Application of Policy Center Globally Policy Center serves more than 100 carriers and 1000 industrial customers, and manages more than 3 million terminals.

Customer Benefits Control access users: 5W1H-based user access ensures that administrators can view and manage access terminals. Manage terminal security: Policy center controls terminals through behavior and asset management to ensure that terminals comply with enterprise polices. Prevent information leakage: Policy Center prevents unauthorized terminal access to ensure that data is not lost and network is not attacked. 1

Enterprise Networking WLAN Market in Western Europe

Huawei Wi-Fi Demonstrates Sharp Competitive Edge, Winning the Bid for German Dortmund Stadium Project 2

Challenges to Stadium Wi-Fi Coverage Massive user access

•

Good user experience

•

User bandwidth guarantee and differentiated services

•

Seamless roaming

Large capacity requirement: 80, 000 online users and 24, 000 concurrent users

Huawei Solution  The wireless infrastructure provides 30% concurrent access for fans/visitors;  Policy Center is used to authenticate access users and control policies for network access permissions

Customer Benefits  Providing the fans with a world-class Wi-Fi service to enhance their matchday experience;  Future-orientated design to protect the investment;

3

UK Glasgow Ibrox Stadium Wi-Fi Project Background & Requirements  

Ibrox is the third largest football stadium in Scotland, having an all-seated capacity of 51,082. Rangers FC aims to provide the supporters with a world-class Wi-Fi service to enhance their match-day experience. The network will give the 50,000+ fans full access to content rich media as well as access to club competitions, merchandising and forthcoming events.

Huawei Solution   

Wired and wireless integration builds high efficient and secure network, AC redundancy and hot-standby to ensure the business high reliability; Policy Center supports full lifecycle management on visitors and allows visitors to surf the Internet. Wireless employees are authenticated and the Internet surfing service is provided for visitors. The authentication portal supports customization and specialized information push.

Customer Benefits 



The high data capacity that Wi-Fi delivers will allow Rangers fans to use social networks to share their experiences, as well as allowing the club to enhance its ‘digital dialogue’ with its supporters; Capture new business opportunities by targeting delivery of high-definition event video and digital content over Wi-Fi.

4

Internet Surfing Solution for Customers of the Rural Credit Cooperatives in Kunming City Background The rural credit cooperatives in Kunming city is the first city level rural credit union. The union develops and innovates a series of new products and services, meeting needs of rural people and small- and medium-sized enterprises (SMEs) for localized, specialized, and personalized financial services. The customer requirements are as follows: 

WLAN is deployed in the business hall to provide customers with value-added Internet surfing service.



In the business hall, customers can connect their mobile phones and tablets to the WLAN free of charge to log in to the online banking or mobile banking to process financial transactions.

Internet

Policy Center

Huawei Solution 

Policy Center supports full lifecycle management on visitors and allows visitors to surf the Internet.



It connects the queue management system (QMS) to Policy Center. When a customer clicks the QMS, it invokes the visitor API of Policy Center to generate a temporary visitor account and print the account for the customer.



It redirects to the authentication page when a customer accesses any other web page. The customer can surf the Internet after being authenticated using the temporary account.



It deletes the temporary account automatically in 2 hours after the account is generated.

Customer Benefits 

Bank customers can browse and process transactions without the need to wait in queues, improving customer satisfaction.



Customers can process services through WLAN access, reducing the load of bank staffs.



The automatic and intelligent system requires no management personnel, lowering IT costs.

5

Visitor Access Authentication Solution for Hong Kong Stock Exchange Background Hong Kong Exchanges and Clearing Limited (abbreviated as HKEx) is a holding company that wholly owns three subsidiaries Stock Exchange of Hong Kong Limited, Hong Kong Futures Exchange Limited, and Hong Kong Securities Clearing Company Limited. It provides and manages stock and futures exchange and settlement. The customer requirements are as follows: 

The wired and wireless networks are integrated to provide access for employees and visitors.



Personalized portals are provided to reduce IT operation and maintenance (O&M) pressure and improve the company's brand image.

Internet

eSight

Huawei Solution 



Policy Center is used to authenticate access users and control policies for network access permissions. Users can access the pre-authentication domain when they fail the authentication or when no authentication is available; users can access the isolation domain when they are authenticated but the terminals are insecure; users can access the post-authentication domain when they are authenticated and the terminals are secure. A visitor approval process is provided. The receptionist creates a visitor account and sends the account to the visitor through a short message or prints the account in a paper. The customer uses the account to access the Internet.

Customer Benefits

Core network Aggregation switch (integrated AC)

Aggregation switch (integrated AC)

AP



The personalized portals improve the company's brand image.



Visitors are allowed to surf the Internet at any time, improving customer satisfaction.



Policy Center is simply and easy to use, reducing IT O&M costs.

6

DHCP DNS Policy Center

Server

Wireless Authentication Solution for Vipshop Background Vipshop.com is an e-commerce website featured by brand sales. With rapid development since its establishment, Vipshop has become the largest e-commerce enterprise in south China and is one of the top ten e-commerce enterprises in China. It is the first e-commerce enterprise in south China that goes to the market in New York Stock Exchange with the transaction code NYSE:VIPS. The customer requirements are as follows:  The

wired and wireless networks are integrated to provide access for employees and visitors.

 Personalized portals

are provided to reduce IT (O&M) pressure and improve the company's

brand image.

Huawei Solution  One

set of Policy Center is deployed at the headquarters and each of the four warehouses to implement access authentication to WLANs.

