Dashboard
The SLA dashboard globally monitors SLA tasks and displays the recent smart policy tasks,
SLA test instance indicators, and minimum SLA compliance. You can add and delete
dashboards and filter SLA tasks on the dashboard.

eSight
Figure 2-49 SLA Dashboard
SLA Service Management

With SLA service management, you can define SLA levels. More than 20 predefined
templates are provided for common services such as voice over IP (VoIP), video, and data
services. You can customize the compliance threshold and network quality counter threshold
based on network conditions and operation and maintenance requirements.
Figure 2-50 SLA Srvice Management page

eSight
Figure 2-51 Creating an SLA service
SLA Task Management

eSight allows you to create, delete, start, and stop SLA tasks and copy an existing task to
create a task. The SLA task execution interval can be adjusted automatically. When network
quality degrades, the execution interval is shortened automatically to provide you with more
quality degradation information.
Figure 2-52 SLA Task Management page
SLA View Management

Multiple SLA tasks can be added to an SLA view, which enables you to view the historical
data of multiple SLA tasks.

eSight
Figure 2-53 SLA View Management page
Quick Diagnosis
Quick diagnosis supports the function of checking the SLA service quality without creating
any task.
Figure 2-54 Quick Diagnosis page
Historical Data
Historical service quality data such as the overall compliance and the data of a single counter
is displayed in graphs.

eSight
Figure 2-55 Page for viewing historical data
The SLA view displays the historical data of multiple tasks.
Figure 2-56 Page for viewing the historical data of multiple tasks
SLA Reports
You can export and print the SLA Service Quality Report, SLA Task Counter Reports, and
TopN SLA Compliance Report.
Service Diagnosis
With service diagnosis, eSight detects network quality and displays collected data (such as the
delay, jitter, packet loss rate, and DSCP value) by segment, helping you to assess service
quality. eSight locates the network where a quality problem occurs based on statistical data,
helping users rectify faults and ensuring service smoothness.

eSight
Figure 2-57 Quick Start
Template Management
eSight offers default network service quality assessment standards. You can also customize
standard templates based on your site requirements.
(1) Telepresence diagnosis configuration template used to assess the network quality of
telepresence systems.
(2) Desktop cloud diagnosis configuration template used to assess the network quality of
desktop cloud systems.
Figure 2-58 Template management
Figure 2-59 Creating a template

eSight
Service Diagnosis
eSight diagnoses the network service quality and allows users to efficiently locate network
faults and assess network quality. Before performing service diagnosis, select the
corresponding template.
To perform telepresence diagnosis, select a telepresence diagnosis template.
Figure 2-60 Telepresence diagnosis parameters
To perform desktop cloud diagnosis, select a desktop cloud template.
Figure 2-61 Desktop cloud diagnosis parameters
Diagnosis results are displayed by segment. Each record in the table indicates network
conditions between source and destination devices.

eSight
Figure 2-62 Diagnosis result
2.2.15 QoS Management

eSight provides QoS Manager to monitor traffic. When traffic policies are configured for
interfaces, the tool measures network performance counters such as rate of matched bits, rate
of discarded bits, excess bandwidth rate, and bandwidth usage for the interfaces.
Dashboard
The QoS dashboard displays the top 5 or 10 tasks with the highest QoS performance counters,
which helps you find regions with excessively high traffic.
Figure 2-63 QoS Dashboard
QoS Configuration
Viewing QoS configuration of the devices.

eSight
Figure 2-64 QoS Configuration
Historical Data
Historical QoS traffic data shows the change of QoS traffic.
Figure 2-65 Historical QoS data
2.2.16 NTA Management

eSight Network Traffic Analyzer (NTA) can quickly and economically analyze network
traffic and generate traffic reports. It enables users to detect abnormal traffic in a timely
manner based on the real-time entire-network application traffic distribution and plan
networks based on the long-term network traffic distribution. Therefore, NTA can implement
transparent network management.
Enabling Device Interface NetStream

NetStream commands are delivered to devices through the smart configuration tool. Users do
not need to configure NetStream on each device, which facilitates quicker deployment.

eSight
Figure 2-66 Enabling interface NetStream
eSight NTA allows users to configure devices, interfaces, protocols, applications, DSCPs, IP
groups, application groups, interface groups, and DSCP groups.
Figure 2-67 NTA device configuration wizard page
l Collector configuration
Allows users to view the IP address and status of the current collector and set the TopN
count for interface session collection (Top30 by default). After the traffic forensics
function is enabled, the original flow files of the collector are uploaded to the analyzer.
l Device configuration
Displays all devices that report traffic. Users can monitor specific devices.
l Interface configuration
Displays network-wide interfaces with network traffic. Users can configure the interface
incoming traffic rate, outgoing traffic rate, and sampling rate to ensure network traffic
data correctness. The sampling rate on eSight and devices must be set to the same value
to show the actual network traffic.

eSight
l Protocol configuration
Allows users to monitor specific protocols.
l Network application:
Lists 543 frequently-used network applications and classifies them into Layer 4, Layer 7,
protocol, and user-defined applications. Users can define important applications.
– Layer 4 application: A network application identified by one or more groups of
fixed network protocols and communication ports.
– Layer 7 application: A network application with random ports and identified by the
packets at the application layer.
– Protocol application: A network application identified by protocols rather than
ports.
– User-defined application: A network application that is added by users and can be
defined in terms of the protocol (UDP/TCP), port range, and IP address range.
l DSCP configuration
Lists 64 frequently-used DSCPs and allows users to rename DSCPs.
l IP group configuration
Groups IP addresses that have certain common attributes, which helps users to view
traffic information about IP address groups.
l Application group configuration
Groups user-concerned applications and helps users to view traffic information about
application groups.
l DSCP group configuration
Groups DSCPs and helps users to view traffic information about DSCP groups.
l Interface group configuration
Groups related interfaces and helps users to view traffic information about interface
groups.
l Alarm configuration
Specifies the thresholds for triggering alarms for certain applications, hosts, and DSCP
rates and the conditions for clearing the alarms.
Traffic Dashboard
NTA provides the traffic dashboards function and displays the real-time entire-network traffic.

eSight
Figure 2-68 Traffic analysis by Dashboard
l The dashboard offers rankings about the interface traffic, interface utilization, device
traffic, application traffic, host traffic, DSCP traffic, and session traffic.
l You can customize the display format and content. The following operations are
available: Tool tips, links, switching between figures and tables, maximize, and
minimize.
Traffic Analysis
eSight NTA offers drill-down network traffic analysis capabilities. Users can view more
details about traffic step by step. eSight NTA allows users to view details traffic information
about devices, interfaces, applications, DSCPs, hosts, sessions, interface groups, IP groups,
and application groups.
Users can view network-wide traffic information. The following figure takes example of
application traffic analysis.
Figure 2-69 Application traffic analysis

eSight
Users can view drill-down data. The following figure takes example of interface traffic
analysis.
Figure 2-70 Interface traffic analysis
In addition, users can set filter criteria to view session details.
Figure 2-71 Conversation details
Network Traffic Report

NTA allows users to customize traffic reports as required. NTA provides the function of
exporting reports. Figure 2-72 and Figure 2-73 shows how to create and view traffic reports.

eSight
Figure 2-72 Creating a network traffic report
Figure 2-73 Viewing a network traffic report
l Supports multiple modes to display the traffic data: Pie, Chart, Table, Line, Graph, and
Region.
l Supports multiple summary types: Application summary, Session summary, DSCP
summary, Source host summary, Destination host summary, and Interface summary.
l Supports multiple filtering conditions: by source address, by destination address, by
application, and by DSCP.

eSight
l The report system can generate instant reports and periodical reports.
– Instant report
After you perform a task manually, the instant report statistics is displayed. After
the task is performed successfully, the status is displayed on the page. You can open
the report to view detailed traffic statistics.
– Periodical report
After the system performs a task at an interval specified by the user, traffic statistics
of this specified period is displayed.
l Supports batch report export.
l Sends reports by email.
Traffic Forensics
When detecting abnormal traffic in the network, the system allows users to obtain original
traffic data which helps users to locate the network fault.
The system displays traffic forensics results by seven key fields. For example, users can check
whether viruses exist by comparing protocols, ports, and packet rates, and check whether
protocol attack threats exist by TCP flags.
Figure 2-74 Traffic forensics page
l Obtains original packets by time range.

l Supports diverse filter criteria: source IP address, destination IP address, source
interface, destination interface, source port, destination port, protocol, application, DSCP,
and TCP tag.
l Sets the storage duration (maximum: 30 days) for query results.
l Exports all or specified query results.
Traffic Alarm
You can create threshold alarms for seven traffic types, including the application, server, and
session. When the traffic has reached the threshold for specified times within a specified time
segment, an alarm is automatically generated. When the traffic meets alarm clearance

eSight
conditions within a specified time segment, the alarm is automatically cleared. eSight can
notify you of alarm generation or clearance by email.
You can manage (create, copy to create, delete, enable, and disable) threshold alarms on the
traffic threshold alarm configuration page. You can choose the objects to monitor, and set the
alarm severity, threshold, and repetition times based on the historical traffic data.
Figure 2-75 Threshold alarm configuration page
You can check traffic alarms on the current alarm page, and go to the traffic analysis page to
view traffic details within the time segment when alarms are generated.
Figure 2-76 Checking traffic alarms
2.2.17 VLAN Management

The eSight VLAN Manager centrally manages and configures VLAN resources that have
been added to eSight. The eSight VLAN Manager offers an impressive array of functions,
including managing network-wide VLAN resources, delivering VLAN configurations to ports
on devices (delivering only PVID for Access-type ports; PVID and allowed VLANs for
Trunk-type ports; PVID, tagged VLANs, and untagged VLANs for Hybrid-type ports),
automatically computing paths to display device and link VLAN topologies, and providing
VLAN management for a single device.

eSight
VLAN Resource Management

eSight offers a unified entry to manage VLAN resources.
Figure 2-77 VLAN resource management
l You can search for VLAN resources by criteria, such as VLAN ID and VLANIF
interface existence.
l You can create VLANs in batches and deliver created VLANs to selected devices.
l You can delete VLANs. If the ID of the VLAN is the PVID of a port, the PVID of this
port will be restored to 1 after the VLAN is deleted.
VLAN Device Management

eSight offers a unified entry to manage VLAN devices.
Figure 2-78 VLAN device management

eSight
l You can search for VLAN devices by subnet, device type, device name, and device IP
address.
l You can configure port VLANs and deliver the configurations to selected ports.
l You can go to the device management page to manage the VLAN of a single device.
VLAN Topology
eSight offers a unified topology view of network-wide VLAN devices and links.
Figure 2-79 VLAN topology
l You can check the device interface types and VLAN details about the two sides of a link,
and check VLAN packets that are allowed to pass on the link.
l You can search for devices and links by VLAN ID, and check devices and links that
allow the pass of a VLAN.
l You can directly add a device to or remove a device from a VLAN.
Single-Device VLAN Management

You can manage VLAN resources on a single device on the device management page.

eSight
Figure 2-80 Single-device VLAN management
l You can create VLANs on and delete VLANs from a single device.
l When you delete a VLAN: If the ID of the VLAN is the PVID of a port, the PVID of this
port will be restored to 1 after the VLAN is deleted.
l You can bulk modify VLAN parameters for multiple ports under a device.
l You can create VLANIF on and delete VLANIF from a single device.
l You can manage voice VLANs on a single device and set communication parameters for
voice VLANs on the device. the parameters include the lifecycle, protocol priority
(802.1P/DSCP), source MAC address and mask for voice streams, and port used to
receive voice streams.
2.2.18 iPCA Management

Enterprise IP networks carry complicated and diversified services, and network applications
closely relate to routine operation of enterprises. Packet Conservation Algorithm for Internet
(iPCA) provides device-level, network-level, and service flow packet loss measurement on
enterprise campus networks. It marks on real IP service packets transmitted on networks;
therefore, network administrators can easily monitor network quality and quickly locate faults
without increasing load on the networks.
Device-level Measurement
iPCA-capable devices are deployed on the enterprise campus network. iPCA can be
performed on these devices and Layer 2 direct links between the devices. eSight provides a
network topology to show whether unicast IP packets are lost in this area in real time. If
packet loss occurs, eSight can show the device where packets are lost, the packet loss ratio,
and the number of lost packets. eSight provides the following iPCA functions:
1. Displays the latest packet loss measurement result of the devices and links in the
topology view.
2. Reports an alarm when the device or link packet loss measurement result exceeds the
preset threshold.

eSight
Network-level Measurement
The branch networks of an enterprise are connected through a carrier's network. The egress
device of each branch functions as a CE to connect to the carrier's network. The enterprise
needs to evaluate service quality on the carrier's network. When service quality degrades, the
enterprise network administrator needs to check whether the problem is caused by the carrier's
network. iPCA network-level monitoring is deployed on the egress devices of the campus
network to monitor service quality of the carrier's network.

eSight
Packet Loss Measurement for the Unicast IP Service

If the quality of key services in an enterprise degrades, the network administrator needs to
determine whether the problem occurs in application servers, terminals, or network devices. If
packet loss occurs, the administrator must quickly check where the packets are lost, on a node
or a link. The Telepresence service is used as an example here to describe how to measure and
locate packet loss on a network.
1. Configure network-level measurement on the interfaces of two switches that are
connected through Telepresence servers and terminals to check whether packet loss
occurs. If no packet is lost, the problem occurs on Telepresence terminals. The
administrator needs to check the terminals.
2. If packet loss occurs between the Telepresence server and terminal, check which node or
link has lost the packets.
3. Check the packet loss measurement results of devices on the service forwarding path to
quickly locate the faulty node.

eSight
2.2.19 SVF Management

Super virtual fabric (SVF) is a vertical virtualization technology that virtualizes devices at the
core, aggregation, and access layers into one device for centralized device management. This
reduces the number of managed devices, simplifies operation and maintenance (O&M)
scenarios, and improves O&M efficiency.
eSight SVF management manages the SVF capabilities of agile switches and CE switches to
implement device monitoring, user management, and service deployment on SVF networks.
Unified Device Monitoring

eSight treats an SVF network as one device to uniformly manage and monitor wired and
wireless devices on the network.
An SVF network is displayed as one device in the topology and panel, which facilitates
centralized management of device running information and alarms on the entire network. The
information includes the running status of parent and client devices and connection status of
links between SVF members.
On an SVF network with agile switches deployed, eSight can also monitor the running status
of APs in a centralized manner.
Unified User Management

eSight SVF management uniformly manages wired and wireless users connected to SVF
networks. It allows administrators to view the ASs to which wired users connect and the APs
to which wireless users connect, and facilitates fault diagnosis for wireless users.
Service Configuration Management

l Template Management
eSight SVF management allows administrators to create, modify, and delete SVF service
templates.

eSight
l Service Deployment
eSight SVF management allows administrators to create different configuration matrices for
different configuration scenarios. Administrators can deploy, undeploy, and modify services
in the configuration matrices.
In the configuration matrices, administrators can apply created templates to port groups or
device groups by service configuration scenario to quickly deploy SVF services.
2.2.20 PON Management

The PON Manager is a functional module to discover GPON access network resources and
monitor networks. Based on GPON service features, the module focuses on GPON fault
monitoring.
l ONU port communication status monitoring: Monitor ONU Ethernet port status to
indirectly monitor the communication status of terminals mounted to the ONU.
l ONU monitoring: ONU faults are primarily power off and board faults.
Monitor ONU running status (the port running status): online, power off, short fiber,
offline. Board faults will be reflected on the port.
l Line monitoring:
Line faults are frequently-used GPON faults, including fiber cut and optical module
fault.
– Monitor the operating environment of an optical module: power voltage, current,
and temperature, and the power of an optical module
– Monitor line quality: LOFI alarm quantity, number of blocks uncorrected by the
upstream FEC, number of BIP error frames, frame loss rate, and bit error rate
– Monitor the OLT UNI port status.
l OLT monitoring: The OLT is placed in the customer's equipment room and has relatively
few faults, primarily board faults. These faults can be monitored through the port status.
l OLT upstream port monitoring: Links between the OLT and switches monitor the link
traffic, for example, high bandwidth usage or packet loss arising from capacity
expansion.
Overview
eSight displays PON-related overview in graphics. The current version displays ONU status
statistics in a pie chart.
OLT Resource Management

eSight displays the OLT device list in a resource table. Users can search for basic OLT
information by OLT name and IP address. Users can synchronize the following OLT
information to eSight: GPON ports, optical modules, and ONUs mounted to the OLT. Users
can also jump to the physical topology from the resource table, and locate the OLT in the
network and check connection relationships between upstream switches. In addition, users can
click a name link to the OLT manager and check details about the OLT.

eSight
Optical Splitter Resource Management

eSight displays the optical splitter list in a resource table. Users can search for basic
information about optical splitters by OLT name and IP address. Users can add, move, delete,
and modify optical splitters. Users can also import optical splitters in batches.
ONU Resource Management

eSight displays the ONU list in a resource table. Users can search for basic information about
ONUs by OLT name and IP address. Users can move a single ONU record and change ONU
alias. In addition, users can click a name link to the ONU manager and check details about the
ONU.
ONU Topology
Users can click the PON port of the OLT to display connection relationships under the PON
port. This feature intuitively displays OLT ports and ONU status (online, offline, and alarm)
to users.
PON Portal
eSight allows users to customize the PON service portal and intuitively displays performance
indicators for users to learn about the running status of PON services. Indicators include:
TopN OLT Ethernet port receive/transmit bandwidth usage, TopN OLT Ethernet port receive/
transmit packet loss, total number of OLTs and resource status quantity, total number of
ONUs and resource status quantity, and TopN LOFI alarms.
2.2.21 AR Voice Management

eSight offers the following AR voice functions: signaling tracing, trunk tracing, call traffic
statistics, user resource statistics, and automatic NE connection.
Signaling Tracing
Signaling tracing is used to trace and monitor the protocol messages, connection of port
signaling links, and service flows dynamically and in real time. With signaling tracing, users
can know the signaling cooperation, facilitating fault location.
Trunk Tracing
With trunk tracing, users can learn about trunk information in real time.
Call Traffic Statistics

With call traffic statistics, users can collect traffic information about global, trunk incoming,
and trunk outgoing calls placed through ARs.
User Resources Statistics

With user resources statistics, users can learn about the number of callers, total users, and call
rate in real time to facilitate AR management.

eSight
Automatic NE Connection
With this function, eSight automatically creates NE connections in the topology.
Figure 2-81 Automatic NE connection
2.2.22 IPSec VPN Management

The IPSec VPN management component enables you to monitor and diagnose IPSec VPN
services, covering the service activation status and alarm status, service topology,
performance, and historical tunnel information.
Overview
The IPSec VPN overview provides you visibility into overall IPSec VPN services, including
the number of IPSec tunnels, received and sent packet rates, traffic rates, and packet loss
ratios of an IPSec tunnel or all IPSec tunnels, number of remote access users in an IPSec
tunnel, and service alarm list, as shown in Figure 1 IPSec VPN overview.
Figure 2-82 IPSec VPN overview
Discovering Services
Huawei eSight automatically discovers IPSec VPN services of some or all devices on the
Hub-Spoke and Site-to-Site networks. During discovery, services are grouped by
network. Figure 2 IPSec VPN service discovery shows service discovery.

eSight
Figure 2-83 IPSec VPN service discovery
Managing Service Groups

Huawei eSight manages services by service group and enables you to search, delete, and
move service groups. The service group list provides you visibility into the service quantity
and alarm status of each service group and provides links to alarm lists.
Huawei eSight helps you quickly diagnose services and modify service configurations (such
as the preshared key) by service group.
Figure 3 IPSec VPN service group list shows the service group list.
Figure 2-84 IPSec VPN service group list
Figure 4 Preshared key modification shows preshared key modification.
Figure 2-85 Preshared key modification
Managing a Service List

You can click a link in the service group list to access a service list.
On the service list, you can:

eSight
l Rename the services and service group.

l Search for, delete, and move services and perform quick diagnosis.
l Display global parameters.
l Monitor performance in real time.
l View tunnel information.
l View topology and alarm details by clicking topology and alarm links.
Figure 5 IPSec VPN service list shows a service list.
Figure 2-86 IPSec VPN service list
l Searching for services

