1. The document describes an agile network solution that features plug-and-play deployment, centralized configuration, free user mobility, service orchestration, unified security, and intelligent fault location.
2. The solution allows for automated management channel creation between devices, centralized management of configurations, flexible policy-based access control, and concentration of security resources for improved protection.
3. Key benefits include easy deployment of new devices, consistent policies for wired and wireless users, mobile access based on user attributes, and network-wide security monitoring, evaluation and response.
5. 1.1 SVF-> Plug-and-Play
SVF-Parent
SVF-Client
3. Automatically create management channels
AS and AP are virtualized.
Shield differences of wired and
wireless networks and transmit traffic of
ASs and APs over same management
channels (CAPWAP)
2. Power on
SVF-Client
1. Pre-deployment
• Configure management channel
• Add port to virtual group
eSight
Network
Design
Service
Deployment
Routine
Monitoring
Fault
Location
6. 1.1 SVF-> Plug-and-Play Experience
1. Display topology after pre-deployment
2. Power on the new device, plug-and-play
3. Clients are vertically virtualized and displayed
under Parent
4. Parent panel shows vertically virtualized topology
Network
Design
Service
Deployment
Routine
Monitoring
Fault
Location
8. 1.2 SVF-> Centralized Configuration
SVF-Parent
SVF-ClientSVF-Client
Ethernet WiFi
Service Profile
User
Group
Parent: uses same service profiles for
wired and wireless users
Client: automatically delivers
parameters based on type of access
devices
User: adapts to the authentication
method based on access interface type
Network
Design
Service
Deployment
Routine
Monitoring
Fault
Location
10. 2 Free Mobility
Phase 1
2
Administrator configures user and
resource access rights on Agile Controller.
Agile Controller translates the
configuration into machine language and
delivers it to devices on the entire network.
When a user logs in, the policy
enforcement point obtains user
rights configured based on 5W1H
conditions, and enforces the
access policy.
Deploy policies
Enforce policies
Deliver policies
Service flow
Policy enforcement pointWAN/Internet
Agile Controller
WAN/Internet
Email, ERP,
code…
HQ access:
R&D/sales/guests…
Branch access:
R&D/sales/guests…
Internet:
R&D/sales…
NGFW
SW
SW
SW
SW
NGFW
SVN
Centralized policy control allows network resources to
migrate with mobile users
Network
Design
Service
Deployment
Routine
Monitoring
Fault
Location
Data Center
Phase
11. 2 Free Mobility Experience
1. Pre-Configure policies 2. Obtain Access policies based on 5W1H
Network
Design
Service
Deployment
Routine
Monitoring
Fault
Location
13. 3 Service Orchestration
Functions:
Security resources are concentrated in
a resource center to allow flexible
allocation of security capabilities
based on attributes such as resources,
users, and zones, improving security
protection capabilities of the entire
network.
Typical applications:
Guest online behavior management
Virus cleaning
Security resource
center
User Group Resource Group
Internet
Tunnel
Tunnel
Agile Switch
Security policy ASG
Online behavior
management
NGFW
Firewall
Agile
Controller
Security policy
Tunnel
Service flow
Network
Design
Service
Deployment
Routine
Monitoring
Fault
Location
14. 3 Service Orchestration Experience
1. Agile switch GRE Security resource center 2. Flexible service orchestration based on
service scenarios
Simply drag the
mouse
Network
Design
Service
Deployment
Routine
Monitoring
Fault
Location
16. 4 Unified Security
① Security event collection
Collect event logs from network devices, security devices,
servers, and terminals.
② Big Data analytics
Analyze a huge amount of correlated log information to
show security condition of the entire network and detect
security risks.
③ Network security evaluation
Evaluate security threat severity on the entire network,
show the attack topology, and identify top-risky assets
and zones to provide information for network security
protection.
④ Security correlation and active defense
Agile Controller delivers adjusted security policies to
related devices in response to security events. For
example, the devices can log out users or block traffic
from these users.
Log collection
Security policies
take effect
②Big Data analytics
③ Network security evaluation
Network
Design
Service
Deployment
Routine
Monitoring
Fault
Location
17. 4 Unified Security Experience
1. Network-wide or
domain-wide
security threat
evaluation
2. Focus on TOPN
risky assets
3. Drill-down domain-wide threat
status, view security detail
information and handling
suggestions
Network
Design
Service
Deployment
Routine
Monitoring
Fault
Location