H3C Education MAN solution

    03-11-2022

Overview

The education Metropolitan Area Network (MAN) is an important supporting platform for education informationization as it carries nearly 90% of teaching applications. Building an education MAN in the era of "Education Informationization 2.0" is the key element for the transformation of education informationization to education modernization.

User requirements

1. Building the digital campus in all schools requires the deployment of multiple security devices, wireless devices, and intelligent terminals besides traditional network devices. It also requires the maintenance and management of multi-vendor and multi-type devices.

2. Improving the education quality. According to the Action Plan for the Education Informationization 2.0, education informationization is an important support for the integrated development of urban and rural compulsory education, and the education MAN is the basic platform for delivering high-quality educational resources to rural areas. However, it’s a major problem to ensure the stable and continuous operation of the education MAN and quick recovery from failures.

3. National security depends on network security with the implementation of the national strategy of "Internet + Education", and education informationization has made progress on the construction and application at all levels. However, network security in the field of education faces more complicated challenges after the deep integration of information technologies and educational applications.

H3C education MAN solution

1. Free from on-site O&M

By integrating the SDN technology with the traditional education MAN architecture, the education backbone MAN and the campus network form an SDN network. All network devices in the network, including dumb terminals, IP broadcast terminals, and card readers, can be uniformly managed through the SDN controller.

Maintaining "three" devices for maintaining network-wide devices

The overall MAN architecture is virtualized into three layers (core, aggregation, and access), and each layer is virtualized into one device. For the educational technology center, only the configuration and the hierarchy relation of the "three" devices need to be maintained, which is to maintain the tens of thousands of devices in the MAN.

"AI-enabled network management" and education network with no need for on-site O&M

The network devices are automatically deployed, and the network can automatically recover when the faulty device restarts or is replaced. No professionals need to be dispatched for on-site debugging, reducing the difficulty of work. The network recovery time is reduced to 10 minutes.

Intelligent management and dynamic policy

For user ID-based roaming in the MAN, the user rights are automatically delivered by the SDN controller after setting. There is no need to debug all network devices due to changes in the user location or device, and the network response speed is improved by more than 10 times.

It mainly helps the O&M administrators of the education department to solve the problems of daily O&M, management and network changes after the large-scale MAN construction.

H3C education MAN security solution

1. What application scenarios (sale scenarios) does it support?

Compliance Requirements of Classified Protection of Cybersecurity 2.0: New or upgraded MANs of provincial and municipal education departments, and key elementary and middle schools.

2. What is the value of the “Classified Protection+” Solution?

Simple solution, simple deployment, and short construction period.

Worry-free evaluation of classified protection and improved security.

Multiple functions meeting requirements, fewer devices requiring maintenance, and less O&M cost

3. What are the advantages of H3C's "Classified Protection+" Solution?

The H3C's "Classified Protection+" Solution adopts the networking method of a security management all-in-one machine and multiple next-generation firewalls (NGFW) ("1+X"), and is designed according to the compliance concept of "one center with three layers of protection". NGFW completes the protection of the secure communication network and the security area boundary. The security management all-in-one machine integrates the "system management, audit management, and security management" with the functions of the O&M audit, log audit, and vulnerability scanning to form a polymorphic security management center that meets the main capability requirements for the compliance of Classified Protection of Cybersecurity 2.0.

Advantages:

(1) H3C is the major participant in drafting the general requirements (GB/T22239-2019) and the evaluation requirements (GB/T28448-2019) of Classified Protection of Cybersecurity 2.0.

Value: The security management all-in-one machine is completely made on H3C's understanding of authoritative standards of the Classified Protection of Cybersecurity 2.0. It can fully meet the requirements of the security management center in the Classified Protection of Cybersecurity 2.0, helping customers quickly pass the security evaluation and meeting the needs of customers on the security management construction.

(2) Complete qualifications and worry-free evaluation of classified protection: It is authorized with the independent product sales license (applicable to the security management all-in-one machine), which meets the requirements for the qualification of construction products under the classified protection.

Value: Product compliance is vital for the construction of classified protection, and the independent product sales license prevents legal risks from customers.

Article 3 of Order No. 32 of the Ministry of Public Security: The sales license system shall be implemented for the special products for safety to enter the market within the territory of the People's Republic of China. Manufacturers of security products must apply for the "License for Sales of the Special Products for Safety of Computer Information Systems" before their products enter the market.

(3) Integrated delivery and quick launch: It is an "integrated" device with functional modules including vulnerability scanning, log auditing, O&M auditing, and application launching. It can be used by connecting to a reachable network for the IP address after "launching-powering on-turning on" and be deployed in 30 minutes at the customer site.

Value: delivery capability of integrated services, simplified overall networking, easy and convenient deployment, short construction period, and less user application costs.

(4) Full-scenario application and convenient maintenance: Object of Classified Protection of Cybersecurity 2.0: The solution is applicable to the traditional information system, basic information network, cloud computing, big data, and other objects. The device supports bypass deployment and unified management, thus being convenient to maintain.

Value: The solution is applicable to all scenarios under the Classified Protection of Cybersecurity 2.0, featuring efficiency and compliance. Device failures don't affect the normal forwarding of services.

(5) Decoupling of control plane and forwarding plane: The solution adopts the design concept of "Classified Protection+" Solution and the separation of control, forwarding, management, and auditing. NGFW possesses FW, IPS, WAF, ACG, AV, and other protection functions to control and forward. The security management all-in-one machine possesses vulnerability scanning, log auditing, O&M auditing, and other functions to conduct the management auditing. For the construction of classified protection, this solution is simple to operate as it only needs to select the corresponding specifications and quantities of NGFWs according to the services and cooperate them with the security management all-in-one machine to form a network.

Value: The overall solution is simple, flexible, and easy to deploy. The construction of Classified Protection of Cybersecurity 2.0 saves time and labor and is free from worry.

Cases:

H3C's Education MAN is deployed in the following areas: Poyang County, Zhanggong District, Ganzhou, Zhangjiajie City, Quannan County, and Qingyang District, Chengdu. In addition, Sanya City is deployed with the H3C's safety and education MAN.

新华三官网