Huawei eSight supports service name fuzzy match and enables you to search for services
by network type, service status, alarm status, local device, remote device, local interface,
or remote interface.
l Deleting services
Delete the selected services from Huawei eSight does not affect services. After the
deletion, you can discover the services to Huawei eSight again.
l Moving services
You can move the selected services to another service group. Figure 6 IPSec VPN
service moving shows service moving.
Figure 2-87 IPSec VPN service moving
l Diagnosing services quickly

If a fault occurs, you can diagnose services quickly to locate the fault.
l Modifying service names
Huawei eSight automatically generates service names during service discovery. You can
modify the service names. After the service name is modified, Huawei eSight updates

eSight
service link names in the topology. Figure 7 IPSec VPN service name modification
shows service name modification.
Figure 2-88 IPSec VPN service name modification
l Viewing global parameters

You can view the global IPSec VPN parameters of devices at both tunnel ends, including
the device name, type, IP address, IKE negotiation name, interval for sending keepalive
packets, keepalive timeout period, and interval for updating NAT keepalive packets, as
shown in Figure 8 Global IPSec VPN parameters.
Figure 2-89 Global IPSec VPN parameters
l Monitoring performance in real time

Huawei eSight monitors service performance in real time, including the number of
remote access users in an IPSec tunnel and the received and sent packet rates, traffic
rates, and packet loss ratios of an IPSec tunnel.
l Viewing tunnel information
If a service is not activated, its tunnel icon is unavailable. If a service is activated, you
can view detailed tunnel information, including the connection ID, duration, local
device, remote device, local interface, remote interface, local IP address, remote IP
address, packet encapsulation mode, key negotiation type, and SA list, as shown in
Figure 9 Detailed tunnel information of IPSec VPN services.

eSight
Figure 2-90 Detailed tunnel information of IPSec VPN services
l Viewing topology
In a service list, you can click the topology link of a service to view the IPSec VPN
topology.
l Viewing alarms
If the alarm status of a service is abnormal, you can click the alarm link to view the
alarm information about devices at both tunnel ends.
Service Topology
The service topology provides you visibility into IPSec VPN services. The display of an
IPSec VPN service topology supports the following scenarios:
l Hub-Spoke or Site-to-Site networking
l Interworking services
l Hot standby and active/standby switchover
The service topology displays global device parameters and provides links to different
information, such as service discovery, alarm lists, service lists, service diagnosis, real-time
performance, and device management.
The service topology provides complete tooltip information. Each device node, service link,
subnet, or backup link has its tooltip information, including the basic information and latest
performance data.
The service topology supports device management by subnet. Subnet management includes
importing physical subnets, creating, modifying, or deleting subnets, moving devices to other
subnets, and adding devices to subnets.
Figure 10 IPSec VPN service topology shows service topology.

eSight
Figure 2-91 IPSec VPN service topology
Monitoring Alarms
The alarm status in a service or service group list shows the generation and rectification of a
service fault. The service link in the topology displays the alarms of different severities in
different colors. After identifying a service fault, you can access the alarm list to view detailed
alarm information and locate the fault.
Monitoring Performance
The global and IPSec VPN performance monitoring functions provide you visibility into
traffic of network devices and services, including the packet rate, traffic rate, packet loss ratio,
number of tunnels, and number of remote access users. Figure 11 IPSec VPN service
performance monitoring shows real-time performance monitoring.
Figure 2-92 IPSec VPN service performance monitoring
Diagnosing Services Quickly

You can detect faults and diagnose services quickly without creating any task.
Service diagnosis covers the interface status at both tunnel ends, whether IPSec policies are
applied to an interface, integrity of IPSec policy configuration, IKE negotiation result, and
IPSec negotiation result.
Diagnosis results can be exported into an Excel file.

eSight
Figure 12 Quick diagnosis of IPSec VPN services shows service diagnosis.
Figure 2-93 Quick diagnosis of IPSec VPN services
Viewing Historical Tunnels

The historical tunnel list shows the setup and teardown of tunnels on the entire network
within a time range. You can understand the tunnel setup and teardown patterns and locate
service faults.
Figure 13 Historical IPSec VPN tunnel list and Figure 14 Detailed information about a
historical IPSec VPN tunnel show the historical tunnel list.
Figure 2-94 Historical IPSec VPN tunnel list

eSight
Figure 2-95 Detailed information about a historical IPSec VPN tunnel
2.2.23 Secure Center Management

About This Chapter
The Secure Center effectively manages security policies on a large number of Huawei
firewalls, switches, and routers. Main functions are as follows:
1. Security policy analysis
– Supports redundancy, risk, hit, and comprehensive analysis on security policies for
firewalls as well as NGFWs.
2. Firewall security policy management
– Supports batch configuration and deployment of firewall security policies, IPS
policies, and AV policies.
– Supports centralized configuration of common objects, such as address sets, time
ranges, services
– Supports virtual firewall management and virtual firewall-based security policy
configuration.
3. NGFW security policy management
– Supports batch configuration and deployment of firewall security policies, IPS
policies, and AV policies etc. for NGFW firewalls.
– Supports centralized configuration of common objects, such as address sets, time
ranges, services for NGFW firewalls.
– Supports virtual firewall management and virtual firewall-based security policy
configuration for NGFW firewalls.

eSight
4. Access authentication policy management

– Supports batch configuration and deployment of access authentication policies for
switches.
– Supports centralized configuration of user groups, RADIUS server groups, and
access policy templates.
– Supports consistency audit of access authentication policies.
5. AR policy management
– Supports centralized configuration and batch deployment of interzone security
policies.
6. ACL management
– Supports centralized configuration of basic and advanced ACLs.
Basic Configuration
l Security policy authorization management
You can query the devices that the Secure Center is authorized to manage through
licenses.
Figure 2-96 Security policy authorization management
l Device group creation, deletion, modification, and query

You can create, delete, modify, and query device groups.

eSight
Figure 2-97 Creating a device group
l Virtual firewall creation, deletion, and query

You can create, delete, and query virtual firewalls.

eSight
Figure 2-98 Creating a virtual firewall
Security Policy Analysis

l Policy redundancy analysis
The Secure Center can analyze the redundancy of security policies configured on the
eSight and firewalls. Using an efficient redundancy analysis algorithm, the Secure
Center can obtain the number of totally redundant policies, partially redundant policies,
and non-redundant policies. A maximum of 20 devices can be analyzed at a time. The
analysis result is displayed using a grouping histogram to show top 5 devices with totally
redundant, partially redundant, or non-redundant policies.
Policy redundancy details are displayed in either of the following modes:
PDF file for a scheduled analysis task
The PDF file lists all device interzone policy redundancy conditions in tables based on
interzones and displays the policy redundancy status (either total redundancy or partial
redundancy). For a redundant policy, the overlapping policies are provided.
Web page for an immediately executed analysis task
You can query the policy redundancy condition of a specific device or detailed
redundancy condition of a specific policy.

eSight
Figure 2-99 Policy redundancy analysis result
l Policy hit analysis

The Secure Center can read the device policy hit data to analyze policy hit conditions for a
maximum of 20 devices each time. The policy hit analysis result is displayed based on
interzones in terms of the hit times and details about common objects configured for the
policies.
The policy hit analysis can be displayed in either of the following modes: PDF file and web
page. The web page mode provides more interactive functions. You can query the policy hit
condition of a specific device.
Figure 2-100 Policy hit analysis result
Figure 2-101 Detailed matching count of every policy
l Policy risk analysis

eSight
The Secure Center can check whether the security policies configured on the eSight are
risky. If you select to synchronize firewall data before executing the analysis task, the
Secure Center can analyze the risks of security policies configured on the firewalls.
Using a risk analysis algorithm and based on the specified risk analysis rules, the Secure
Center determines a device with high, medium, or low risks. In addition to default user-
defined risk rules, you can create user-defined risk rules. The Secure Center can analyze
the policy risks of up to 20 devices each time. The analysis result is displayed using a
grouping histogram to show top 5 devices and the number of high-risk, medium-risk, and
low-risk policies and using tables to show the number of high-risk, medium-risk, and
low-risk policies of all selected devices.
Figure 2-102 Creating a user-defined risk rule
Policy risk details are displayed in either of the following modes:

PDF file for a scheduled analysis task
The high-risk, medium-risk, and low-risk policies of all selected devices are listed in a
PDF file.
Web page for an immediately executed analysis task
You can query the high-risk, medium-risk, and low-risk policies of a specific device. If
needed, you can also query the risk rule matched by a risky policy.

eSight
Figure 2-103 Policy risk analysis result
Figure 2-104 Detailed risk analysis result of every policy
l Policy comprehensive analysis

The Secure Center can comprehensively analyze firewall security policies. Based on the
comprehensive analysis result (number of redundant policies, risky policies, and
unmatched policies) and the health degree algorithm, the Secure Center provides a score
for policy configuration on each firewall, helping the administrator understand the
overall O&M condition of firewall policies.
The comprehensive analysis task can be executed manually or periodically. The analysis
result is displayed as lists and pie charts. You can obtain the device policy overview and
device health degree historical curve and export the analysis result to a PDF report.

eSight
Figure 2-105 Comprehensively policy analysis result
Firewall Policy Management

l Common object configuration
You can create, delete, modify, and query common objects, such as address sets, time ranges,
and services, in a centralized manner.
Figure 2-106 Creating an address set

eSight
Figure 2-107 Creating a user-defined service
l Access control policy configuration

The Secure Center provides the access control function. You can configure an access
control policy based on the source address, destination address, service, and time range
and set the action to permit or block.
The Secure Center supports the creation, deletion, modification, and copying of security
policies for devices and device groups.

eSight
Figure 2-108 Creating a firewall security policy
l Content security policy configuration

The Secure Center supports IPS and AV policy configuration to control the content security
for security zones, prevent hacker intrusion and virus spread, and secure enterprise networks.

eSight
Figure 2-109 Creating a content security policy
Figure 2-110 IPS policy template
The Secure Center provides a default IPS policy template and supports user-defined
signatures.

eSight
Figure 2-111 AV policy configuration
l Policy query
You can query policy deployment status and policy context (interzone policy priorities) on the
Security Policy page. Top policies are matched first.
Figure 2-112 Policy query page
l Policy deployment
The Secure Center supports centralized and batch policy deployment. After centralized policy
configuration is complete, you can select physical or virtual firewalls and click Deploy to
deliver security policies in batches, greatly reducing O&M workload.

eSight
Figure 2-113 Security policy deployment
Figure 2-114 Policy deployment result
l Policy discovery
The Secure Center supports centralized and batch policy discovery. You can synchronize
policies configured on managed devices to the eSight.

eSight
Figure 2-115 Batch policy discovery
l Policy removal
The Secure Center supports centralized and batch policy removal. When the network is
reconstructed or migrated, you can remove unneeded policies by one-click to secure
enterprise information.
Figure 2-116 Batch policy removal
NGFW Security Policy Management

l Common object configuration
You can create, delete, modify, and query common objects, such as address sets, time ranges,
and services, in a centralized manner.

eSight
Figure 2-117 Creating an address set
Creating a time range

eSight
Figure 2-118 Creating a user-defined service.

eSight
Figure 2-119 Creating a service set
Figure 2-120 Create an Internet access user

eSight
Figure 2-121 Creating an Internet access user group
Figure 2-122 Creating an user-defined application

eSight
Figure 2-123 Creating an application group

eSight
Figure 2-124 Creating a user-defined signature
l Access control policy configuration for a NGFW firewall

The Secure Center provides the access control function. You can configure an access
control policy based on the source address, destination address, service, and time range
and set the action to permit or block.
The Secure Center supports the creation, deletion, modification, and copying of security
policies for devices and device groups.

eSight
Figure 2-125 Creating a firewall security policy for a NGFW firewall
l Content security policy configuration

The Secure Center supports IPS and AV policy configuration to control the content security
for security zones, prevent hacker intrusion and virus spread, and secure enterprise networks.

eSight
Figure 2-126 Creating a content security policy

eSight
Figure 2-127 Creating an IPS policy
The Secure Center provides a default IPS policy template and supports user-defined
signatures.
l Security policy query
You can query policy deployment status and policy context (interzone policy priorities) on the
Security Policy page. Top policies are matched first.
Figure 2-128 Security policy query page
l NGFW firewall security policy deployment
The Secure Center supports centralized and batch firewall security policy deployment for
NGFW firewalls. After centralized policy configuration is complete, you can select physical
or virtual firewalls and click Quick Deploy to deliver security policies in batches, greatly
reducing O&M workload.

eSight
Figure 2-129 Security policy deployment
Figure 2-130 Security policy deployment result
Switch Policy Management

l Access authentication policy configuration
The Secure Center supports centralized and batch configuration of access authentication
policies for Huawei switches.

eSight
Figure 2-131 Creating an access authentication policy
When creating an access authentication policy, you must select an AAA template, a user
permission template, and an 802.1x template as well as the bound device or device group.

eSight
Figure 2-132 Binding a device or device group

eSight
Figure 2-133 Creating an AAA template
Figure 2-134 Creating a user permission template

eSight
Figure 2-135 Creating an 802.1x template
l Consistency audit on access authentication policies
The Secure Center supports manual or periodic consistency audit on access authentication
policies configured for switches. The audit result can be exported as a report. You can also
view details about consistency comparison.
Figure 2-136 Policy consistency audit
AR Policy Management
l AR security policy configuration
The Secure Center supports centralized and batch configuration of security policies for
Huawei ARs.

eSight
Figure 2-137 Quickly creating interzone policies
You can use the quick deployment function to deploy an interzone policy to multiple ARs
when creating the interzone policy or deploy policies in batches after the interzone policy is
created.

eSight
Figure 2-138 Quickly deploying AR interzone policies
ACL Management
l Basic ACL configuration
You can create, delete, copy, and modify basic ACLs.

eSight
Figure 2-139 Creating a basic ACL
l Advanced ACL configuration

You can create, delete, copy, and modify advanced ACLs and import advanced ACLs
from a text file.
Figure 2-140 Creating an advanced ACL
2.2.24 LogCenter Management

eSight LogCenter is a unified security service management system developed by Huawei for
telecom carriers and industry customers. Characterized by high integration and reliability,
eSight LogCenter offers comprehensive Logs analysis, and audit over Huawei security
products.

eSight
Unified Log Management and Analysis

With a large number of routers, switches, and firewalls deployed on internal networks,
enterprises are facing a series of problems in unified log management, such as inconsistent log
formats, poor readability, and difficulty in massive log storage. The normal NMS finds
difficulty in discovering potential security risks from logs in real time.
eSight LogCenter, however, can address the preceding problems. It can collect log files in
diverse modes, including SYSLOG, SESSION, SFTP, FTP (both static and dynamic), and
WMI (supported only on the Windows operating system). After logs are collected from
application systems and NEs, eSight LogCenter can classify, filter, consolidate, analyze, store,
and monitor the logs. These functions enable administrators to manage massive logs in a more
efficient manner to keep abreast of the running conditions of network and security NEs, learn
Internet user behaviors, and quickly identify and eliminate security threats.
In addition to unified log management, eSight LogCenter generates alarms in real time when
detecting exceptions from logs.
NAT-based Traceability
eSight LogCenter provides Network Address Translation (NAT)-based traceability of Internet
user behaviors. When tracing Internet user behaviors, eSight LogCenter collects session logs
from network and security NEs such as MA5200G, NE40E/80E, and USG firewalls. Then
eSight LogCenter analyzes the logs in combination with user data sources (such as the AAA
server) to obtain NAT information. NAT information includes the destination IP address,
destination port, source IP address, and protocol.
Internet Behavior Management

In the Internet behavior management scenario, eSight LogCenter collects and analyzes session
and security logs of NEs (such as USG firewalls) to learn Internet user behaviors (such as
P2P, email, HTTP, MSN, and QQ). Then eSight LogCenter queries and analyzes users'
Internet traffic, online time length, keywords, web access, mail sending and receiving,
application usage, network threats encountered, and file transfer operations. Administrators
can use the analysis results to manage Internet user behaviors.
2.3 Unified Communications & Collaborations

Management
2.3.1 Unified Communications Management

eSight provides a Unified Communications (UC) Device Manager component that offers an
array of operation, administration, and maintenance (OAM) functions for the UC system.
These functions include simplified UC device configuration, wizard-based service installation
and configuration, one-stop service rollout, end-to-end visual network surveillance, and
intuitive display of fault information.
NOTE
To use these functions, users must have the UC Device Manager installed.

eSight
2.3.1.1 Managing UC Devices

eSight supports unified management of a variety of UC devices, including IP PBXs, U2900s,
EGWs, IADs, and UAP3300s, and so on.
2.3.1.1.1 IP PBX Management

eSight provides creating a default subnet, connecting an IP PBX to the eSight, device
management, service management, configuration management, alarm management,
performance management.
Creating a default subnet

Create a default subnet on the eSight after configuring the IP address of an IP PBX so that the
IP PBX can use eSight functions.
Connecting an IP PBX to the eSight

The eSight provides three connection methods for IP PBXs:
l (Recommended) Batch import: In the template provided by the eSight, add the IP
address, physical SN, and media gateway of each IP PBX to connect to the eSight and
import information from the template to the eSight.
l Automatic discovery: After the eSight IP address is configured on IP PBXs, the eSight
uses its automatic discovery function to connect to the IP PBXs.
l Manual addition: After setting protocol parameters on IP PBXs, you can manually
connect the IP PBXs to the eSight one by one.
Device Management
l Device Information
Used to view detailed IP PBX information, including the system, license, version, and
patch information.
l Ping Test
Used to test the network connection status between the IP PBX and other devices in the
network.
l Tracing Signaling
Used to trace protocol messages, connection of port signaling links, and service flows in
real time, which helps to quickly locate faults.
l Traffic Statistics
Used to collect statistics on the number of global Real-Time Transfer Protocol (RTP)
messages, number of SIP sessions, number of SIP sessions on the outgoing trunk,
number of SIP sessions on the incoming trunk, and duration of a SIP session.
l Command Tree
Used to display common IP PBX commands in tree structure.
l Configuration Backup and Restore
Used to back up and restore the IP PBX configuration data.
l Operation Log
Used to record user operations and results.

eSight
l Run Log
Used to record logs of the info, warning, and error levels during the IP PBX operation.
l Device Panel
The IP PBX panel provides a simulation graphical user interface (GUI) where you can
manage IP PBX's components, for example, boards.
Figure 2-141 Device panel
l Trunk Tracing
Used to query the number of trunks that are occupied in real time and the number of
trunks that were occupied during a historical period, which facilitates trunk monitoring
and expansion.
l DSP Tracing
Used to query the number of DSP resources that are occupied in real time and the
number of DSP resources that were occupied during a historical period.
l Patch Management
Used to view, load, activate, deactivate, save, delete, and refresh patches of the IP PBX
boards.
Service Management
PBX Resource Statistics contains PRA Resource Statistics, User Resource Statistics, and DSP
Resource Statistics.
l PRA Resource Statistics

Primary Rate Adaptation (PRA) trunk is a type of digital circuit trunk. PRA trunks use
E1 or T1 trunk cables to connect to peer devices. PRA Resource Statistics helps you
directly learn about IP PBX device PRA resource usage in real time.
l User Resource Statistics
User Resource Statistics helps you directly learn about the number of calling users, total
number of users, and call rate to facilitate IP PBX management.
l DSP Resource Statistics
Digital Signal Processor (DSP) is a micro processor that is dedicated to processing
digital signals in real time. DSP Resource Statistics helps you directly learn about IP
PBX device DSP resource usage in real time.

eSight
You can configure SIP trunks, active and standby servers, and software parameters for IP
PBXs in batches.
Alarm Management
For details, see Alarm Management in Functions and Features.
Performance Management
For details, see Performance Management in Functions and Features.
2.3.1.1.2 U2900 Management

eSight provides creating a default subnet, connecting a U2900 device to the eSight, device
management, certificate management, alarm management.
Introduction
The U2900 series consist of the U2980 and U2990. Two types of NEs are mounted to the
U2900, that is, Common Desktop Environment (CDE) and UAP. When you add a U2900 on
eSight, the CDE and UAP are added automatically.

