Huawei Qiankun District and County Education Security Cloud Service Solution (2)

This article is undertaken by:
https://blog.csdn.net/qq_37633855/article/details/133276200?spm=1001.2014.3001.5501
Focus on explaining the deployment process of Huawei Qiankun District and County Education Security Cloud Service Solution .

Course address

The course resources related to this program have been released in the Huawei O3 community and can be accessed by following the following steps (you need to have a Huawei account, an ordinary personal account will suffice~)

Course address:

1. Copy the link https://o3community.huawei.com/ to enter the Huawei O3 community;
2. Click "Training Empowerment > Guided Learning";

3. Select "Huawei Qiankun District and County Education Security Cloud Service Solution" in the guided course to see the relevant content of the course.

Huawei's O3 community platform will have supporting technical documents, video explanations and simulated test questions. All content of the course is developed by myself. If you have any questions during the learning process, you can leave a message below the course on the O3 platform or in the comment area of ​​this article for discussion~

Solution deployment

overall process

The overall deployment process of Huawei Qiankun District and County Education Security Cloud Service Solution is as follows:

• Network planning: Plan the deployment location, deployment method and basic network parameters of local Tianguan equipment;
• Activate services: Register a tenant account on Huawei Qiankun Cloud and apply for secure cloud services;
• Tianguan goes online: The customer's local Tianguan device connects to Huawei Qiankun Cloud to complete device registration;
• Service delivery: Tenants bind the applied secure cloud service package to the Tianguan device online on the client side on Qiankun Cloud to achieve cloud linkage;
• Common operations: Common operation and maintenance operations that tenants can perform on Qiankun Cloud.

Network planning

The Tianguan plan is as follows (taking a single university campus network as an example):

• Deployment location: Deployed between the customer's egress firewall and core switch;
• Deployment method: Layer 2 transparent mode serial connection is used, and the network parameters of the uplink interface connected to Huawei Qiankun Cloud are obtained through DHCP (the egress firewall serves as the DHCP Server).
• Network parameters: The specific interface parameter planning of Tianguan is as shown in the following table:

Note: This solution is a security reinforcement and optimization solution for existing business production environments. The remaining network and network security equipment except Tianguan need to be reused.

Subscribe to a service

Activating Huawei Qiankun Border Protection and Response Service consists of two steps: registering an account and activating the service:

• Register an account: Register a Huawei Qiankun Cloud account to log in to Huawei Qiankun Cloud.
  
• Activate the service: Activate the service package supporting the Tianguan equipment. Taking this solution as an example, you can activate the border protection and response services after entering the Tianguan SN.
  

Register an account

The detailed steps to register a Huawei Qiankun Cloud account are as follows:

• Log in to the Huawei Qiankun Cloud Service Console (https://qiankun-saas.huawei.com/public/dist/iam/login-web/index.html#/);
• Click "Register Tenant" on the login page (quick registration is used as an example here).
• Enter your mobile phone number according to the prompts on the page to obtain the SMS verification code, then check "I have read and agree to the Privacy Policy Statement and Huawei Qiankun Cloud Service User Agreement", click "Register and Login", and finally complete the password setting according to the system prompts.

Subscribe to a service

The detailed steps to activate Huawei Qiankun Cloud service are as follows:

• After logging in to the Huawei Qiankun Cloud Service Console with a registered account, click "Order Center" under the current account in the upper right corner of the interface;
• After entering the "My Orders" interface, click "Activate Service" on the right (take "Activate based on SN" as an example), and then enter the device SN serial number.

Tianguan is online

The customer-side Tianguan equipment can work in routing mode and transparent (switching) mode. The deployment method is divided into direct deployment and bypass deployment. In this solution, Tianguan selects transparent mode direct connection deployment. The specific online operation process is as follows:

• Open the browser of the management PC to access the Tianguan standard configuration page (https://xxxx:8443/default.html, xxxx is the Tianguan management port IP, the default is: 192.168.0.1/24), and follow the prompts after logging in to the page. Create an administrator account (you need to create an administrator account for the first deployment of the device. If you already have an account, go to the next step).
• Use the created administrator account to log in to the Tianguan quick online page (https://xxxx:8443/cloud), select Tianguan’s Internet access method and Internet interface. In this case, the Internet access method is DHCP, and the Internet interface defaults to Vlanif1. Set the parameters. Then click "Apply", and then check the Huawei Qiankun connection status. If the status is "Connection successful", it means that the Tianguan is online successfully.

Service delivery

After Tianguan goes online, Huawei Qiankun Cloud automatically delivers services. Tenants need to confirm the online status of Tianzhuan and the status of service package issuance.

• Use the previously created Huawei Qiankun Cloud account to log in to the Huawei Qiankun Cloud platform (https://qiankun-saas.huawei.com), then click "Console" in the upper right corner of the page to enter the Huawei Qiankun workbench interface, click "Devices" on the right side of the page The device statistics page appears on the side to check whether the device status is normal.
• Click "Order Center" in the user account drop-down list in the upper right corner to enter the "My Package" page and check whether the service package has been deployed and whether the status is normal.

Common operations

After the customer-side Tianguan is successfully connected to Huawei Qiankun Cloud, users can log in to the Huawei Qiankun Cloud platform to perform various convenient network security management and operation and maintenance operations. Common cloud operations include the following:

For specific operation procedures, please refer to the relevant videos to learn. The video links are as follows:

https://live.csdn.net/v/330887

This concludes the series of blogs on this project~