Create a default subnet on the eSight after configuring the IP address of a U2900 device so
that the U2900 device can use eSight functions.
Connecting a U2900 device to the eSight

U2900 devices use the operation and maintenance unit (OMU) to connect to the eSight. You
can only manually add U2900 devices one by one and do not need to set device protocol
parameters.
Device Management
eSight enables you to view the following information on either simulated panel:
l Real-time status of boards and USM servers
l Time sequence of a Circuit Interface Unit (CIU) board

eSight
Figure 2-142 U2900 device panel

eSight
For more information about the device panel of U2900, please see the Product Documentation
of U2900.
Certificate Management
When any certificate updates or a customer wants to use their own certificates, upload the
new certificates. The U29XX certificate management function allows you to replace the built-
in certificate files of the eSight. After certificates are updated on the eSihgt, U2900 series
devices obtain the new certificates from the eSightr.
Alarm Management
2.3.1.1.3 USM Management

eSight provides creating a default subnet, connecting a USM device to the eSight, device
management, certificate management, alarm management.

Create a default subnet on the eSight after configuring the IP address of a USM device so that
the USM device can use eSight functions.
Connecting a USM device to the eSight

USM devices use the operation and maintenance unit (OMU) to connect to the eSight. You
can only manually add USM devices one by one and do not need to set device protocol
parameters.
After setting protocol parameters on USMs, you can manually connect the USMs to the
eSight one by one.
Alarm Management
2.3.1.1.4 EGW Management

eSight provides creating a default subnet,connecting an EGW to the eSight, device
management, configuration management, alarm management.

Create a default subnet on the eSight after configuring the IP address of an EGW so that the
EGW can use eSight functions.
Connecting an EGW to the eSight

The eSight provides three connection methods for EGWs:

eSight
l (Recommended)Automatic discovery: After the eSight IP address is configured on

EGWs, the eSight uses its automatic discovery function to connect to the EGWs.
l Manual addition: After setting protocol parameters on EGWs, you can manually connect
the EGWs to the eSight one by one.
Device Management
Device management includes Basic Settings, LAN, Voice Settings and Alarm
Management.
eSight enables you to upgrade EGWs in batches. You can upgrade EGWs immediately or at a
scheduled time.
Alarm Management
2.3.1.1.5 IAD Management

eSight provides creating a default subnet, connecting an IAD to the eSight, device
management, configuration management, alarm management, performance management.

Create a default subnet on the eSight after configuring the IP address of an IAD so that the
IAD can use eSight functions.
Connecting an IAD to the eSight

The eSight provides three connection methods for IADs:
l (Recommended) Batch import: In the template provided by the eSight, add the IP
address, media gateway, user name and password of each IAD to connect to the eSight
and import information from the template to the eSight.
l Automatic discovery: After the eSight IP address is configured on IADs, the eSight uses
its automatic discovery function to connect to the IADs.
l Manual addition: After setting protocol parameters on IADs, you can manually connect
the IADs to the eSight one by one.
Device Management
l Basic Configuration
– Network Parameters
Used to set the IAD network parameters, including Device IP, Subnet mask,
Gateway, and DNS.
– NMS
Used to set the parameters for connecting IADs to the eSight, including the eSight
IP address, Read/Write community, Port, and Handshake interval.
– Device Time

eSight
Used to set the IAD time. You can manually set the IAD time or set the IAD time to
the current time of the eSight.
l Advanced Configuration
– Protocol Change
Used to change the protocol type used by IADs.
– Trap Function
Used to set whether to allow IADs to report Trap messages to the eSight.
– RTCP Alarm Threshold
Used to set the Real-Time Transport Control Protocol (RTCP) alarm threshold.
– Port Lock Threshold
Used to set the duration between the time when the port lock alarm is generated and
the time when the port lock alarm is reported.
l Service Configuration
– Service Configuration (MGCP)
Service Configuration (MGCP) includes Fax Parameters, DTMF Digit Collection,
MGCP Authentication, MGCP Parameters, MGC, MG Interface Parameters,
TOS/COS and Port Attributes.
– Service Configuration (SIP)
Service Configuration (SIP) includes Digitmap, Proxy Server, Voice Parameters,
Fax Parameters, DTMF Digit Collection, Local switching, Local-Switching Route
and so on.
l System Tool
– Versions
Used to query the IAD version information.
– Ping Test
Used to check whether the IAD can ping the destination IP address.
– Configuration Backup and Restore
Used to back up and restore the IAD configuration data.
– SIP User Info Backup and Restore (using SIP protocol)
Used to back up and restore the SIP user information.
– DSP Channel Status
Used to view the DSP channel status.
– MG Link Status
Used to view the MG link status.
– Port Statistics
Used to view the status of all IAD service ports.
– Configuration Saving
Used to save the IAD configurations.
– Configuration Restore
Used to restore IAD configurations.
– Device Restart
Used to restart the IAD.

eSight
– Country Code Query

Used to view the country code of the area to which the IAD belongs.
l Batch Configuration
With the batch configuration function, you can set a parameter in multiple IADs to the
same value. The following items can be configured in batches: network parameters,
protocol change, proxy servers, network management system (NMS) parameters, saving
configuration, read community and write community.
l Upgrade
– Manual upgrade
Users can manually upgrade IADs one by one and in batches on eSight. All the
IADs can be upgraded using the host software, except for the IAD132E (T) that
must be upgraded using the Complex Programmable Logic Device (CPLD)
software. Users can upgrade IADs immediately or at a scheduled time on eSight.
– Automatic upgrade
After the automatic upgrade function is enabled, the IAD periodically detects the
upgrade file on the File Transfer Protocol (FTP) server and automatically upgrades
the software. This function simplifies the upgrade of a large number of IADs.
Alarm Management
2.3.1.1.6 UAP3300 Management

eSight provides creating a default Subnet, connecting an UAP3300 to the eSight, device
management, alarm management.
Creating a default Subnet

Create a default Subnet on the eSight after configuring the IP address of an UAP3300 so that
the UAP3300 can use eSight functions.
Connecting an UAP3300 to the eSight

The eSight provides two connection methods for UAP3300s:
l Automatic discovery: After the eSight IP address is configured on UAP3300s, the eSight
uses its automatic discovery function to connect to the UAP3300s.
l Manual addition: After setting protocol parameters on UAP3300s, you can manually
connect the UAP3300s to the eSight one by one.
Device Management
Device management includes Manage Service and Alarm Management.

eSight
Alarm Management
2.3.1.2 Managing UC Applications

eSight enables users to manage UC devices (eCCAS, BMP, AA, MAA, OBG, CallAS,
Meeting AS, Meeting MS, PGM, Portal, eConf Portal, SEE, AP, Presence, Group and
Message) in the eSpace UC solution. The management functions include creating an UC
subnet, device management, single sign-on (SSO), alram management, performance
management.
Creating an UC subnet
After UC subnets are created, the eSight automatically adds an UC device to the matching
subnet.
Device Management
eSight provides configuration management (including database, service, and system
configuration management) for the AA, OBG, Call AS, PGM and so on.
l Managing the BMP
The eSight provides the alarm management and BMP manager functions for the BMP.
– BMP System: Opens the BMP Manager page.
– Database Config: Configures information about the BMP database to be connected.
The Database Config is used to connect the database of BMP, and synchronize the
user name from the BMP to eSight.
– Operation Log and Security Log: Queries BMP operation logs and security logs.
Logs that have been recorded in the database are queried. If no log has been
recorded in the database, no data will be found.
l Managing the AA
The eSight provides the configuration management, alarm management, and
performance management functions for the AA.
AA Config: Adds, modifies, deletes, synchronizes, imports, or exports AA configuration
information.
l Managing the Call AS
The details of Call AS manager functions as following:
– CTD_AnncFileName: Adds, modifies, deletes, synchronizes, imports, or exports
voice files.
– CalleePAS and CallerPAS: Processes CTD service internal logic.
– Default Language: Sets the default language.
– ESG Service Name: Configures the ESG service name.
– Max Call Time: Configures the maximum call duration.
– Head Route Value: Configures the route header. Enter the route header in the same
format of the default route header.
l Managing the PGM
The eSight provides the configuration management, alarm management, and
performance management functions for the PGM.

eSight
The details of PGM manager functions as following:

– svc_chat: Configures the NetworkProperties and ChatroomProperties.
– PGMConfig Properties: Configures the PGMCommonConfig, GroupConfig,
MessageConfig_GM, MessageConfig_SM, MessageConfig_SM_SPInfo, Incre
Sync and CdrSwitch.
l Managing the Meeting AS
The eSight provides the alarm management, performance management, and license
management functions for the Meeting AS.
View License: Views, refreshes, and uploads licenses and obtains ESNs.
l Managing the MAA
The eSight provides the alarm management functions for the MAA.
l Managing the Meeting MS
The eSight provides the alarm management and performance management functions for
the Meeting MS.
l Managing the SEE
The eSight provides the configuration management and alarm management functions for
the SEE.
The details of SEE manager functions as following:
– SDU
– SipServer
– NumberAnalyze
– SIPDisplaycher
– GUID
– LicenseService
– CDRServer
– HTTPAdapter
– ENIPCore
Sevice Management
l Business Trace
After creating a message tracing task for managed objects, a user can trace the messages
between the managed objects, and view tracing results in figures and tables. You can
trace messages in the User Trace and Scene Trace modes.
l Terminal Voice Quality
Terminal voice quality evaluates IP phone (eSpace 7910, eSpace 7950 and eSpace 8950)
and eSpace Desktop voice quality. The evaluation result can be displayed on the eSight
as reports, helping locate and rectify faults.
l Monitoring service status
The function is used to monitor the running status of all eSpace UC solution NEs and the
database, helping locate and rectify onsite faults.
l Collecting service logs
The eSight can collect logs of eSpace UC solution NEs to help maintenance personnel
analyze and locate faults.

eSight
SSO
eSight supports the SSO function. If users have logged in to the BMP, they can log in to
eSight directly without being authenticated.
Alarm Management
Topology Management
For details, see Topology Management in Functions and Features.
Managed Objects
l BMP
The Business Management Platform (BMP) provides unified service management for
eSpace UC clients. It supports a wide array of services. After logging in to the BMP, the
enterprise administrator can maintain enterprise information and register and deregister
enterprise members.
l Portal
The Portal is designed for enterprise users who have registered with eSpace UC. After
logging in to the Portal, enterprise users can maintain their personal information and
configure service functions such as Do-Not-Disturb (DND), call transfer, and advanced
secretary.
l MAA
The Multimedia Authentication Answer (MAA) connects third-party clients, especially
mobile clients, to ASs and provides the following functions:
– Interface conversion: The MAA converts various interface messages from eSpace
UC's ASs into Transmission Control Protocol (TCP) interface messages and sends
them to third-party clients.
– Client session maintenance: After third-party clients connect to the MAA, the MAA
generates a session for each client and maintains the session status based on the
client status.
– Service processing: The MAA processes service logic, such as the logic for
heartbeat mechanism, reconnection after a short disconnection, and IM timeout
processing.
– TCPAdapter: A mobile terminal service module. It maintains sessions between the
UC system and mobile terminals and processes TCP messages received from
mobile terminals.
l AA
The Access Agent (AA) is responsible for eSpace Desktop access and authentication.
eSpace Desktop obtains login information from the AA and invokes the AA interface to
gain access to services such as calling, instant messaging, and conferencing.
l OBG

eSight
The Open Business Gateway (OBG) provides a service openness and integration
platform. It connects to or integrates with the IT, Social Networking Site (SNS), and
Internet systems of enterprises.
l Call AS
The Call AS is a core component of eSpace UC and provides call control and service
processing capabilities.
l PGM
– MESSAGE
The MESSAGE carries out messaging services and provides a uniform and
integrated message processing center. Thus, users can experience uniform
messaging services. As a messaging platform independent of services, the
MESSAGE processes basic message flows. The basic message flows include the
following: Message accessing, Protocol adapting, Message storing, Service
triggering and Message scheduling.
– Presence
The Presence publishes and subscribes to presence information of each presentity as
well as update presence information status in real time.
– Group
The Group is a server that manages resource lists. Physically, the Group is an
independent server or a two-node cluster.
– AP
The AP consists of the APService and PolicyService. The AP accesses,
authenticates, and dispatches XCAP messages, and allows you to query route
information.
The PGM cooperates with eSpace UC clients to provide the following functions:
– Presence: The real-time status of each enterprise user is displayed on the UC client
so that users can view their contact status in real time. Based on a contact's status,
such as online, offline, busy, or away, an enterprise user can select a proper way to
reach the contact.
– Instant messaging: An enterprise user can send an instant message to an individual
contact, contacts in a contact group, or contacts in a temporary group.
– Enterprise address book (also known as the corporate directory): The enterprise
address book contains the contact information of departments and employees. The
enterprise administrator manages and maintains the enterprise address book on the
BMP.
– Personal address book: An enterprise user has a personal address book to store
contact information. The user manages and maintains the personal address book on
the UC client.
l Meeting AS
The Meeting AS is a meeting control server that provides meeting control and
management functions.
l Meeting MS
The Meeting MS is a video and data meeting application server that provides multimedia
meeting capabilities, including video, screen sharing, file transfer, whiteboard, and text
chatting services.
l SEE

eSight
The SEE allows network protocols to be accessed. The SEE loads and executes all types
of service logic.
2.3.1.3 Managing Meeting Applications

eSight enables users to manage meeting devices (Meeting AS, eConf Portal and Meeting MS)
in the eSpace Meeting system. The management functions include creating a default subnet,
connecting device to the eSight, device management, alarm management.
Creating an UC subnet
After UC subnets are created, the eSight automatically adds meeting applications devices to
the matching subnet.
Device Management
l Managing the Meeting AS
The eSight provides the alarm management, performance management and Meeting AS
manager functions for the Meeting AS.
Meeting AS manager functions: The eSight allows you to configure the following related
to the Meeting AS: AS global parameters, Meeting global parameters, Call global
parameters, Call billing parameters, CSipServer module, Database parameters, IVR
parameters, FTP parameters, Meeting MS parameters, Resource parameters and SIP
head and protocol stack parameters.
l Managing the eConf Portal
the eConf Portal.
l Managing the Meeting MS
the Meeting MS.
Alarm Management
Topology Management
Managed Objects
l Meeting AS
As the core component in the eSpace Meeting system, the Meeting AS controls and
connects other components in the system, manages all meeting services, functions as a
bridge between multiple meeting systems to expand the meeting capacity, connects a
gateway to transmit voice data, read license information, generates meeting event detail
records (EDRs), and provides interfaces for external components.
l eConf portal
The eConf portal allows enterprise users to create instant conferences and scheduled
conferences, and to manage those conferences. When creating a conference, users can set

eSight
conference information including the topic, duration, and participants. Two types of
conferences are supported: voice conference and multimedia conference.
l Meeting MS
The Meeting MS provides multimedia conference functions in the eSpace Meeting
system, including text, voice, and video communication, desktop sharing, file transfer,
and e-whiteboard.
2.3.1.4 Managing CC Applications

eSight provides CC devices (BIR, CMS, CTI and eSpace Agent Desktop) (old version
applications: Agent, ICS, Intelligent Scripting and HPS) for the eSpace Contact Center (CC)
solution, including creating a CC subnet, device management, alarm management.
Creating a CC subnet
After CC subnets are created, the eSight automatically adds a CC device to the matching
subnet.
Device management
l CTI device management: managing CTIs in the aspect of CTI Netent Management, CTI
Web Connect, alarm management, and performance management.
l BIR, CMS and eSpace Agent Desktop device management: managing BIRs, CMSs and
eSpace Agent Desktops in the aspect of alarm management.
Alarm Management
Topology Management
Managed Objects
l BIR
BIR, a report system deployed in browser/server (B/S) mode, provides complete and
flexible web-based report application services such as generating, distributing, and
managing reports. It supports manual report and periodic report generation,
comprehensive report distribution, and powerful data collection.
l CMS
CMS is an integral part of the eSpace CC solution and provides quality management and
monitoring functions.
l CTI
The CTI combines telephony and data communications technologies to distribute various
call types to the appropriate users.

eSight
l eSpace Agent Desktop

eSpace Agent Desktop is a comprehensive call processing system based on Huawei
eSpace CC. It provides agent services for Huawei eSpace CC-enabled enterprises and
enables attendants of such enterprises to process calls, manage recording files, and
monitor incoming calls in real time.
l Agent
Agent is a comprehensive call processing system based on Huawei eSpace CC. It
provides agent services for Huawei eSpace CC-enabled enterprises and enables
attendants of such enterprises to process calls, manage recording files, and monitor
incoming calls in real time.
l ICS
ICS is a social media service system based on Huawei eSpace CC. It helps enterprises
search out the most desired information from massive microblog information based on
keywords. In addition, it saves the microblog information, according to which the service
representatives of enterprises can answer questions and handle issues raised by
customers.
l Intelligent Scripting
Intelligent Scripting is a questionnaire system and allows users to release questionnaires
(designed with the aid of the SDT component) to the questionnaire server. The
questionnaires can be obtained when released to the questionnaire server. The Intelligent
Scripting can be integrated with agents. After the integration, the system, once detecting
hotline calls, displays corresponding questionnaires for attendants, helping attendants to
complete the questionnaire survey.
l HPS
HPS is a configuration and management system for outbound call services. It helps
improve the work efficiency of attendants, reduce the Operating Expense (OPEX), and
increase customer satisfaction.
2.3.1.5 Managing VTM Devices

eSight enables users to manage the Virtual Teller Machine (VTM) Manager and VTM
terminals contained in the Huawei eSpace VTM remote bank solution. The management
functions include creating a default subnet, connecting device to the eSight.

Create a default subnet on the eSight after configuring the IP address of a device so that the
device can use eSight functions.
Connecting device to the eSight

After setting protocol parameters on IP PBXs, you can manually connect the IP PBXs to the
eSight one by one.
Managed Objects
l VTM Manager
The VTM Manager, a component of the Virtual Teller Center (VTC), is used to remotely
monitor, maintain, and manage VTM terminals. It provides VTM terminal status
information and service reports.

eSight
l VTC
The VTC provides remote virtual teller services for customers. The VTC system
includes a MCC module and a MCMS module. The MCC controls calls and provides
interfaces for information query; The MCMS is used by inspectors to monitor tellers,
check teller service quality, and manage the system.
2.3.1.6 Managing UC Outsourced Devices

eSight enables users to manage UC outsourced devices, including SBCs, GS8s, VCLOGs, and
Movius Unified Messaging System (UMS). The management functions include creating a
default subnet, configuration and upgrade management.

Create a default subnet on the eSight after configuring the IP address of a device so that the
Connecting a UC outsourced device to the eSight

l SBC
– Batch import: In the template provided by the eSight, add the IP address, physical
SN, and media gateway of each SBC to connect to the eSight and import
information from the template to the eSight.
– (Recommended) Automatic discovery: After the eSight IP address is configured on
SBCs, the eSight uses its automatic discovery function to connect to the SBCs.
– Manual addition: After setting protocol parameters on SBCs, you can manually
connect the SBCs to the eSight one by one.
l GS8
– Automatic discovery: After the eSight IP address is configured on GS8s, the eSight
uses its automatic discovery function to connect to the GS8s.
– Manual addition: After setting protocol parameters on GS8s, you can manually
connect the GS8s to the eSight one by one.
l VCLOG, UMS
After setting protocol parameters on devices, you can manually connect the devices to
the eSight one by one.
Device Management
Device management includes Basic configuration and Alarm Management.
eSight provides the system, network, and routing configuration functions for SBCs. SBCs can
be restarted one by one or in batches on eSight.
Upgrade Management
eSight enables users to bulk upgrade SBCs immediately or at a scheduled time.

eSight
Alarm Management
2.3.1.7 Voice Quality Monitoring

eSight monitors voice quality of gateways and terminals.
Introduction
eSight monitors voice quality of the following gateways and terminals:
l Gateways
eSpace U1981, eSpace U1980, eSpace U1960, eSpace U1930, eSpace U1910,
SoftCo9500, SoftCo5500, and IAD1224.
l Terminals
eSpace Desktop, eSpace 7910, eSpace 7950 and eSpace 8950.
Gateway Voice Quality Monitoring

The gateway voice quality monitoring includes:
l Monitoring management
You can configure monitored subnets and NEs, start time and end time of a monitoring
task, and data collection periods on eSight. Then, eSight delivers configuration data to
NEs while the NEs report QoS data to eSight.
l Data viewing
eSight provides the Detailed Data, Report Data, and Report View tab pages for you to
view the voice quality, MOS, time delay, jitter, and packet loss rate. eSight enables you
to query data depending on the calling or called area, device, number, and time range.
Figure 2-143 Gateway data report view
l Data sampling
eSight enables you to view the calling and called numbers that are involved in a call with
the maximum or minimum MOS, time delay, jitter, or packet loss rate.

eSight
l Report export
eSight enables you to export data from the Report Data and Report View tab pages.
Terminal Voice Quality Monitoring

The terminal voice quality monitoring includes:
l Data viewing
eSight provides the Detailed Data and Report View tab pages for you to view the voice
quality, MOS, time delay, jitter, and packet loss rate. eSight enables you to query data
depending on the calling or called area, device, number, and time range.
Figure 2-144 Terminal data report view
l Data sampling
eSight enables you to view the calling and called numbers that are involved in a call with
the maximum or minimum MOS, time delay, jitter, or packet loss rate.
l Report export
eSight enables you to export data from the Detailed Data and Report View tab pages.
Threshold Crossing Alert

You can set the conditions for generating or clearing alarms. For example, when the MOS
exceeds the threshold for N consecutive times, an alarm is automatically generated.
2.3.1.8 Managing the certificate

eSight provides certificate management to meet the network device certificate change
requirements.
eSight enables users to upload a certificate to the eSight. Devices can obtain the uploaded
certificate from the eSight.
NOTE
It is recommended that the default certificate and pubic/private key pair be replaced with the certificate
and public/private key pair provided by the enterprise after the eSight is installed.

eSight
eSight provides certificate management for multiple devices including the eSpaceU29XX
series, IP phones, eSpace Desktops. For details about device models, see the eSight
Specification List.
2.3.1.9 Device Information Export

eSight enables you to export device information to .csv and .xls files, including the device
name, type, IP address, version information, model, and description.
2.3.2 Telepresence Meeting Management

eSight provides a Telepresence Device Manager component that offers an array of OAM
functions for the telepresence system, which ensures better device management. These
functions include the meeting resource discovery and system topology display management.
Users can view the alarm data of telepresence devices to learn about the device running status
and quickly locate faults.
NOTE
To use these functions, users must have the Telepresence Device Manager installed.
2.3.2.1 Telepresence Device Management

eSight enables users to manage telepresence devices. The management functions include
creating a default subnet, connecting device to the eSight, device management, service
management, alarm management, managed objects.

Create a default subnet on the eSight after configuring the IP address of an device so that the

l Terminal(TE, VCT, DP300), MCU, TP(RP), GK
– Automatic discovery: After the eSight IP address is configured on devices, the
eSight uses its automatic discovery function to connect to the devices.
– Manual addition: After setting protocol parameters on devices, you can manually
connect the devices to the eSight one by one.
l TP(Tri-Screen, Uni-Screen, TP codec)
After setting protocol parameters on devices, you can manually connect the devices to
the eSight one by one.
Device Management
l TE
Basic configuration, User settings, SIP parameter, Network configuration, SNMP
parameter, Audio parameter, Network address book
l MCU
– System configuration: Set device time, Automatic Restart Configuration, RTP
configuration, FTP configuration, Qos configuration, DNS configuration
– Network configuration: Network configuration, SNMP configuration, Trap
configuration

eSight
– Signal configuration: H323 configuration, Gatekeeper configuration, SIP

configuration
l TP
System configuration: Gatekeeper configuration, SIP configuration
Service Management
eSight collects and processes data about devices in the telepresence system so that the
administrator can learn about the device status and network conditions of the telepresence
system.
l Configuration SMC
You can configure SMC network connections on eSight to implement the network
diagnosis functions for the telepresence system.
l Network Diagnostics before Meeting
You can perform network connection diagnosis for the MCU of a scheduled meeting
room.
l Conference Network Diagnostics
eSight obtains route information from the MCU and collects statistics on the devices that
support network connection diagnosis along the route.
Alarm Management
Managed Objects
l Terminal
In the telepresence system, terminals are endpoints that encode and decode audio and
video signals.
l MCU
The Multipoint Control Unit (MCU) is used for terminal access, video exchange, audio
mixing, data processing, and signaling exchange.
l TP
TP is a telepresence product developed by Huawei. It uses high-definition video
encoding and digital image stitching technologies, bringing true-to-life widescreen video
images. It also adopts professional multi-channel audio capture and reproduction
technologies to achieve superior surround sound localization. Using the TP, users can
enjoy remote conferencing with life-size participant display and face-to-face experience.
l GK
The gateway keeper (GK) is a core component of the telepresence system. It is located at
the network control layer to manage nodes including the MCU, terminals, and gateways.
Node management functions provided by the GK include address resolution, domain
management, access control, registration management, call management, bandwidth
management, and route management.

eSight
2.3.2.2 Network Diagnosis

eSight collects and processes data about switches and routers in the telepresence system and
displays the data on the client so that the administrator can learn about the device status and
network conditions of the telepresence system.
NOTE
If you use the telepresence conference diagnosis, the function depends on the network base management
module and the SLA module.
Connection Configuration
Users can configure SMC network connections on eSight to implement the network diagnosis
functions for the telepresence system.
Meeting Management
eSight obtains meeting information from the SMC and displays the information on the client.
Network Connection Diagnosis

Network connection diagnosis can be performed before or during a meeting.
l Diagnosis before a meeting
– Point-to-point diagnosis
The administrator can select any two video conferencing devices and enter
diagnosis parameters to diagnose the network between the two devices.
– Scheduled meeting diagnosis
After users scheduling meetings on the SMC2.0, the eSight obtains site information
about the scheduled meetings from the SMC2.0 and display the network topology
structure of the sites. The administrator can enter diagnosis parameters to perform
diagnosis for a scheduled meeting.
l Diagnosis during a meeting
The following information needs to be collected from the SMC2.0 when network
connection diagnosis is performed during a meeting:
– Meeting parameters and site information, used to display the network topology
structure between sites
– Audio, video, and demonstration stream information, and stream directions
The administrator can perform required diagnosis based on stream types and
directions without entering any diagnosis parameters.
Route Management
eSight obtains route information from the devices and collects statistics on the switches and
routers that support network connection diagnosis along the route.
2.3.3 Video Surveillance Management

eSight provides an IVS Device Manager component that offers an array of OAM functions for
the Intelligent Video Surveillance (IVS) system, which ensures better device management.
These functions include the video surveillance resource discovery, system topology display,

eSight
and performance data management. Users can view the performance and alarm data of
surveillance devices to learn about the device running status and quickly locate faults.
NOTE
To use these functions, users must have the IVS Device Manager installed.
2.3.3.1 Managing IVS Applications

eSight enables users to manage applications contained in the Huawei eSpace Intelligent Video
Surveillance (IVS) solution. The management functions include creating a subnet,connecting
device to the eSight, device management, alarm management, performance management.
Creating a subnet
l eSpace IVS solution
After IVS unified access agents are created, the eSight automatically adds an IVS device
(MAU, MPU, MTU, TAU, VMU and VCN3000)to the matching IVS unified access
agent.
l eSpace CAD solution
Create a default subnet on the eSight after configuring the IP address of an CAD so that
the CAD can use eSight functions.

After setting protocol parameters on devices, you can manually connect the devices to the
eSight one by one. The eSight provides three connection methods for devices:
Device Management
Device management includes configuration management, alarm management and
performance management.
Alarm Management
Managed Objects
l eSpace IVS solution:
– MAU: the main control unit of the intelligent analysis subsystem in the eSpace IVS
solution. The MAU manages intelligent analysis tasks and reports the analysis
results to eSight.
– MBU: a media backup unit in the eSpace IVS solution.
– MPU: a media processing unit in the eSpace IVS solution.
– MTU: a media transcoding unit in the eSpace IVS solution that is responsible for
transcoding and distributing media data.

eSight
– TAU: a terminal access unit in the eSpace IVS solution.

– VMU: a video management unit in the eSpace IVS solution.
– PU: a peripheral unit in the eSpace IVS solution that is responsible for collecting
video data.
– VNC3000: Huawei VCN3000 is an all-in-one video surveillance product that
integrates the eSpace Intelligent Video Surveillance (IVS) platform and professional
storage devices.
l eSpace CAD solution:
– CAD AppServer: a CAD application server in the eSpace CAD solution.
– AAG: a non-voice alarm access gateway in the eSpace CAD solution.
– DAG: a data access gateway in the eSpace CAD solution.
– mPortal: a management portal in the eSpace CAD solution.
– KBS: a knowledge based system in the eSpace CAD solution.
– SNS: a subordinate notice system in the eSpace CAD solution.
eSight enables users to configure the configuration files for IVS application modules. It
forwards configurations to specific modules through configuration interfaces on the UOA to
ensure data synchronization with the modules.
eSpace IVS solution application modules include the OMU, DCG, SCU, MU, PCG, MAUS,
SMU and VCN3000. For detailed module information, see the eSpace IVS Product
Documentation.
eSpace CAD solution application modules include the CAD Appserver, AAG, DAG, KBS
and SNS. For detailed module information, see the eSpace CAD Product Documentation.
2.3.3.2 Data Analysis

eSight provides diverse reports for many statistical items such as online device rate, offline
device rate, and faulty device rate. These reports can be produced immediately and
periodically, and users can export them in Excel files. eSight reports fully meet common
network operation and maintenance (O&M) requirements and provide strong data support for
device statistics.
Report Management
Users can create and manage immediate and periodic report tasks on the report management
page.
l Immediate report task
Users need to manually run an immediate report task. Once an immediate task is
executed, a report reflecting the statistics at that time is generated. Users can click the
View Report Details button to open the generated report. When viewing the report,
users also can export it in a file of the specified format if needed.
l Periodic report task
The system runs a periodic report task automatically based on the specified period of
time. Once a periodic task is executed, a report reflecting the statistics within the
specified period of time is generated and saved on eSight. Users can view and manage all
reports generated by a periodic report task.

eSight
Figure 2-145 Report management page
2.3.4 IP Phone Management

eSight provides several management functions for IP phones. They are creating an IP Phone
Subnet, connecting an IP phone to the eSight, automatic deployment, device management,
service management, configuration management.
NOTE
The management functions that the eSight provides vary depending on IP phone models. The following
describes all the functions.
Creating an IP Phone Subnet

Create an IP phone subnet and add IP phone with matching IP addresses to the subnet. The
subnet can be associated with the IP phones configuration file so that configurations in the
configuration file can be delivered to IP phones in batches.
Connecting an IP phone to the eSight

l Creating an IP Phone Subnet: Create IP phone subnets on the eSight. After you create IP
phone subnets and set IP phone TR069 parameters, IP phones are automatically added to
the corresponding subnets.
l Batch import: In the template provided by the eSight, add the IP address, physical SN,
and media gateway of each IP phone to connect to the eSight and import information
from the template to the eSight.
l Management of IP phones that match no subnet: If the IP address of an IP phone does
not belong to the IP address segment of any IP phone subnet, the IP phone is
automatically grouped to Device that Matches NO Subnet. You can modify the IP
address segment to cover this IP address, or create a subnet and add the IP phone to this
subnet.

eSight
Automatic Deployment
l Automatically delivering configuration files
Once you create a subnet, you can create a configuration file for the subnet. Then, the
eSight can automatically deliver the configuration file to an IP phone when the IP phone
is added to the subnet.
l Automatically upgrading version files
After uploading IP phone version files on the eSight, IP phones that are added to the
eSight using the automatic deployment function automatically compare their own
versions with those in the corresponding version files on the eSight. If the versions are
different, the IP phones automatically upgrade their version files.
Device Management
You can perform operations such as Device Restart, fault information collection and web
management for an IP phone on the eSight.
Service Management
Managing IP phone voice quality:
l IPT solution networking

The eSight monitors the voice quality of IP phones of IPT networking and generates an
alarm when the voice quality value exceeds the alarm threshold.
l UC solution networking
Terminal voice quality evaluates IP phone (eSpace 7910, eSpace 7950 and eSpace 7950)
and eSpace Desktop voice quality of UC solution. The evaluation result can be displayed
on the eSight as reports, helping locate and rectify faults.
l Terminal upgrade management
– Configuration File Management
Configuration file management allows you to modify common parameters in the
configuration file template to batch modify IP phone configuration parameters.
Set Configuring Policy to Full or Specified item based on the site requirements.
– Associate Configuration Files with Subnets
This function allows you to associate a configuration file with multiple subnets.
You can select the configuration file that a subnet is to associate with based on the
site requirements.
– Configuring the Upgrade Path
To prevent misoperations in the version upgrade, eSight provides the version
mappings that are not supported by different models of IP phones.
– Version Management for IP Phone Upgrade
This function allows you to upload manual version files or autodeploy version files
for a model of IP Phone.
– Upgrade Management

eSight
After version files and configuration files for IP phones are uploaded to the file
server, you can use the manual upgrade management provided by the eSight to
upgrade the version files and configuration files in batches.
– Setting Upgrade Parameters
You can set upgrade parameters for IP phones to specify the concurrent number of
the file server, number of automatic upgrade attempts, upgrade timeout period, and
concurrent number of subnets. This prevents the batch upgrade of IP phones from
occupying too much resources and causing service exceptions.
l Access Scan
When a great number of IP phones connect to the eSight, the eSight uses the access scan
function to send auto-configuration server (ACS) addresses and certificate paths to the IP
phones. After IP phones automatically update their configurations based on the
information received from the eSight, the IP phones automatically connect to
corresponding IP phone subnets.
NOTICE
The access scan function applies to eSpace 7910 IP phones and eSpace 7950 IP phones with
the version V100R001C02 or later, and eSpace 8950 IP phones with all versions.
l IP Phone Batch Configuration

Device Restart: Use the device restart function when you want to restart IP phones.
l User Information Management
eSight allows you to import user information that is exported from the BMP of the UC
solution. The user information is displayed on the IP phone management page,
facilitating IP phone management.
The eSight can poll the IP phones used by VIP users to check whether the IP phones are
online. If an IP phone is offline, an alarm is reported so that maintenance personnel can
rectify the fault in a timely manner.
l Process Heartbeat Messages Management
The Process heartbeat messages parameter on the eSight is set to No by default. That
is, the eSight does not process IP phones' heartbeat messages, helping improve the
performance of the eSight. If you want to use the automatic deployment function, you
must set Process Heartbeat Messages to Yes.
l Certificate Authority Management
An IP phone can connect to the eSight and use related management functions after
obtaining a certificate issued by the CA center. The certificate authority management can
import IP phone certificates in batches to facilitate IP phone certificate management.
l Certificate Management
When a certificate updates or the customer wants to use their own certificates, upload the
new certificates to the eSight so that IP phones can communicate with the eSight
normally.
2.3.5 Third-Party Application Management

eSight provides the alarm and performance monitoring functions for third-party application
device.

eSight
Monitoring Principle
database application devices provide the SNMP agent. Once the SNMP agent is started on
database application devices, eSight can monitor these devices.
Figure 2-146 Networking diagram for monitoring peripheral devices
On the network, the SNMP Agent and eSight server are the key components for monitoring
peripheral devices.
l SNMP agent: collects the alarm and performance data of peripheral devices and reports
the data to the eSight server.
l eSight server: stores the alarm and performance data of peripheral devices and displays
the data on the eSight client.
l Client: displays the alarm and performance data reported by peripheral devices.
l Peripheral device: collects and reports its own alarm and performance data to the eSight
server through the SNMP agent.
2.4 Server Management
2.4.1 Server Device Management

eSight offers the following server management functions: centralized server fault monitoring,
performance analysis, KVM, integrated virtual media tool. These functions greatly improve
O&M efficiency while reducing costs.

eSight
Basic Server Information
Figure 2-147 Basic server information
l Overview
– Displays basic server information and health status.
l Component information
– Displays basic component information and health status.
– The device view visually displays server rack graphs and displays basic server
information and health status.
l Tool
– Tools offer KVM and virtual media functions.
Alarm Monitoring
Alarms can be forwarded through emails and repeated alarms can be consolidated.
Figure 2-148 Alarm monitoring
Performance Analysis
eSight analyzes the following performance counters: network port performance, server power
consumption, CPU usage, and memory usage. Users can create analysis tasks to analyze
performance counters within a specific time segment.

eSight
Figure 2-149 Performance analysis
Third-Party Server Customization

eSight supports third-party server access and alarm management. Third-party server access
modes include IPMI and SNMP.
eSight manages alarms in SNMP mode. The following figure describes third-party alarms.
2.4.2 Server Stateless Computing Management

The eSight Server Stateless Computing Manager extracts server hardware configuration as a
file to flexibly change configuration, improving fault rectification and capacity expansion
efficiency.
Quick Start
Stateless computing offers quick start, guiding users to define server configurations for logic
servers. The configurations can be loaded to activate specific servers.

eSight
Figure 2-150 Stateless computing quick start
Pool Configuration
A pool defines the network adapter, HBA card, and ID information, and dynamically manages
IDs.
Figure 2-151 Pool configuration
Adapter
An adapter defines the HBA, CNA, and RAID configuration. Creating a profile requires
existing adapter information to define adapter information inside a logic server.
Figure 2-152 Adapter configuration
BIOS Policy
Users can define BIOS policies. Creating a profile requires an existing BIOS policy to define
BIOS information inside a logic server.

eSight
Figure 2-153 BIOS policy configuration
Profile
Users can use a profile to freely combine hardware configuration information, including BIOS
policy and adapter information, to form an available server with new configuration.
Figure 2-154 Profile sample
Device Set
A device set is used to manage devices that support stateless computing. Users can use device
sets to associate devices and profiles. After device sets are activated, hardware configuration
information in the profiles are applied to devices.
Figure 2-155 Stateless computing device set

eSight
Device Group
Users can divide devices in to a group where devices share the same profile, loading server
configurations in batches.
Figure 2-156 Stateless computing device group
2.4.3 Server Deployment Management

The eSight Server Device Manager allows users to configure the following information about
Huawei servers in batches: BIOS configuration, network configuration, RAID card
configuration, and operating system deployment. It also supports HBA, CNA, and software
distribution.
Configuration Template
A configuration template is used to quickly create configuration files.
Figure 2-157 Configuration template
Configuration Task Management

Users can implement, stop, delete, modify, and view configuration tasks.
Figure 2-158 Configuration task management
Software Source Management

With software source management, users can manage system mirroring files required during
operating system deployment.
Figure 2-159 Software source management

eSight
2.4.4 Firmware Version Management

The eSight Server Stateless Computing Manager extracts server hardware configuration as a
file to flexibly change configuration, improving fault rectification and capacity expansion
efficiency.
Quick Start
Stateless computing offers quick start, guiding users to define server configurations for logic
servers. The configurations can be loaded to activate specific servers.
Pool Configuration
A pool defines the network adapter, HBA card, and ID information, and dynamically manages
IDs.
2.5 Storage Management
2.5.1 Storage Device Management

The eSight provides unified management for devices of multiple types and vendors in a
graphic manner, improving O&M efficiency and lowering technical requirements for O&M
personnel.
Internal Components Management of Storage System

Provides an intuitive view of mappings among physical and logical components of the storage
system. On the view, the device status is clear, facilitating fault locating and service recovery.
l Block storage: logical relationship between front-end ports, controllers, RAID groups,
LUNs, and disks

eSight
Figure 2-160 Logical relationship (block storage)
l File storage: Shows logical mappings among front-end ports of NAS engines, NAS
engine nodes, file storage pools, data disks, and LUNs and disks of storage units.
Figure 2-161 Logical Relationship (file storage)
Capacity Usage Management of Storage Systems

l Block storage: capacity usage management of storage devices, disks, block storage
pools, and unmapped LUNs

eSight
Figure 2-162 Capacity usage management (block storage)
l File storage: capacity usage management of storage devices, file storage pools, data
disks, and unshared file systems
Figure 2-163 Capacity usage management (file storage)
Storage System Health Management

eSight analyzes storage device operating status from performance loads, abnormal indicators,
and alarm tendency and scores the health status of storage devices. This function helps detect
system performance bottlenecks and operation risks in advance and greatly improves
efficiency.

eSight
Figure 2-164 Storage system health status
Storage Network Analysis

eSight provides a professional monitoring and analysis tool designed for SAN and NAS
networks. This tool provides functions including automatic discovery of storage network
topologies, central monitoring of alarms on storage networks, and monitoring and comparison
of storage link performance. Global and custom topologies are supported. This tool drills data
to display storage resource views, storage mapping views, host path views, and logical
mappings of hosts. Those views help users to implement multi-level monitoring and analysis
of storage paths.
l Storage network topology: Monitors the full-stack topology of the storage network
where hosts, network devices, and storage devices reside. Custom topologies are
supported.

eSight
Figure 2-165 Global topology
l Host path view: Monitors physical storage paths and displays complete paths among
hosts, host disks, HBA ports, switches (ports), front-end disk array ports, disk array
controllers, disk arrays, and volumes (LUNs).
Figure 2-166 Host path view
2.5.2 Storage Report Management

The eSight provides long-time performance and capacity analysis reports for storage systems,
helping users analyze performance bottlenecks and plan capacity.
Preset report
Preset performance and capacity reports help users view storage system performance quickly
and periodically. Storage system-level performance overview shows the performance statistics
of LUNs, ports, controllers, and file systems in the latest 24 hours, 7 days, or 30 days. Object-
level performance overview shows the performance statistics of disks, ports, CPUs, LUNs,

eSight
and file systems in the latest 24 hours, 7 days, or 30 days, and sort the statistics by IOPS,
bandwidth, and delay. Resource utilization of file systems, storage pools, and thin LUNs in
the latest 24 hours, 7 days, or 30 days can be displayed.
Figure 2-167 Preset report
Customized report
Customized performance and capacity reports meet the needs of the customer. Storage system
performance overview shows the performance overview of LUNs, controllers, ports, and
disks in a past period of time. Object-level performance details show the performance
statistics of ports, controllers, LUNs, disks, CPUs, file systems, or storage pools in the past
period of time. Storage system and object-level capacity utilization reports show the capacity
usage of storage systems, file systems, storage pools, or thin LUNs in a past period of time.
Task report
Customized reports along with periodic implementation policies periodically show
performance and capacity statistics.
2.5.3 Storage Capacity Management

The capacity management component centrally analyzes capacity information about hosts,
VMs, and virtualization servers. This component provides capacity statistics, hotspot
statistics, and capacity trend forecast. Capacity usage in one week, two weeks, three weeks,
and one month can be forecasted to help users in capacity expansion.
Virtualization server capacity management

The virtualization server capacity management consists of hotspot statistics, capacity
summary, and capacity trend forecast.
Hotspot statistics display all discovered virtualization servers in lists and show current
capacity usage and capacity usage forecast in the next one month:
Capacity summary shows the capacity usage of virtualization servers' data storage and disks.
Capacity trend forecast provides the capacity usage trend in the next one month.

eSight
Host capacity management

The host capacity management consists of hotspot statistics, capacity summary, and capacity
trend forecast.
Host hotspot statistics display all discovered hosts in lists and show current capacity usage
and capacity usage forecast in the next one month. Capacity summary shows the used
capacity and allocated capacity of hosts' databases and file systems.
Capacity trend forecast provides the capacity usage trend in the next one month.

eSight
2.6 Host Management

eSight monitors the status of hardware and software resources such as host CPUs, memories,
disks, network ports, processes, and file systems, and collects their performance statistics.
Besides, on eSight, you can add links of application software.
Hosts can be managed in agent or agentless mode.
l The agentless mode features simplicity and ease-of-use. In this mode, you monitor hosts
as the operating system administrator.
l In agent mode, agents are running on hosts and provide comprehensive functions such as
performance statistics collection and alarm reporting. Host agents can be remotely
installed and upgraded.
Figure 2-168 Host management

eSight
Figure 2-169 Host agent management
2.7 Computing Virtualization Management

eSight centrally monitors and manages computing virtualization facilities such as VMware
ESX/ESXi Server, Huawei FusionCompute, and FusionAccess. Managed objects include
virtual servers, virtual machines, Datastores, and virtual switches.
Virtual Resource Management
Figure 2-170 Virtual server manager
2.8 MicroDC Management

MicroDC management implements centralized monitoring and management of Huawei micro
data centers. MicroDC management includes Quick Start, unified NE management, physical
topology, batch import, and L1 resource management. eSight provides a unified interface to
manage different types of L1 and L2 devices, increasing the operation and maintenance
(O&M) efficiency and reducing technical requirements for O&M personnel.
Quick Start
Quick Start guides you through the configuration of MicroDC racks and devices. You can
perform data configuration step by step or import a configuration file. With Quick Start, you
can quickly complete MicroDC configuration and maintenance.

eSight
Figure 2-171 eSight Quick Start
Unified NE Management
eSight provides a unified interface to implement monitoring and maintenance of the
MicroDC.
Figure 2-172 MicroDC NE manager
l View
– Basic information: provides the basic MicroDC information, uninterruptible power
supply (UPS) list, rack list, and the last 10 active alarms.
– Performance measurement: provides information about the top 5 racks sorted by
front door temperature, rear door temperature, and humidity respectively, and top 5
UPSs sorted by power consumption.
– Alarm list: displays the active alarms of all NEs in the MicroDC.
l Device topology
– eSight provides an intuitive view of MicroDC racks and implements configuration
and management of the racks.
Physical Topology
eSight provides an intuitive view of MicroDC racks and implements configuration and
management of the racks. You can also view alarms of racks and devices on this device

eSight
topology. The intuitive device topology simplifies O&M operations and increases the O&M
efficiency.
Figure 2-173 MicroDC device view
l Monitoring
– Device presentation: displays all MicroDC devices and rack locations visually.
– Alarm monitoring: displays alarms of devices in different colors.
– Video monitoring: provides web network management links through the camera
icons on the device topology. You can view video monitoring information in real
time or replay the video monitoring information.
l Management
– Rack configuration: allows you to add or delete a rack and provides a configuration
wizard to help you add racks and devices.
– Device configuration: allows you to install, uninstall, or remove devices.
– Accessory configuration: allows you to install, uninstall, or remove accessories.
MicroDC accessories include the battery pack, power distribution box (PDB), and
UPS.
Batch Import
eSight provides the batch import function, which allows you to import the MicroDC rack and
device configuration information. After the configuration information is imported, the system
automatically creates a MicroDC, adds racks and devices to the MicroDC, and generates a
device topology. With the batch import function, you can deploy the MicroDC by simply
clicking the mouse. This function greatly increases the deployment efficiency.
Figure 2-174 Batch import

eSight
L1 Resource Management
eSight provides basic management of L1 devices. L1 devices include environment monitoring
units (EMUs) and MicroDC cameras.
Figure 2-175 L1 device NE manager
l View
– Basic information: displays basic NE information. The EMU monitors power
supply information, such as the input/output voltage, input/output frequency, active
power output, load ratio, power supply mode, battery voltage, and battery remaining
capacity. Environment indicator information includes the cabinet front/rear door
temperature, cabinet humidity, cabinet front/rear door status, internal/external
smoke sensor, water sensor, and motion detection information.
– Alarm list: displays active alarms of the current NE.
l Configuration
– Web network management: allows you to configure L1 devices.
l Protocol parameters
– SNMP parameter setting: allows you to set or modify SNMP parameters.
2.9 Infrastructure Management

The eSight Infrastructure Manager provides comprehensive management functions for the
data center infrastructures, including:
l Power equipment: The power equipment includes precision air conditioners,

uninterruptible power systems (UPSs), power distribution frames (PDFs), and AC
transfer switches (ATSs). The eSight Infrastructure Manager allows you to view real-
time data of power equipment, such as the operating status, parameters, and alarm
information.
l Engine room air conditioning: The eSight Infrastructure Manager allows you to remotely
start or shut down a precision air conditioner, and change the temperature and humidity
thresholds.

eSight
l Cabinet: The eSight Infrastructure Manager manages the micro-environment of a

cabinet. This allows you to view cabinet environment information and learn about the
usage of resources, such as space, power supply, heat dissipation, and loads.
l Environment: The eSight Infrastructure Manager uses collectors to monitor environment
parameters, such as smoke, temperature, humidity, and water leakage, in a data center.
This allows you to view smoke density, temperature, and humidity in the data center or
its modules in real time.
l Security equipment: The video monitoring equipment includes cameras and network
video recorders (NVRs). The eSight Infrastructure Manager monitors the data center and
its modules in real time and stores videos for future replay.
l Access Control System: This is an integrated access card-based user management
solution, making the access right controllable and auditable.
Resource Management
The eSight Infrastructure Manager provides the following resource management functions:
l Lists the information about the selected managed devices and their sub managed devices
in three modes.
– All: lists all managed devices.
– Management domain: lists all managed domains under the selected node.
– Physical device: lists all devices in the selected management domain.
l Displays different managed devices with different icons.
l Allows you to add and delete management domains and change management domains
properties.
l Allows you to query management domains based on names or types.
l Allows you to create management domains one by one or in batches.
View Management
The eSight Infrastructure Manager provides views displaying the positions and operating
status of all the devices in the data center. This function allows you to monitor the devices in
real time.
Energy Efficiency Analysis

Provides the power consumption statistics, PUE, electricity cost counting, power consumption
reports, and historical power consumption data analysis. You can query power consumption
status of various management domains, such as IT equipment, lighting facilities, and the total
power consumption. In this manner, you are provided with the real-time power consumption
status, historical power consumption status, and power consumption distribution of each
subsystem, helping optimize the power consumption of the data center.
l Energy consumption assessment on a layer or level basis

You can customize consumption nodes in districts and equipment rooms in the power
distribution view to calculate energy consumption of various layers or levels.
l Dashboard display of energy consumption analysis
One page fully demonstrates all power efficiency information of one management
domain.

eSight
l Historical data analysis

You are allowed to query the historical data of a certain period to analyze the power
consumption trends.
l Multistep electricity price
The energy consumption cost of the data center can be vividly displayed.
l You can customize tariff strategies, add monthly or time period-based tariff strategies,
and modify or delete tariff strategies.
Video Management
The video management develops the following functions:
l The eSight can connect to an IP cameras.

l The eSight can also independently deploy video integration over the web user interface
(WebUI).
l The eSight allows you to view real-time videos, query video source configurations, and
save the configuration information.
l Camera management
You can create or delete a camera, query cameras based on the name or IP address, view
detailed information about a camera, such as the name, No., recorded location, supplier,
IP address, model, and status, and modify the information.
Report Management
The eSight Infrastructure Manager presents reports in graphics, such as curves, histograms,
and pie charts.
l The eSight Infrastructure Manager allows you to export reports as an Excel or PDF file
and print reports for analysis.
l The eSight Infrastructure Manager allows you to modify the report storage capacity and
upload customer logos.
l The eSight Infrastructure Manager generates reports based on tasks, saves periodic
reports in a report storage disk, and sends reports by email as configured.
Access Control
The eSight Infrastructure Manager provides an access control system that manages access
controllers and access control card holders of cabinet-level access controllers.
l The access management function enables you to configure IP addresses for access
controllers and configure the management server.
l The time management function enables you to manage the access control in the specified
time periods or holidays.
NOTE
The cabinet-level door status sensor does not support the time management function.
l The user management function enables you to manage the users and user groups.

eSight
Capacity Statistics and Analysis

Analyses of capacity on space, location, cooling, configuration, and weight bearing are
supported:
l Rack and cabinet location, capacity of power distribution, cooling, and weight bearing
can be collected and analyzed.
l Capacities can be synchronized based on the expansion and migration.
Capacity Optimization Design

Optimize the configuration of the cabinet based on the properties of devices:
l Optimal device location for migration can be identified and automatically matched.
l Automatically allocated and configure the optimized resources.
Temperature Map
The overall temperature distribution of the equipment room is clearly displayed.
The cold and the hot spots can be effectively identified:
l The analyses of temperature distributions on top, middle, and bottom levels are
available.
l Place the mouse where you want to query and temperature and related device
information can be displayed.
l The top 5 high temperatures and top 5 low temperatures can be analyzed.
Linkage Control
The following two linkage controls are available:
l Modular data center skylight ceiling linkage control
l Container data center humidifier linkage control.
2.10 eLTE Management

eSight offers the following eLTE device management functions: CPE management, eNodeB
management, eCNS management and service channel diagnosis.
2.10.1 eLTE CPE Management

eSight offers a wide array of eLTE CPE management functions, including basic management,
PnP device access, firmware upgrade, configuration management, and remote maintenance.
Supported CPEs include eA660, eA661, eA260, and eA360 devices.
CPE Management
eSight offers a unified portal to manage CPEs.
l Viewing basic CPE information
Users can view basic information about CPEs.

eSight
l Setting common parameters

Users can set the following common parameters for managed objects: WAN, WLAN,
LAN, local time, eSight server, gateway, router, system monitoring, firewall, and service
access.
l Setting general CPE parameters
Users can set general CPE parameters using the TR-069-compliant configuration model
tree.
l Integrating the CPE web manager
Users can jump to the CPE web manager from eSight, and set advanced parameters for a
single CPE.
l Exporting a configuration file
Users can export CPE configuration files for backup.
l Loading a configuration file
Users can load configuration files for CPEs.
l Performing remote maintenance
Users can remotely restart CPEs, restore factory defaults, and use the ping command to
check the connectivity.
l Managing device logs
Users can review diagnosis and routing log files about CPEs, download them from CPEs
to the eSight server, and export them to a local disk.
l Monitoring LAN port peak rates
Users can monitor peak rates of incoming and outgoing traffic on LAN ports.
Untrusted CPE Management

eSight receives CPE registration requests and records basic information about CPEs in lists.
Users can selectively move CPEs from the untrusted CPE list to the authorized CPE list.
Authentication Credential Modification

eSight enables users to modify authentication credentials for one or more CPEs.
PnP Device Access

l Automatically delivering configuration files
When a CPE is added to eSight, eSight automatically obtains and delivers the
configuration file to the CPE based on the CPE model and version number.
l Automatically upgrading version files
After a CPE firmware version file is uploaded to eSight, eSight compares the current
firmware version with the uploaded version file. If the versions do not match, eSight
upgrades it to the uploaded version.
Batch Configuration
Users can set parameters for devices in batches.

eSight
Batch Configuration File Download

Users can immediately or regularly load configuration files for specific CPEs in batches.
Batch Upgrade
Users can upgrade the CPE firmware versions in batches instantly or as scheduled. Users can
also customize upgrade policies when the current and target versions of NEs are the same
during PnP-based deployment. The number of upgrade tasks that can be concurrently
executed is controlled by the file server egress bandwidth.
Alarm Management
eSight allows users to manage the following CPE alarms:
l High temperature
l Low temperature
l Lower computer disconnection
l Lower computer quantity threshold-crossing
l LAN port upstream exception
l Weak wireless signal
l Unauthorized access
l Other alarms
eSight supports real-time and periodical collection and displays the following indicators about
the CPE:
LAN port rate, receive signal strength indicator, reference signal receiving power, and
downstream signal-to-noise ratio.
2.10.2 eLTE eNodeB Management

eSight offers a wide array of eLTE eNodeB management functions, including device access,
alarm, performance, topology, NE manager, device software upgrade, and MML Client.
Device Access
Users can add a single eNodeB, import a file to add eNodeBs in batches, or use eSight to
automatically discover eNodeBs that are running on the network. Users can also manage the
eNodeB connection status and management status in the topology or on the device overview
page.
Alarm Management
In addition to all the alarm management functions mentioned in 2.1.4 Alarm Management,
eSight also allows users to manually and automatically synchronize current alarms, and clear
specific current alarms for devices.

eSight
By default, eSight offers key, major, and minor performance indicator templates. After
devices are connected to eSight, collection tasks about key performance indicators (KPIs) are
automatically added to collect performance data about network-wide devices.
eSight supports 15 key performance counter templates, including eNodeB, link, RRU, board,
cell, port, and carrier; and automatically creates one-hour performance collection tasks when
eNodeBs are created. Users can also manually create and delete periodical detection tasks for
eNodeBs at an interval less than one hour.
Topology Management
In addition to all the functions mentioned in 2.1.6 Topology Management, eSight also offers
the following topology management functions for eNodeBs:
l Displays virtual connections between eNodeBs and eCNSs in the physical topology.
l Updates the eNodeB connection and alarm status in the physical topology in real time.
l Allows users to right-click an eNodeB to display the following functions: configuration
synchronization, alarm browsing, NE details, web network management, and MML
client.
NE Manager
Users can use the NE manager to comprehensively manage eNodeBs. eSight calculates the
NE health based on the following factors and displays the health information on the NE
manager:
l NE connection status
l Ratio of the unreachable duration to the total managed duration
l Ratio of critical and major alarms to the total alarms
l Number of current alarms
l Performance alarms
l CPU usage
The NE manager allows users to manage:
l Key NE information models

l Physical resources such as NE attributes, boards, and ports
l Transmission resources such as IP interfaces, S1 interfaces, X2 interfaces, routes, Stream
Control Transmission Protocol (SCTP) links, and IP paths
l Wireless resources such as remote radio units (RRUs), RRU chains, sectors, cells,
operator information, and cell operator information
The NE manager also allows users to check current and historical alarms of NEs as well as
NTP server configuration.
Device Software Upgrade

Users can manage the following files on eSight:
l Version files

eSight
l Hot and cold patches

l BootRom files
l Configuration files
l Certificate files
Users can update the software for multiple devices in a single task instantly or as scheduled.
Users can also review historical upgrade tasks, monitor the execution status of current
upgrade tasks, and control the number of concurrent upgrade tasks based on the file server
egress bandwidth.
MML Client
The MML client allows users to deliver MML commands to NEs of the same type and
version on eSight. The MML client offers a function-specific command navigation tree,
allows users to filter, search for, and sort NEs, supports MML command association and
online help, and records executed historical commands. Before executing a command that
may have severe negative effects, the MML Client informs users of possible execution results
and executes the command only after the users confirm the operation.
eSight displays command execution results in real time.
2.10.3 eLTE eCNS Management

eSight offers a wide array of eLTE eCNS management functions, including device access,
alarm management, topology management, Ne manager and MML client.
Device Access
Because the number of eCNSs is small, eCNSs can be imported in batches, but do not support
automatic discovery. Users can also manage the eCNS connection status and management
status in the topology or on the device overview page.
Alarm Management
For eLTE eCNSs, eSight supports all the alarm management functions mentioned in 2.1.4
Alarm Management but does not support the following functions: manually and
automatically synchronize current alarms, and clearing specific current alarms for devices.
Topology Management
In addition to all the functions mentioned in 2.1.6 Topology Management, eSight also offers
the following topology management functions for eCNSs:
l Displays virtual connections between eNodeBs and eCNSs in the physical topology.
l Updates the eCNS connection and alarm status in the physical topology in real time.
l Allows users to right-click an eCNS to display the entries for current alarms and the
MML Client.
NE Manager
The NE manager enables in-depth management over eNodeBs, calculates NE health status by
the alarm severity and number of current alarms, and displays NE monitoring status.

eSight
The NE manager allows users to check current and historical alarms about devices.
MML Client
The MML client allows users to deliver MML commands to NEs of the same type and
version on eSight. The MML client offers a function-specific command navigation tree,
allows users to filter, search for, and sort NEs, supports MML command association and
online help, and records executed historical commands. Before executing a command that
may have severe negative effects, the MML Client informs users of possible execution results
and executes the command only after the users confirm the operation.
eSight displays command execution results in real time.
2.10.4 eLTE Service Channel Diagnosis

With the service channel diagnosis function, eSight displays segment-by-segment service
tunnels between CPE users and business servers in the service topology and tables, and allows
users to:
l Manage service channels in the form of tasks.
l Search for service channels by CPE and server.
l Check the connectivity for each segment of service tunnels.
l Display connectivity check results in the service topology and tables.
Set ping detection parameters and alarm thresholds.
2.11 Application Management
2.11.1 Monitoring of Diversified Resources

eSight can monitor various types of servers and service applications, including the database,
email service, web server, application server, website, URL, and custom service.
Operating Application Database Web Server Email Server

System Server Server
Windows Microsoft .NET Oracle Apache server Exchange

Linux Oracle MySQL IIS server Server
application MSSQL Server PHP Standard email
Solaris
server server
IBM AIX IBM DB2 HTTP URL
JBoss
HPUnix/Tru64 Sybase
Tomcat
FreeBSD WebLogic Informix
AS400/OS400 IBM Middleware Others Custom Object

WebSphere

eSight
Operating Application Database Web Server Email Server

System Server Server
Office AD Script
SharePoint Ping
WebLogic Telnet
Integration
SNMP
MSMQ
DNS
IBM
WebSphere MQ FTP/SFTP
Network
service
2.11.2 Resource Management

The resource management page shows basic information about all IT resources managed by
eSight, including the IP address, resource label, health status, and polling interval. On this
page, you can also create, configure, modify, and query IT resources.
The following describes how to manually add a resource and discover resources in batches.
l Manually adding a resource
When manually adding a resource, select any resource type listed in Figure 1 Manually
adding a resource.

eSight
Figure 2-176 Manually adding a resource
l Discovering resources in batches

Network IT resources can be bulk discovered by network segment or resource type and
added to eSight.
Figure 2-177 Discovering resources in batches
2.11.3 Performance Management

eSight can monitor key performance indicators (KPIs) of IT resources and collect statistics on
KPI data. Additionally, eSight provides the graphical user interface (GUI) for users to monitor
and manage IT resource performance.
l Associating performance parameters and threshold schemes

To monitor an IT resource, associate it with the performance parameters and threshold
scheme in the performance monitoring template library.

eSight
l Setting performance templates

Performance templates can be created to provide default settings for indicators to be
monitored.
2.11.4 Business View

eSight can manage IT resources as services in topologies. In topologies, you can clearly view
the relationships between IT resources, such as servers, middleware, and databases. You can
also view alarm status of IT resources and perform common maintenance operations, for
example, viewing alarm and application information. Topologies can intuitively show
mapping between resources and services to achieve quick and accurate fault location.

eSight
2.11.5 Alarm Management

You can monitor the running status of IT resources in real time, for example, browsing
alarms, handling alarms, setting alarm rules (masking or tone), and sending remote alarm
notifications. With these functions, you can eliminate alarms in a timely manner to recover IT
resources.
2.11.6 SLA
With SLA management, eSight provides a clear overview for administrators about the running
status of the overall service system, such as the downtime, availability, mean time to repair
(MTTR), and mean time between failures (MTBF).
2.11.7 Home Page

The home page displays important monitoring information in a graphical view and supports
user-defined monitoring information. The home page is automatically refreshed at a specific
interval (default: 1 minute).

eSight
2.11.8 Report Management

System performance directly affects the service running status. eSight provides service
availability and system performance reports to support statistics analysis and decision making
and improve system security and availability. During the operation, eSight collects a large
amount of data and saves it to the database. The database then summarizes, analyzes, and
calculates the data, and exports graphical reports that are easy to understand. These reports
help maintenance engineers analyze the IT environment and give support for system
optimization and capacity expansion.
eSight provides seven types of reports:
l Performance statistics report
Daily, weekly, and monthly perform statistics reports can be generated according to the
device or application type, such as network device, link, server, database, and
middleware.
l Performance comparison report

Performance comparison reports can be generated in two ways:
Performance of the same resource in different time segments: You can select a resource
(such as a server, switch, or database) and different time segments to compare the
resource's performance in these time segments.
Performance of different resources in the same time segment: You can select multiple
resources (such as several servers, switches, or databases) and a specified time segment
to compare their performance in the time segment.

eSight
l Performance trend report

The performance trend report intuitively presents the trend of an IT resource's historical
performance data in different time segments. To generate a performance trend report for
a resource, add the resource to a resource group by type or location and click the
resource name in the navigation tree.

eSight
l Customized report
You can create report templates for different purposes. To generate a report, click the
report generation button in the report template. The system then automatically generates
a report as specified.
When creating a report template, you can set the report title, statistical period, data
source (indicating the resources to be monitored, such as network devices, servers, and
databases), and statistical indicators (select only the most frequently used and most
concerned ones).
After a report template is created, you can click the report generation button in it. The
system then automatically generates a report as specified, showing the maximum,
minimum, and average values for each indicator.
l Top N Report
Multiple Top N reports are available, covering the ICMP response delay, ICMP packet
loss rate, CPU usage, memory usage, system load, database increment, database buffer
hit rate, and tablespace data increase. You can also create a Top N report by specifying
statistical criteria, such as the data source, number of data items, and time segment.
l Availability report
The availability report collects statistics on availability of all monitored resources in a
specified time segment. The statistics include the continuous running time, downtime,
number of shutdown times, proper running percentage, MTTR, and MTBF. In this
report, the resources can be sequenced by an indicator in ascending or descending order.
In this way, you can locate the lowest-availability resource at a glance.

eSight
l Resource statistics report

The resource statistics report shows the types and quantities of monitored resources
(including devices, servers, database, and middleware) in a bar chart.

eSight
Product Description 3 Deployment Mode
3 Deployment Mode
About This Chapter
eSight supports two networking modes: standalone deployment, and hierarchical deployment.
3.1 Standalone Mode
3.2 Distributed Deployment Mode
3.3 Two-Node Cluster Deployment Mode

eSight
3.1 Standalone Mode

This deployment mode applies to small-scale network management scenarios. In this
deployment mode, the entire eSight system consists of one server, multiple clients, and related
network devices.
Figure 3-1 Standalone mode
3.2 Distributed Deployment Mode

This deployment mode applies to large-scale network management scenarios. The eSight
server and the network traffic collector (NTC) or LogCenter log collector are deployed on
different hosts, as shown in Figure 3-2.

eSight
Figure 3-2 Distributed deployment mode
NOTE
During eSight distributed deployment:

l Only one NTC can be deployed.
l Multiple log collectors can be deployed. The number of log collectors is determined by the device
quantity, security gateway quantity, total campus egress bandwidth, and log storage time.
Deploying Distributed UC Device Managers

The distribtued UC device manager is used to manage cross-regional UC devices (IADs, IP
PBXs, and IP phones) to decrease the network load of the main eSight server, improving
device management efficiency.
The deployment of a distributed UC device manager is similar to the deployment of the main
eSight server. The deployment involves a server, multiple clients, and other network devices.
You can deploy multiple distributed UC device manages, as shown in Figure 3-3.

eSight
Figure 3-3 Deploying distributed UC device managers
3.3 Two-Node Cluster Deployment Mode

An eSight two-node cluster can be a local two-node cluster (where two servers are deployed
at the same site) or a remote two-node cluster (where two servers are deployed at two
different sites).
Local Two-Node Cluster

In this deployment mode, the eSight software is installed on both the active and standby
servers. Data between active and standby servers is synchronized through a dedicated
duplication line. When the active server fails, services are automatically switched to the
standby server to ensure normal running of the entire system.
You can set a floating IP address between the active and standby servers. In this case, devices
do not need to reconnect to eSight after active and standby switchover.

eSight
Figure 3-4 Local two-node cluster networking
Remote Two-Node Cluster

In this deployment mode, the eSight software is installed on both the active and standby
servers. The two servers can be deployed in geographically-dispersed places. In case of a fault
on the active server, services are automatically switched to the standby server. Data between
active and standby servers is synchronized through a dedicated duplication line, which
ensures normal running of the eSight system.
Because the two eSight servers use different IP addresses, you must set the IP addresses of the
active and standby servers on managed devices. In this case, information, such as alarms, on
the devices can be automatically sent to the standby server after active and standby
switchover, which ensures normal device monitoring and management.

eSight
Figure 3-5 Remote two-node cluster networking

eSight
Product Description 4 Networking Mode
4 Networking Mode
About This Chapter
4.1 eSight and NE Networking

4.2 eSight and OSS Integration
4.3 Hierarchical Deployment Mode

eSight
4.1 eSight and NE Networking

eSight has a scalable architecture with a modular design, enabling it to dynamically manage
all devices on a data network.
Table 4-1 lists Huawei and non-Huawei devices that can be managed by eSight.
Table 4-1 Devices that can be managed by eSight
Domain Device
Switches S series and CE series switches
Routers l NE series routers

l AR series routers
Security devices l Eudemon series

l SRG series
l SVN series
Unified communications devices eSpace series gateways, UC purchased devices,

eSpace UC applications, eSpace CC applications, and
VTM applications and so on.
Video surveillance devices Huawei video surveillance applications
Telepresence devices Huawei telepresence conference terminals, multi-

point control units (MCUs), TP, and gatekeepers
(GKs).
IP Phone devices Huawei eSpace IP Phone series devices.
Server Huawei rack server, blade server, and high-density

server.
Mainstream operating systems, including Windows,
Red Hat, and SUSE.
Storage device Huawei array, unified storage, virtual intelligent

storage, mass storage, cloud storage, virtual tape
library, third-party storage and Fibre Channel switch.
Computing Virtualization device VMware ESX/ESXi Server, Huawei FusionCompute

and FusionAccess
Infrastructure Manages basic facilities in an equipment room,

including power supply, cooling, access control,
physical security, environment, firefighting, and
lighting devices.
eLTE device Huawei eA660 and eA661 CPEs

eNodeB: DBS3900 LTE
eCNS610

eSight
Domain Device
Non-Huawei devices l Pre-integrated non-Huawei devices: H3C devices

and Cisco devices
l Printers and servers
NOTE
For details about mapping relationships between eSight and devices, see Device Versions in the release
notes delivered with the version.
In an enterprise park, employees working in branches and partners outside the core network
need to connect to the enterprise park network through a wide area network (WAN) or the
Internet. The eSight intelligent management platform provides integrated management for
multiple systems and unified management for IT and IP devices. Figure 4-1 shows a typical
network for eSight solution in an enterprise park.
Figure 4-1 Network for eSight solution in an enterprise park

eSight
Figure 4-2 eSight server management networking
eSight offers server management. It is recommended that the eSight server offer at least two
network ports for server management and that one management VLAN is planned for device
management. One network port is used for basic device management and stateless computing,
and connected to the management VLAN. The VLAN ID ranges from 2 to 4094. The other
network port is used for server deployment and connected to the default VLAN.
4.2 eSight and OSS Integration

eSight supports third-party systems including upper-level OSSs. Third-party systems can
obtain network resources and alarms from the eSight system through the SNMP or HTTP
interface.

eSight
Figure 4-3 Network between eSight and an OSS
4.3 Hierarchical Deployment Mode

eSight supports hierarchical management, which enables an enterprise headquarters to
manage networks in different physical locations.
You can add lower-level eSights to the upper-level eSight and provide links to lower-level
eSights. When you click a link, a new browser window opens, displaying the login page of a
lower-level eSight.
Figure 4-4 Hierarchical deployment mode

eSight
Product Description 5 Configuration
5 Configuration
About This Chapter
5.1 Software Configuration Requirements

5.2 Hardware Configuration Requirements
5.3 Client Configuration Requirements
5.4 Network Bandwidth Requirements

eSight
5.1 Software Configuration Requirements

l eSight Compact (network device) supports Windows 7 (32-bit) operating system and
MySQL 5.5 database.
l eSight Compact (server) supports Windows Server 2008 R2 Standard (64-bit) operating
system and MySQL 5.5 database.
l eSight Standard and Professional support the following combinations of operating
systems and databases:
– Windows Server 2008 R2 Standard (64-bit) + MySQL 5.5
– Windows Server 2008 R2 Standard (64-bit) + Microsoft SQL Server 2008 R2
Standard
– SUSE Linux 11 SP3 (64-bit) + Oracle 11g R2 Standard
NOTICE
l The languages for the operating system must be Simplified Chinese or English. The
languages for the operating system, database, and eSight must be the same.
l In a distributed deployment mode, operating systems on the primary and secondary hosts
must be the same, and no database is required on the secondary host.
l The secondary host where LogCenter is installed supports only Windows. The secondary
host where the UC Device Manager is installed supports only SUSE Linux.
NOTE
l Only the SUSE Linux + Oracle combination is supported when managed devices range from 5001 to
20, 000.
l Certain components do not support all OS+DB combinations. For details, see Table 5-1.
Table 5-1 Description about components supporting OS+DB

Type Component Windows + Windows + SUSE +
MySQL SQL Server Oracle
Platform eSight Platform √ √ √
eSight Open SDK √ √ √
Enterprise eSight Network √ √ √

Networking Device Manager
Management
Components eSight PON √ √ √
Manager
eSight Smart √ √ √
Reporter
eSight WLAN √ √ √
Manager

eSight

eSight MPLS VPN √ √ √

Manager
eSight MPLS Tunnel √ √ √

Manager
eSight Network SLA √ √ √

Manager
eSight Network √ √ √
Traffic Analyzer
Manager
eSight IPSec VPN √ √ √

Manager
eSight Secure Center √ √ ×
eSight LogCenter √ √ ×
Log Manager
UC & C eSight UC/CC √ √ √

Management Device Manager
Components
eSight Video √ √ √
Surveillance Device
Manager
eSight Telepresence √ √ √
Device Manager
Server eSight Server Device √ √ √

Management Manager
Components
eSight Server √ √ √
Stateless Computing
Manager
eSight Server √ √ √
Deployment
Manager
Storage eSight Storage √ √ √

Management Manager
Component NOTE
Use an independent
MySQL database if
Storage Reporter is
deployed.

eSight

Infrastructure eSight Facilities √ √ √

Management Infrastructure
Component Manager
NOTE
Use an independent
MySQL database if
Storage Reporter is
deployed.
eLTE eSight eLTE Device √ √ √

Management Manager
Component
Application eSight Application √ √ √

Management Manager
Component NOTE
Use an independent
MySQL database if
Storage Reporter is
deployed.
NOTE
l √: The component supports the operating system and database.

l ×: The component does not support the operating system or database.
5.2 Hardware Configuration Requirements

Different combinations of the eSight platform and components have different server hardware
requirements.
eSight Basic Management

eSight basic management involves the management platform, device management (network
device, UC, TP, IVS, storage, server, host, FusionAccess, FusionCompute, MicroDC, and
eLTE device), WLAN management, PON management, MPLS VPN/MPLS Tunnel
management, SLA management, IPSec VPN management, security policy management,
infrastructure management, and application management.
NOTE
l The management node quantity is calculated as follows: IP phone 1:4, eLTE terminal 1:5, eNodeB
device 2:1, eCNS device 20:1, high-end storage device 160:1, mid-range storage device 40:1, low-
end storage device 10:1, hierarchical storage device 10:1, rack server 2:1, blade server 40:1,
application objects 2:1, 288 big data storage nodes are equivalent to one high-end storage device. If
the number of big data storage nodes is not the integral multiple of 288, the result of Number of big
data storage nodes/288 is rounded up to an integer, other device 1:1.

eSight
Table 5-2 eSight basic management

Edition Manage Minimum Delivery Server VM Configuration
ment Configuration Configuration
Scale
eSight 40 nodes l CPU: 1 x N/A VMWare ESXI 5.0

Compact (fixed dual-core 2 l CPU: 1 x quad-core
(network value) GHz or above 2 GHz or above
device) l Memory: l Memory: 6GB
4GB
l Disk space: 300GB
l Disk space:
40GB l Windows Server
2008 R2 Standard
(64-bit) + MySQL
5.5 (attached in the
eSight software
package)
eSight 100 rack l CPU: 2 x N/A VMWare ESXI 5.0

Compact servers quad-core 2 l CPU: 2 x quad-core
(server) and 5 GHz or above 2 GHz or above
blade l Memory:
servers l Memory: 8GB
8GB
(fixed) l Disk space: 300GB
l Disk space:
2008 R2 Standard
NOTE
(64-bit) + MySQL
A PC server
is 5.5 (attached in the
recommended eSight software
. package)
Standard 0-200 l CPU: 1 x Huawei Tecal VMWare ESXI 5.0

nodes dual-core 2 RH2288H l CPU: 1 x quad-core
(managem GHz or above V2,BC1M55SRSG, 2 GHz or above
ent l Memory: eSight
platform Server(2*E5-2630 l Memory: 8GB
6GB
+ device V2,4*8GB, l Disk space: 300GB
managem l Disk space: 3*300GB SAS
ent, 2.5,4*GE LOM, 2008 R2 Standard
excluding NOTE 1*4*GE (64-bit) + MySQL
value- A PC server is NIC,SR320BC
recommended. 5.5 (attached in the
added +BBU,2*460W PS) eSight software
componen package)
ts)

eSight

Scale
201-500 l CPU: 2 x
nodes dual-core 2
(managem GHz or above
ent l Memory:
platform 6GB
+ device
managem l Disk space:
ent, 200GB
excluding NOTE
value- A PC server is
recommended.
added
componen
ts)
501-2000 l CPU: 2 x VMWare ESXI 5.0

nodes(ma quad-core 2 l CPU: 2 x quad-core
nagement GHz or above 2 GHz or above
platform l Memory:
+ device l Memory: 12GB
8GB
managem l Disk space: 600GB
ent, l Disk space:
excluding 2008 R2 Standard
value- NOTE
(64-bit) + MySQL
added A PC server is
componen eSight software
ts) package)
0-500
nodes
(including
value-
added
componen
ts)
2001-500 l CPU: 2 x --
0 nodes quad-core 2
GHz or above
l Memory:
16GB
l Disk space:
500GB
NOTE
A PC server is
recommended.

eSight

Scale
Professio 0-200 l CPU: 1 x Huawei Tecal VMWare ESXI 5.0

nal nodes dual-core 2 RH2288H l CPU: 1 x quad-core
(managem GHz or above V2,BC1M55SRSG, 2 GHz or above
ent l Memory: eSight
platform Server(2*E5-2630 l Memory: 8GB
6GB
+ device V2,4*8GB, l Disk space: 300GB
managem l Disk space: 3*300GB SAS
ent, 2.5,4*GE LOM, 2008 R2 Standard
excluding NOTE 1*4*GE (64-bit) + MySQL
value- A PC server is NIC,SR320BC
added +BBU,2*460W PS) eSight software
componen package)
ts)
201-500 l CPU: 2 x
nodes dual-core 2
(managem GHz or above
ent l Memory:
platform 6GB
+ device
managem l Disk space:
ent, 200GB
excluding NOTE
value- A PC server is
recommended.
added
componen
ts)
501-2000 l CPU: 2 x VMWare ESXI 5.0

nodes(ma quad-core 2 l CPU: 2 x quad-core
nagement GHz or above 2 GHz or above
platform l Memory:
+ device l Memory: 12GB
8GB
managem l Disk space: 600GB
ent, l Disk space:
excluding 2008 R2 Standard
value- NOTE
(64-bit) + MySQL
added A PC server is
componen eSight software
ts) package)
0-500
nodes
(including
value-
added
componen
ts)

eSight

Scale
2001-500 l CPU: 2 x --
0 nodes quad-core 2
GHz or above
l Memory:
16GB
l Disk space:
500GB
NOTE
A PC server is
recommended.
5001-20, l CPU: 4 x Huawei Tecal --

000 nodes quad-core 2 RH5885H
GHz or above V3,BC6M18BFSA,
l Memory: eSight
64GB Server(4*E7-4820
V2,8*8GB,
l Disk space: 8*300GB SAS
1TB 2.5,4*GE LOM,
NOTE 1*4*GE
A PC server is NIC,SR420BC
recommended.
+BBU,2*2000W
PS)
eSight Basic Management + Storage Report Management
Table 5-3 eSight basic management + storage report management

Managemen Minimum Delivery Server VM Configuration
t Scale Configuration Configuration
0-2000 nodes l CPU: 2 x six-core Huawei Tecal RH2288H VMWare ESXI 5.0
CPUs, 2.5 GHz or V2,BC1M55SRSG,eSig l CPU: 2 x six-core
above ht Server(2*E5-2630 2.5 GHz or above
l Memory: 16GB V2,4*8GB,3*300GB
SAS 2.5,4*GE LOM, l Memory: 24GB
l Disk space: 1*4*GE NIC,SR320BC l Disk space:
300GB +BBU,2*460W PS) 600GB
NOTE
l Windows Server
A PC server is
recommended. 2008 R2 Standard
(64-bit) + MySQL
5.5 (attached in
the eSight
software package)

eSight
Managemen Minimum Delivery Server VM Configuration

t Scale Configuration Configuration
2001-5000 l CPU: 2 x six-core --

nodes CPUs, 2.5 GHz or
above
l Memory: 32GB
l Disk space:
500GB
NOTE
A PC server is
recommended.
5001-20, 000 l CPU: 4 x quad- Huawei Tecal RH5885H --

nodes core 2 GHz or V3,BC6M18BFSA,eSig
above ht Server(4*E7-4820
l Memory: 64GB V2,8*8GB,8*300GB
SAS 2.5,4*GE LOM,
l Disk space: 1TB 1*4*GE NIC,SR420BC
NOTE +BBU,2*2000W PS)
A PC server is
recommended.
eSight Basic Management + Network Traffic Analysis

The following scenarios are involved:
l The NTC and eSight server are deployed on the same host which is called the primary
server.
l The NTC and eSight server are deployed on different hosts. The other host is called the
distributed server.
In the two scenarios, configuration requirements for the primary server are the same.
Configuration requirements for the distributed server are listed in Table 5-9.
NOTE
l When the eSight server is planned to manage over 5000 devices, the NTC server must be deployed
on a different host from the eSight server.
l When the eSight Network Traffic Analyzer is planned to manage over 100 devices, the NTC server
must be deployed on a different host from the eSight server.

eSight
Table 5-4 eSight basic management + network traffic analysis(primary server)

Management Minimum Delivery Server VM
Scale Configuration Configuration Configuration
l Basic: 0-500 l CPU: 2 x quad-core Huawei Tecal RH2288H VMWare ESXI

nodes 2 GHz or above V2,BC1M55SRSG,eSigh 5.0
(management l Memory: 8GB t Server(2*E5-2630 l CPU: 2 x six-
platform + V2,4*8GB,3*300GB core 2.5 GHz
device l Disk space: 200GB SAS 2.5,4*GE LOM, or above
management, NOTE 1*4*GE NIC,SR320BC
excluding A PC server is +BBU,2*460W PS) l Memory:
value-added
recommended. 12GB
components) l Disk space:
l Network 600GB
traffic: 0-10 l Windows
nodes (2000 Server 2008
flows/s) R2 Standard
(64-bit) +
MySQL 5.5
(attached in
the eSight
software
package)
l Basic: l CPU: 2 x quad-core VMWare ESXI

501-2000 2 GHz or above 5.0
nodes l Memory: 16GB l CPU: 2 x six-
l Network l Disk space: 300GB core 2.5 GHz
traffic: 0-10 or above
NOTE
nodes (2000 A PC server is l Memory:
flows/s) recommended. 24GB
l Disk space:
600GB
l Windows
Server 2008
R2 Standard
(64-bit) +
MySQL 5.5
(attached in
the eSight
software
package)
l Basic: l CPU: 4 x quad-core Huawei Tecal RH5885H --

2001-5000 2 GHz or above V3,BC6M18BFSA,eSigh
nodes l Memory: 32GB t Server(4*E7-4820
l Network V2,8*8GB,8*300GB
l Disk space: 500GB SAS 2.5,4*GE LOM,
traffic: 0-10
NOTE 1*4*GE NIC,SR420BC
nodes (2000 A PC server is
flows/s) +BBU,2*2000W PS)
recommended.

eSight
eSight Basic Management + Storage Report + Network Traffic Analysis

l The NTC and eSight server are deployed on the same host which is called the primary
server.
l The NTC and eSight server are deployed on different hosts. The other host is called the
distributed server.
NOTE
l When the eSight server is planned to manage over 5000 devices, the NTC server must be deployed
on a different host from the eSight server.
l When the eSight Network Traffic Analyzer is planned to manage over 100 devices, the NTC server
must be deployed on a different host from the eSight server.
l When NTC and eSight platform are deployed on different servers, the database is not required to be
installed on the NTC server, but the operating systems must be the same on the NTC and the eSight
servers.
Table 5-5 eSight basic management + storage report+ network traffic analysis(primary server)
Manageme Minimum Delivery Server VM
nt Scale Configuration Configuration Configuratio
n
l Basic: l CPU: 2 x quad- Huawei Tecal RH2288H VMWare

0-2000 core 2 GHz or V2,BC1M55SRSG,eSight ESXI 5.0
nodes above Server(2*E5-2630 V2,4*8GB, l CPU: 2 x
l Network l Memory: 24GB 3*300GB SAS 2.5,4*GE six-core 2.5
traffic: LOM,1*4*GE NIC,SR320BC GHz or
l Disk space: 300GB +BBU,2*460W PS)
0-10 above
NOTE
nodes A PC server is l Memory:
(2000 recommended. 32GB
flows/s)
l Disk space:
600GB
l Windows
Server
2008 R2
Standard
(64-bit) +
MySQL 5.5
(attached in
the eSight
software
package)

eSight

nt Scale Configuration Configuration Configuratio
n
l Basic: l CPU: 4 x quad- Huawei Tecal RH5885H V3, --

2001-500 core 2 GHz or BC6M15BFSA, OSS-2
0 nodes above (4*E7-4820 V2 CPU, 8*8GB
l Network l Memory: 32GB Mem, 8*300GB, DVDRW,
traffic: 4*GE LOM-1*4GE NIC,
l Disk space: 500GB SR420BC-1GB+BBU,
0-10
NOTE 2*2000W AC PS, Guide
nodes A PC server is
(2000 rail)H58H-03
recommended.
flows/s)
eSight Basic Management + LogCenter Log Management

l The log collector and eSight server are deployed on the same host which is called the
primary server.
l The log collector and eSight server are deployed on different hosts. The other host is
called the distributed server.

eSight
Table 5-6 eSight basic management + LogCenter log management (primary server)
l Basic: l CPU: 1 x 6-core l Huawei Tecal --

0-500 2.5 GHz or above RH2288H V2,
nodes l Memory: 8 GB BC1M66SRSG, Single
(manageme Server RH2288H
nt platform l Disk space: 8 TB V2(1*E5-2640 CPU,
+ device (Available space: 2*4GB Mem, 2*1TB
managemen 6 TB) SATA, 4*GE,
t, excluding NOTE SR320BC-512MB
value- A PC server is +BBU, 2*460W AC
recommended.
added PS)
component l Servers, BC1HDD66,
s) HardDisk-1TB-
l LogCenter : SATA-7200rpm-3.5"-6
Syslog 0 - 4M
2000EPS or l Servers, BC1HDD67,
NAT 0 - HardDisk-2TB-
10000EPS SATA-7200rpm-3.5"-6
4M
l Servers, BC1HDD68,
HardDisk-3TB-
SATA-7200rpm-3.5"-6
4M
l Basic: l CPU: 2 x 6-core l Huawei Tecal --

501-2000 2.5 GHz or above RH2288H V2,
nodes l Memory: 16 GB BC1M67SRSG, Single
l LogCenter : Server RH2288H
l Disk space: 8 TB V2(2*E5-2640 CPU,
Syslog (Available space:
0-2000EPS 4*8GB Mem, 2*1TB
6 TB) SATA, 4*GE,
or NAT
NOTE SR320BC-512MB
0-10000EP A PC server is
S +BBU, 2*750W AC
recommended
PS)
HardDisk-1TB-
SATA-7200rpm-3.5"-6
4M
HardDisk-2TB-
SATA-7200rpm-3.5"-6
4M
HardDisk-3TB-
SATA-7200rpm-3.5"-6
4M

eSight
eSight Basic Management + Storage Report + Infrastructure Management +

Application Management
Table 5-7 eSight basic management + storage report management + infrastructure

management + application management
nt Scale Configuration Configuration Configuration
0-500 nodes l CPU: 2 x quad- Huawei Tecal RH2288H --

(excluding core 2 GHz or V2,BC1M55SRSG,eSight
application above Server(2*E5-2630
management l Memory: 16 GB V2,4*8GB,3*300GB SAS
) 2.5,4*GE LOM,1*4*GE
l Disk space: 300GB NIC,SR320BC+BBU,
NOTE 2*460W PS)
A PC server is
recommended.
501-5000 l CPU: 2 x six-core --

nodes CPUs, 2.5 GHz or
above
l Memory: 32 GB
l Disk space: 500
GB
NOTE
A PC server is
recommended.

eSight
Integrated Deployment of All Components
Table 5-8 Integrated deployment of all components (basic management, storage report,
network traffic analysis, LogCenter, infrastructure management, and application management)

l Basic: 0-200 l CPU: 2 x l Huawei Tecal RH2288H --

nodes quad-core 2 V2, BC1M67SRSG,
l Network GHz or Single Server RH2288H
traffic: 0-10 above V2(2*E5-2640 CPU,
nodes (2000 l Memory: 32 4*8GB Mem, 2*1TB
flows/s) GB SATA, 4*GE,
SR320BC-512MB+BBU,
l LogCenter: l Disk space: 4 2*750W AC PS)
Syslog TB
0-1000EPS (Available l Servers, BC1HDD66,
or NAT space: 3 TB) HardDisk-1TB-
0-5000EPS SATA-7200rpm-3.5"-64
NOTE
A PC server is
M
recommended. l Servers, BC1HDD67,
HardDisk-2TB-
SATA-7200rpm-3.5"-64
M
HardDisk-3TB-
SATA-7200rpm-3.5"-64
M
Distributed Server
Table 5-9 Configuration requirements for the distributed server where the NTC is deployed

0-100 nodes l CPU: 1 x quad- Huawei Tecal RH2288H VMWare ESXI

(0-10, 000 core 2 GHz or V2,BC1M55SRSG,eSight 5.0
flows/s) above Server(2*E5-2630 l CPU: 1 x
l Memory: 4GB V2,4*8GB,3*300GB SAS quad-core 2
2.5,4*GE LOM,1*4*GE GHz or above
l Disk space: NIC,SR320BC+BBU,
120GB 2*460W PS) l Memory: 6GB
NOTE l Disk space:
A PC server is 300GB
recommended.
l Windows
Server 2008
R2 Standard
(64-bit)

eSight

101-350 l CPU: 2 x quad- --

nodes (10, core 2 GHz or
000-30, 000 above
flows/s) l Memory: 16GB
l Disk space:
250GB
NOTE
A PC server is
recommended.
Table 5-10 Configuration requirements for the distributed server where the log collector is
deployed
Distributed l CPU: 1 x 6-core l Huawei Tecal RH2288H --

deployment 2.5 GHz or above V2, BC1M66SRSG,
1: l Memory: 8 GB Single Server RH2288H
Per collector: V2(1*E5-2640 CPU,
l Disk space: 36 TB 2*4GB Mem, 2*1TB
l Syslog (Available space: SATA, 4*GE,
0-7000 33 TB) SR320BC-512MB
EPS NOTE +BBU, 2*460W AC PS)
l NAT A PC server is
0-160000 HardDisk-1TB-
EPS In case of insufficient
hard disk space, more SATA-7200rpm-3.5"-64
servers can be used. M
HardDisk-2TB-
SATA-7200rpm-3.5"-64
M
HardDisk-3TB-
SATA-7200rpm-3.5"-64
M

eSight

Distributed l CPU: 2 x 6-core 2 l Huawei Tecal RH2288H --

deployment GHz or above V2, BC1M67SRSG,
2: l Memory: 32 GB Single Server RH2288H
Per collector: V2(2*E5-2640 CPU,
l Disk space: 36 TB 4*8GB Mem, 2*1TB
l Syslog (Available space: SATA, 4*GE,
0-10500 33 TB) SR320BC-512MB
EPS NOTE +BBU, 2*750W AC PS)
l NAT A PC server is
0-240000 HardDisk-1TB-
EPS In case of insufficient
hard disk space, more SATA-7200rpm-3.5"-64
servers can be used. M
HardDisk-2TB-
SATA-7200rpm-3.5"-64
M
HardDisk-3TB-
SATA-7200rpm-3.5"-64
M
Table 5-11 Configuration requirements for the distributed server where the Distributed UC
Device Manager is deployed
0-1000 l CPU: 1 x quad- Huawei Tecal RH2288H --

phones core 2 GHz or V2,BC1M55SRSG,eSight
Calculation above Server(2*E5-2630
method: IP l Memory: 8GB V2,4*8GB,3*300GB SAS
phone 2.5,4*GE LOM,1*4*GE
l Disk space: NIC,SR320BC+BBU,
quantity/5 + 120GB
IP PBX 2*460W PS)
NOTE
quantity + A PC server is
IAD quantity recommended.
5.3 Client Configuration Requirements

The eSight web client has the following requirements on the operating system, memory, and
browser:
l Operating system: Windows 7, or Windows Server 2008.
l Browser: Internet Explorer 9, Internet Explorer 10, Firefox 27, and Chrome 29 are
recommended.

eSight
NOTE
The eSight Facilities Infrastructure Manager does not support Firefox 27 and Chrome 29. Use
Internet Explorer 9 or Internet Explorer 10 for it.
l Memory: 1 GB or above
5.4 Network Bandwidth Requirements

To ensure the normal running of the eSight system, ensure that network bandwidths meet the
basic network bandwidth requirements.
The method for calculating network bandwidth required in the eSight system is as follows:
Bandwidth between the eSight server and client: 2 Mbit/s
Bandwidth between active and standby servers in a two-node cluster: 50 Mbit/s
Total bandwidth between eSight and devices = Device management bandwidth + Additional
bandwidth for terminal upgrade + Additional bandwidth for network traffic + Additional
LogCenter bandwidth + Additional bandwidth for deploying the operating system for servers
l Device management bandwidth (X indicates the total number of devices, including

terminals and other box devices):
– X < 2000, required bandwidth: 2 Mbit/s
– X > 2000, required bandwidth: 2 Mbit/s + (X – 2000) x 0.8 kbit/s
l Additional bandwidth for terminal (IP phones and CPEs) upgrade (Y indicates the
number of terminals):
(Y/10) x 256 kbit/s
NOTE
The planned bandwidth for each terminal upgrade is 256 kbit/s. In the formula, Y/10 indicates that
10% terminals are concurrently upgraded. eSight allows users to upgrade 100 terminals at the
same time, requiring 25.6 Mbit/s.
l Additional bandwidth for network traffic:
N x 400 bit/s
NOTE
l In the formula, N indicates the number of flows and its unit is flow/s.
l The bandwidth for a flow is calculated as follows: (1500/30) x 8 bit/s = 400 bit/s. Here, 1500
indicates that the average size of a NetStream packet is 1500 bytes, and 30 indicates that a
NetStream packet has about 30 flows.
l 10000 flows require a bandwidth of 3.8 Mbit/s.
l Additional LogCenter bandwidth (between the LogCenter collector and devices)
– Integrated deployment of the collector and eSight: 1.5 Mbit/s (300 bytes per syslog
and 150 bytes per session log)
– Distributed deployment 1 (see Table 5-10): 24 Mbit/s
– Distributed deployment 2 (see Table 5-10): 36 Mbit/s
l Additional bandwidth for deploying the operating system for servers
15 Mbit/s

eSight
NOTE
eSight allows users to load and deploy the operating system mirroring file through PXE.
Deploying the operating system for each server requires 1.5 Mbit/s. eSight allows users to deploy
the operating system for a maximum of 10 servers at the same time, requiring 15 Mbit/s.

eSight
Product Description 6 Technical Counters
6 Technical Counters
eSight can manage a maximum of 20,000 NEs and allows a maximum of 100 online clients
concurrently. The technical counters for eSight are as follows.
Table 6-1 Technical counters

Counter Value
Capacity for storing current alarms 20,000
Capacity for storing historical alarms 15 million
Capacity for storing events 2 million
Capacity for storing audit logs 3 million
Alarm processing capacity (number/second) 100
Maximum number of topology objects 500

supported by a subnet
Maximum number of topology object layers 11

supported by topology management

eSight
Product Description 7 Standard and Protocol Compliance
7 Standard and Protocol Compliance
eSight complies with the following standards and protocols:

l SNMP and MIB-II standards for interfaces between eSight and devices
– RFC1155: structure and identification of management information for TCP/IP-
based Internet
– RFC1157: simple network management protocol
– RFC1213: version 2 of management information base (MIB-II) for network
management of TCP/IP-based Internet
l XML 1.0
l ITU-T X.733: fault management specification
l JSR-286 Portlets specifications: Java Portlet specification v2.0
l HTTP/1.0|HTTP/1.1: Hypertext Transfer Protocol
l HTTPS: Hypertext Transfer Protocol Secure
l SIP (RFC3261)
l TCP (RFC0872)
l TCP/UDP (RFC1356)
l SMI-S Storage Management Suggestion and Guide
l Modbus

eSight
Product Description A Glossary
A Glossary
A
AC See access controller.
ACL See access control list.
AP See access point.
ATAE See Advanced Telecommunications Application Environment.
Advanced A carrier-class processing platform that is designed to meet the service application
Telecommunications requirement of high performance, high specialization, and high integration.
Application
Environment (ATAE)
access control list A list of entities, together with their access rights, which are authorized to access a
(ACL) resource.
access controller (AC) A device that controls and manages all associated access points (APs) in a WLAN. An
AC can work with the authentication server to provide the authentication service for
WLAN users.
access point (AP) Any entity that has station functionality and provides access to the distribution
services, via the wireless medium (WM) for associated stations.
administrator A user who has authority to access all EMLCore product management domains. This
user has access to the entire network and all management functions.
alarm A message reported when a fault is detected by a device or by the network
management system during the device polling process. Each alarm corresponds to a
clear alarm. After a clear alarm is received, the corresponding alarm is cleared.
B
B/S browser/server
BBU See backup battery unit.
BGP Border Gateway Protocol
BIOS See basic input/output system.

eSight
backup A periodic operation performed on data stored in a database for the purposes of
recovering the data if an error occurs. The backup also refers to the data
synchronization between active and standby boards.
backup battery unit A battery module that can supplies power for a controller enclosure in a short time
(BBU) when the system is powered off.
basic input/output Firmware stored on the computer motherboard that contains basic input/output control
system (BIOS) programs, power-on self test (POST) programs, bootstraps, and system setting
information. The BIOS provides hardware setting and control functions for the
computer.
C
CAD See computer-assisted dispatch.
CC See conference call.
CLI command-line interface
CPLD complex programmable logical device
CPU See central processing unit.
central processing unit The computational and control unit of a computer. The CPU is the device that
(CPU) interprets and executes instructions. The CPU has the ability to fetch, decode, and
execute instructions and to transfer information to and from other resources over the
computer's main data-transfer path, the bus.
certificate The certificate, also called the digital certificate, establishes the association between
the user identity and user public key. The certificate is issued by the third-party
authority, and provides identity authentication for the communications parties.
cluster A computer technology that integrates a set of loosely connected servers to work
together so that in many respects they can be viewed as a single system. A cluster is
used to improve system stability, reliability, data processing capability, and service
capability. For example, a cluster is used to reduce single-point failures, share storage
resources, load balances, and improve system performance.
computer-assisted In the ECC solution of the Enterprise Unified Communications and Collaboration
dispatch (CAD) (UC&C) Product Line, the Computer-Assisted Dispatch (CAD) system is the core
module of the ECC system, which is responsible for the incident receiving, handling,
and dispatching.
conference call (CC) A conference by telephone in which three or more parties in different locations
participate by using a central switching unit.
configuration data A command file defining hardware configurations of an NE. With this file, an NE can
collaborate with other NEs in a network. Therefore, configuration data is the key
factor that determines the operation of an entire network.
configuration file A file that contains machine-readable operating specifications for a piece of hardware
or software or that contains information on another file or on a specific user, such as
the user's login ID.
D
DB database
DC data center

eSight
DHCP See Dynamic Host Configuration Protocol.

DNS See domain name service.
DR See disaster recovery.
DR switchover A mechanism for ensuring system normal running. With the mechanism when a
disaster occurs on the production machine and the production machine cannot be
recovered in a short time, the signaling and services are switched from the production
machine to the redundancy machine.
DTMF See dual tone multiple frequency.
Dynamic Host A client-server networking protocol. A DHCP server provides configuration
Configuration Protocol parameters specific to the DHCP client host requesting information the host requires
(DHCP) to participate on the Internet network. DHCP also provides a mechanism for allocating
IP addresses to hosts.
dashboard A logical board that collects key performance data of ports for consecutive short
periods and display data changes in charts.
disaster recovery (DR) A process of remotely backing up important device data and applications in the
production center. When a production machine in the production center encounters an
error or a disaster, the remote backup machine and data are used to process services in
place of the faulty machine.
domain name service A hierarchical naming system for computers, services, or any resource connected to
(DNS) the Internet or a private network. It associates various information with domain names
assigned to each of the participants. The DNS distributes the responsibility of
assigning domain names and mapping those names to IP addresses by designating
authoritative name servers for each domain.
dual tone multiple Multi-frequency signaling technology for telephone systems. According to this
frequency (DTMF) technology, standard set combinations of two specific voice band frequencies, one
from a group of four low frequencies and the other from a group of four high
frequencies, are used.
E
EPS events per second
ESN See equipment serial number.
Ethernet A LAN technology that uses the carrier sense multiple access with collision detection
(CSMA/CD) media access control method. The Ethernet network is highly reliable
and easy to maintain. The speed of an Ethernet interface can be 10 Mbit/s, 100 Mbit/s,
1000 Mbit/s, or 10,000 Mbit/s.
Extensible Markup A specification developed by the World Wide Web Consortium (W3C). XML is a
Language (XML) pared-down version of Standard Generalized Markup Language (SGML), designed
especially for Web files. It allows designers to create their own customized tags,
enabling the definition, transmission, validation, and interpretation of data between
applications and between organizations.
encryption A function used to transform data so as to hide its information content to prevent it's
unauthorized use.
equipment serial A string of characters that identify a piece of equipment and ensures correct allocation
number (ESN) of a license file to the specified equipment. It is also called "equipment fingerprint".

eSight
F
FTP File Transfer Protocol
FTPS See File Transfer Protocol over SSL.
File Transfer Protocol An extension to the commonly used File Transfer Protocol (FTP) that adds support for
over SSL (FTPS) the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic
protocols.
firewall A combination of a series of components set between different networks or network
security domains. By monitoring, limiting, and changing the data traffic across the
firewall, it masks the interior information, structure and running state of the network
as much as possible to protect the network security.
floating IP address An IP address that a high availability (HA) system uses to communicate with the
external system. The active server and standby server have separate IP addresses. For
example, the IP address of the active server is IP1 and the IP address of the standby
server is IP2. When communicating with the external client, the active or standby
server uses IP3, and IP3 is bound to the network adapter of the active server. At this
time, the active server has two IP addresses, namely IP1 and IP3. The standby server
has only IP2, therefore, it does not provide services to the external client. When an
active/standby switchover occurs, the active server releases IP3, and IP3 is bound to
the network adapter of the standby server. This is called floating.
G
GE Gigabit Ethernet
GUI graphical user interface
gateway A device that connects two network segments using different protocols. It is used to
translate the data in the two network segments.
H
HA system high availability system
HTTP See Hypertext Transfer Protocol.
HTTPS See Hypertext Transfer Protocol Secure.
Hypertext Transfer An application-layer protocol used for communications between web servers and
Protocol (HTTP) browsers or other programs. HTTP adopts the request-response mode. A client sends a
request to the server. The request consists of two parts: request header and MIME-like
message. The request header contains request method, uniform resource locator
(URL), and protocol version. The MIME-like message contains request modifiers,
client information, and possible body content. Upon receiving the request, the server
responds with a status line. The status line includes the message's protocol version, a
success or error code, and a MIME-like message, which contains server information,
entity meta-information, and possible entity-body content. For details about HTTP, see
RFC2616.
Hypertext Transfer An HTTP protocol that runs on top of transport layer security (TLS) and Secure
Protocol Secure Sockets Layer (SSL). It is used to establish a reliable channel for encrypted
(HTTPS) communication and secure identification of a network web server. For details, see
RFC2818.

eSight
I
IAD See integrated access device.
ICMP See Internet Control Message Protocol.
ID See identity.
IOPS input/output operations per second
IP Internet Protocol
IP address A 32-bit (4-byte) binary number that uniquely identifies a host connected to the
Internet. An IP address is expressed in dotted decimal notation, consisting of the
decimal values of its 4 bytes, separated with periods; for example, 127.0.0.1. The first
three bytes of the IP address identify the network to which the host is connected, and
the last byte identifies the host itself.
Internet Control A network layer protocol that provides message control and error reporting between a
Message Protocol host server and an Internet gateway.
(ICMP)
identity (ID) The collective aspect of the set of characteristics by which a thing is definitively
recognizable or known.
integrated access An access node that can simultaneously deliver Class 5 switch voice services, packet
device (IAD) voice services, and data services (through LAN ports) over a single WAN link. IADs
provide a common platform that enables service providers to deliver voice and data
over a single access network, reducing the cost of co-located equipment in the Telco
central office and allowing service providers to minimize transport spans.
K
KVM See keyboard, video, and mouse.
keyboard, video, and A hardware device installed in the integrated configuration cabinet. KVM serves as
mouse (KVM) the input and output device for the components inside the cabinet. It consists of a
screen, a keyboard, and a mouse.
L
L3VPN Layer 3 virtual private network
LAN See local area network.
LDAP See Lightweight Directory Access Protocol.
LDP Label Distribution Protocol
LLDP See Link Layer Discovery Protocol.
Lightweight Directory A network protocol based on TCP/IP, which allows access to a directory system agent
Access Protocol (DSA). It involves some reduced functionality from X.500 Directory Access Protocol
(LDAP) (DAP) specifications.
Link Layer Discovery The Link Layer Discovery Protocol (LLDP) is an L2D protocol defined in IEEE
Protocol (LLDP) 802.1ab. Using the LLDP, the NMS can rapidly obtain the Layer 2 network topology
and changes in topology when the network scales expand.

eSight
license A permission that the vendor provides for the user with a specific function, capacity,
and duration of a product. A license can be a file or a serial number. Usually the
license consists of encrypted codes. The operation authority granted varies with the
level of the license.
local area network A network formed by the computers and workstations within the coverage of a few
(LAN) square kilometers or within a single building, featuring high speed and low error rate.
Current LANs are generally based on switched Ethernet or Wi-Fi technology and run
at 1,000 Mbit/s (that is, 1 Gbit/s).
log collector A subsystem of eLog, used to format, classify, filter, merge, measure, store, and query
logs.
M
MAC See Media Access Control.
MAC address A link layer address or physical address. It is six bytes long.
MGCP See Media Gateway Control Protocol.
MIB See management information base.
MML man-machine language
MPLS See Multiprotocol Label Switching.
MPLS TE multiprotocol label switching traffic engineering
MPLS VPN See multiprotocol label switching virtual private network.
Media Access Control A protocol at the media access control sublayer. The protocol is at the lower part of
(MAC) the data link layer in the OSI model and is mainly responsible for controlling and
connecting the physical media at the physical layer. When transmitting data, the MAC
protocol checks whether to be able to transmit data. If the data can be transmitted,
certain control information is added to the data, and then the data and the control
information are transmitted in a specified format to the physical layer. When receiving
data, the MAC protocol checks whether the information is correct and whether the
data is transmitted correctly. If the information is correct and the data is transmitted
correctly, the control information is removed from the data and then the data is
transmitted to the LLC layer.
Media Gateway A protocol that defines a type of call control structure. It is a standard protocol for
Control Protocol handling the signaling and session management needed during a multimedia
(MGCP) conference. In the structure defined by MGC, call control is separated from service
bearer. Being independent of the Media Gateway (MG), the call control function is
processed by the external call control unit, known as Media Gateway Controller
(MGC) or Call Agent (CA). The MG needs to execute the command issued by the
MGC. By nature, MGCP is a master/slave protocol.
Multiprotocol Label A technology that uses short tags of fixed length to encapsulate packets in different
Switching (MPLS) link layers, and provides connection-oriented switching for the network layer on the
basis of IP routing and control protocols.
management A type of database used for managing the devices in a communications network. It
information base comprises a collection of objects in a (virtual) database used to manage entities (such
(MIB) as routers and switches) in a network.

eSight
multiprotocol label An Internet Protocol (IP) virtual private network (VPN) based on the multiprotocol
switching virtual label switching (MPLS) technology. It applies the MPLS technology for network
private network routers and switches, simplifies the routing mode of core routers, and combines
(MPLS VPN) traditional routing technology and label switching technology. It can be used to
construct the broadband Intranet and Extranet to meet various service requirements.
N
NAT See Network Address Translation.
NE network element
NIC network interface card
NTA See network traffic analyzer.
NTC See network traffic collector.
NetStream As a measurement and release technique based on network stream information,
NetStream can categorize and measure the traffic on the network and the utilization of
resources. It performs management and charging for various services and based on
different QoS.
Network Address An IETF standard that allows an organization to present itself to the Internet with far
Translation (NAT) fewer IP addresses than there are nodes on its internal network. The NAT technology,
which is implemented in a router, firewall or PC, converts private IP addresses (such
as in the 192.168.0.0 range) of the machine on the internal private network to one or
more public IP addresses for the Internet. It changes the packet headers to the new
address and keeps track of them via internal tables that it builds. When packets come
back from the Internet, NAT uses the tables to perform the reverse conversion to the IP
address of the client machine.
network traffic Network traffic analysis tool that obtains statistical data from the NTC (Network
analyzer (NTA) Traffic Collector). The statistical data is a basis for flow evidence, capacity planning,
and attack detection.
network traffic Application running in Unix or Windows, which is responsible for receiving and
collector (NTC) processing UDP packets from the NTE (Network Traffic Exporter). Then it sends
statistical data to the NTA for further analysis.
O
O&M operation and maintenance
OAM See operation, administration and maintenance.
OID object identifier
OPEX operating expense
OSPF See Open Shortest Path First.
OSS operations support system
Open Shortest Path A link-state, hierarchical interior gateway protocol (IGP) for network routing that uses
First (OSPF) cost as its routing metric. A link state database is constructed of the network topology,
which is identical on all routers in the area.

eSight
operation, A set of network management functions that cover fault detection, notification,
administration and location, and repair.
maintenance (OAM)
P
P2P See point-to-point service.
PBX private branch exchange
PC personal computer
PRA primary rate access
PVID See port VLAN ID.
PXE See preboot execution environment.
ping A method used to test whether a device in the IP network is reachable according to the
sent ICMP Echo messages and received response messages.
point-to-point service A service between two terminal users. In P2P services, senders and recipients are
(P2P) terminal users.
port VLAN ID (PVID) A default VLAN ID of a port. It is allocated to a data frame if the data frame carries
no VLAN tag when reaching the port.
preboot execution A technology that enables computers to boot from the network. This technology is the
environment (PXE) successor of Remote Initial Program Load (RPL). The PXE works in client/server
mode. The PXE client resides in the ROM of a network adapter. When the computer is
booted, the BIOS invokes the PXE client to the memory, and the PXE client obtains
an IP address from the DHCP server and downloads the operating system from the
remote server using TFTP.
Q
QoS See quality of service.
quality of service A commonly-used performance indicator of a telecommunication system or channel.
(QoS) Depending on the specific system and service, it may relate to jitter, delay, packet loss
ratio, bit error ratio, and signal-to-noise ratio. It functions to measure the quality of the
transmission system and the effectiveness of the services, as well as the capability of a
service provider to meet the demands of users.
R
RADIUS See Remote Authentication Dial In User Service.
RADIUS An authentication mode in which the BRAS sends the user name and the password to
authentication the RADIUS server by using the RADIUS protocol. The RADIUS server
authenticates the user, and then returns the result to the BRAS.
RAID redundant array of independent disks
RSA See Rivest-Shamir-Adleman.
RTCP See Real-Time Transport Control Protocol.
RTP See Real-Time Transport Protocol.

eSight
Real-Time Transport A protocol used to monitor data delivery. RTCP enables the receiver to detect if there
Control Protocol is any packet loss and to compensate for any delay jitter.
(RTCP)
Real-Time Transport A protocol defined by the IETF for transmitting audio and video streams. RTP is
Protocol (RTP) based on UDP. In the RTP header, a time stamp is defined to ensure that audio and
video data can be transmitted and synchronized in real time. H.323 is based on RTP.
Remote Authentication A security service that authenticates and authorizes dial-up users and is a centralized
Dial In User Service access control mechanism. As a distributed server/client system, RADIUS provides
(RADIUS) the AAA function.
Rivest-Shamir- An asymmetric cryptographic algorithm, which is recommended by Public-Key
Adleman (RSA) Cryptography Standards (PKCS) and widely used in electronic commerce. The RSA
algorithm is developed based on the fact that it is easy to multiply two large prime
numbers but difficult to factoring their product. Therefore their product is used as the
encryption key. The RSA algorithm can resist all known password attacks. It has been
recommended as the public key encryption standard by International Organization for
Standardization (ISO).
rights- and domain- A function of the NMS for authority management. With this function, you can:
based management
l Partition and control the management authority.
l Manage device nodes and service data by region.
l Grant different management and operation rights to users for different regions.
S
SAN See storage area network.
SAS serial attached SCSI
SATA Serial Advanced Technology Attachment
SDK software development kit
SFTP See Secure File Transfer Protocol.
SIP Session Initiation Protocol
SLA See service level agreement.
SNE See service network engine.
SNMP See Simple Network Management Protocol.
SQL See structured query language.
SSH See Secure Shell.
SSID service set identifier
SSL See Secure Sockets Layer.
SSO See single sign-on.
STelnet Secure Shell Telnet
Secure File Transfer A network protocol designed to provide secure file transfer over SSH.
Protocol (SFTP)

eSight
Secure Shell (SSH) A set of standards and an associated network protocol that allows establishing a secure
channel between a local and a remote computer. A feature to protect information and
provide powerful authentication function for a network when a user logs in to the
network through an insecure network. It prevents IP addresses from being deceived
and simple passwords from being captured.
Secure Sockets Layer A security protocol that works at a socket level. This layer exists between the TCP
(SSL) layer and the application layer to encrypt/decode data and authenticate concerned
entities.
Simple Network A network management protocol of TCP/IP. It enables remote users to view and
Management Protocol modify the management information of a network element. This protocol ensures the
(SNMP) transmission of management information between any two points. The polling
mechanism is adopted to provide basic function sets. According to SNMP, agents,
which can be hardware as well as software, can monitor the activities of various
devices on the network and report these activities to the network console workstation.
Control information about each device is maintained by a management information
block.
security Protection of a computer system and its data from harm or loss. A major focus of
computer security, especially on systems accessed by many people or through
communication lines, is preventing system access by unauthorized individuals.
service level agreement A service agreement between a customer and a service provider. SLA specifies the
(SLA) service level for a customer. The customer can be a user organization (source domain)
or another differentiated services domain (upstream domain). An SLA may include
traffic conditioning rules which constitute a traffic conditioning agreement as a whole
or partially.
service network engine An integrated intelligent network (IN) service development platform with good
(SNE) openness, powerful expansion capability, and advanced structure. This platform
provides a flexible telecom component library and powerful telecom service
development and operating environment; thereby supporting the development of
various services. Through the SNE, users can conveniently and quickly develop and
deploy telecom services.
single sign-on (SSO) A property of access control over multiple related but independent software systems.
With this property, a user logs in once and gains access to all systems without being
prompted to log in again at each of them.
storage area network An architecture to attach remote computer storage devices such as disk array
(SAN) controllers, tape libraries and CD arrays to servers in such a way that to the operating
system the devices appear as locally attached devices.
structured query A programming language widely used for accessing, updating, managing, and
language (SQL) querying data in a relational database.
subnet An abbreviation for subnetwork. A type of smaller networks that form a larger
network according to a rule, for example, according to different districts. This
facilitates the management of the large network.
T
TCP See Transmission Control Protocol.
TCP/IP Transmission Control Protocol/Internet Protocol
TFTP See Trivial File Transfer Protocol.

eSight
TLS Transport Layer Security

Transmission Control The protocol within TCP/IP that governs the breakup of data messages into packets to
Protocol (TCP) be sent using Internet Protocol (IP), and the reassembly and verification of the
complete messages from packets received by IP. A connection-oriented, reliable
protocol (reliable in the sense of ensuring error-free delivery), TCP corresponds to the
transport layer in the ISO/OSI reference model.
Trivial File Transfer A small and simple alternative to FTP for transferring files. TFTP is intended for
Protocol (TFTP) applications that do not need complex interactions between the client and server.
TFTP restricts operations to simple file transfers and does not provide authentication.
telepresence The Huawei telepresence system provides users a comfortable videoconferencing
environment in which they can have true-to-life and face to face remote conferences.
U
UDP See User Datagram Protocol.
URI See uniform resource identifier.
URL See uniform resource locator.
User Datagram A TCP/IP standard protocol that allows an application program on one device to send
Protocol (UDP) a datagram to an application program on another. UDP uses IP to deliver datagrams.
UDP provides application programs with the unreliable connectionless packet delivery
service. That is, UDP messages may be lost, duplicated, delayed, or delivered out of
order. The destination device does not actively confirm whether the correct data
packet is received.
uniform resource A uniform resource identifier (URI) is a member of this universal set of names in
identifier (URI) registered namespaces and addresses referring to registered protocols or namespaces.
URI is used to locate available resources on the Web, including HTML documents,
images, video clips, and programs.
uniform resource An address that uniquely identifies a location on the Internet. A URL is usually
locator (URL) preceded by http://, as in http://www.microsoft.com. A URL can contain more details,
such as the name of a hypertext page, often with the file name extension .html or .htm.
V
VLAN virtual local area network
VM virtual machine
VMM virtual machine manager
VPN virtual private network
VRF VPN routing and forwarding
VoIP See Voice over Internet Protocol.
Voice over Internet A value-added service technology for IP calls. The VoIP service is a new IP telecom
Protocol (VoIP) service. It can run on fixed and mobile networks and support flexible access points.
Fees for VoIP subscribers are relatively low. Calls between VoIP subscribers who
belong to the same carrier are free of charge.

eSight
WAN wide area network

WLAN See wireless local area network.
WebUI web user interface
Wi-Fi See Wireless Fidelity.
Wireless Fidelity (Wi- A short-distant wireless transmission technology. It enables wireless access to the
Fi) Internet within a range of hundreds of feet wide.
wireless local area A hybrid of the computer network and the wireless communication technology. It uses
network (WLAN) wireless multiple address channels as transmission media and carriers out data
interaction through electromagnetic wave to implement the functions of the traditional
LAN.
X
XML See Extensible Markup Language.


Product Description: Esight V300R002C01

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

Product Description: Esight V300R002C01

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Product Description: Esight V300R002C01

Uploaded by

Copyright:

Available Formats

eSight

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 01 (2016-04-30) Huawei Proprietary and Confidential i

About This Document

l Huawei pre-sales engineers

Indicates an imminently hazardous situation which, if not

Indicates a potentially hazardous situation which, if not

Indicates a potentially hazardous situation which, if not

Issue 01 (2016-04-30) Huawei Proprietary and Confidential ii

Indicates a potentially hazardous situation which, if not

Calls attention to important information, best practices and

Updates in Issue 01 (2016-04-30)

Issue 01 (2016-04-30) Huawei Proprietary and Confidential iii

About This Document.....................................................................................................................ii

2 Functions and Features................................................................................................................. 7

Issue 01 (2016-04-30) Huawei Proprietary and Confidential iv

2.2.13 BGP/MPLS Tunnel Management............................................................................................................................60

Issue 01 (2016-04-30) Huawei Proprietary and Confidential v

2.5 Storage Management.................................................................................................................................................. 157

4 Networking Mode..................................................................................................................... 191

Issue 01 (2016-04-30) Huawei Proprietary and Confidential vi

1 Product Positioning and Features

About This Chapter

Issue 01 (2016-04-30) Huawei Proprietary and Confidential 1

Supporting Various Operating Systems and Databases

Large-Scale Management Capabilities

Comprehensive Device Management Capabilities

Issue 01 (2016-04-30) Huawei Proprietary and Confidential 2

TR-069 Technical Report 069 (TR-069) is used to connect to terminals such as IP

MML Interface Man-Machine Language (MML) interface is used to accept the

Multiple Editions Catering for Differentiated Needs

Edition Management Function

eSight Compact 40 network This edition provides only simple management

Issue 01 (2016-04-30) Huawei Proprietary and Confidential 3

Edition Management Function

eSight 20000 NEs In addition to providing all functions of the

Multiple Service Management Components

Independent NE Adaptation Capability

Issue 01 (2016-04-30) Huawei Proprietary and Confidential 4

Security Description Security Policies

System The system security l Patch policies

Issue 01 (2016-04-30) Huawei Proprietary and Confidential 5

Security Description Security Policies

Data The data security l Encryption policies define encrypted storage

Operation The operation and l Access mechanism by group and permission

Issue 01 (2016-04-30) Huawei Proprietary and Confidential 6

2 Functions and Features

About This Chapter

2.1 eSight Platform

Issue 01 (2016-04-30) Huawei Proprietary and Confidential 7

2.1 eSight Platform

2.1.1 Security Management

Figure 2-1 Security management overview

This section focuses on eSight user security.

Issue 01 (2016-04-30) Huawei Proprietary and Confidential 8