 Wireless

employees are authenticated and the Internet surfing service is provided for visitors. The authentication portal supports customization and specialized information push. At the warehouses, the solution controls network access permissions to WLANs based on user identity, so that they can perform transactions conveniently.

Customer Benefits  The

personalized portals improve the company's brand image.

 Visitors  Policy

are allowed to surf the Internet at any time, improving customer satisfaction.

Center is simply and easy to use, reducing IT O&M costs.

7

Largest Outlet Website in China

Build a Solid Security Protection System for Haidian Government in Beijing Background A network without security guarantee can be easily attacked. With the development of the e-Government network and various applications, the network is encountered with more and more challenges. The security of the e-Government network is of great concern to network constructors and managers. The customer requirements are as follows: 

Employee access is authenticated to prevent access of unauthorized terminals.



Health check and management and control of terminal security are implemented to improve information security level and prevent information leakage.

Huawei Solution 

Users can access the pre-authentication domain when they fail the authentication or when no authentication is available; users can access the isolation domain when they are authenticated but the terminals are insecure; users can access the postauthentication domain when they are authenticated and the terminals are secure.



Individualized information security consultation and assessment is provided to tail a long-term security plan for the e-Government network.

Customer Benefits 

After the solid security protection system is built, employees can focus on high-efficient working without the need to worry about viruses and attacks from hackers. This ensures stable development of the e-Government network.

8

Page 8

Build a Solid Security Protection System for Haidian Government in Beijing Policy Center server

VPN access of mobile office workers Internet 1

SACG

E200

Internet 2

E500 Beijing e-Government network

District government office 1

Agent

District government office 2

Agent

IDS Unicom PDSN

Other departments and bureaus

Agent VPDN access of Unicom phones

9

Page 9

Security Management of Terminals on FAW-Volkswagen's Intranet Background FAW-Volkswagen's intranet is faced with the following security problems: A large number of terminals are distributed over a wide area, and visitors and insecure terminals can access the Intranet. It is difficult to implement anti-virus measures or install patches. It is difficult to manage peripheral interfaces or monitor working behaviors uniformly.

Logistics management server

Customer service server

Test server

Telecom

Huawei Solution Security access control gateways (SACGs) are connected to the two core switches in bypass mode to prevent terminals from accessing core resources and Internet resources directly. The gateways check security and control the access of each terminal to ensure security of terminals, network, and core sources. The post audit and log management functions are provided to ensure that events are traceable.

Customer Benefits The solution provides access control on a complicated intranet to ensure that access terminals meet enterprise requirements. This reduces risks of information leakage and virus infection, improves working efficiency, and ensures compliance of the IT management system. The project is completed in a short time with a few investments, and easy to maintain, which greatly reduces future O&M costs. 10

Mobile users

Netcom 4S sales IPSec VPN

Pre-authentication domain

Department 1

Department n

Information Security Management Project of South East Motor Background Information security management of South East Motor faces the following problems: Various terminals are unevenly distributed in many factory areas but there are only a limited number of maintenance personnel. Terminals need to access different applications, such as scheduling of each production service, maintenance of each production system, and daily working affairs. Network access control policies are insufficient; therefore, any user can connect to the network and access any network resource. Different types of terminals use different hardware and operating systems.

Huawei Solution A terminal security management mechanism is provided for the IT system of South East Motor to effectively manage security of terminals and applications. Based on the current network status of South East Motor, the mature Policy Center system is recommended to ensure terminal security.

Customer Benefits The solution provides a terminal security management mechanism for the IT system of South East Motor, improving terminal security. This helps the customer move a major step forward in information construction.

11

Domain Anti-virus management server server Pre-authentication domain

IT Intranet Control Project of Prefect World Background Prefect World is a listed company and has high compliance requirements on terminals on the IT intranet; therefore, a solution is required to implement security management and monitoring on the intranet terminals. The solution needs to provide patch management, access control, behavior management, and file distribution functions.

Internet Domain management server Anti-virus server

Firewall

Huawei Solution

Patch server

Policy Center is deployed on Prefect World's intranet to manage users that access the intranet and their behaviors. Policy Center can check system patches, anti-virus patches, file sharing and IE security settings to harden the terminal system. It also supports process monitoring, prevention of unauthorized external access, ARP defense, and file distribution to facilitate corporation work and make management more flexible and secure.

Pre-authentication domain

Authentication gateway

Post-authentication domain 3

Security policy management

Customer Benefits

Software distribution

The solution deploys Policy Center on the intranet to authenticate terminal users, manage patches as well as hardware and software assets, audit user behaviors, prevent information leakage, and reinforce security management on enterprise information, which greatly enhances the management level of IT Intranet control.

12

Post-authentication domain 2

Employee behavior management

File server Patch management Asset management

Intranet Construction Project of Industrial Banks over China Background Industrial Bank whose stock code is 601166 has set up 34 subsidiary banks and over 300 branches. In the complicated network environment, security management including confidential information protection, terminal security access control, timely upgrade and installation of antivirus system, personnel activity tracing, and audit recording requires to be enhanced. Technical measures need to be taken to prevent and eliminate potential information security risks.

Huawei Solution The access control technology is used as the core and mandatory policies to construct a terminal security management platform with network and system layers. The platform integrates technologies including patch management, software distribution, antivirus, asset management, information security, and permission control. These technologies are used to implement management rules, preventing security risks caused by terminals that do not comply with rules. Policy Center is deployed at 35 cities and areas all over China in a distributed manner to manage 5,000 terminals.

Customer Benefits The intranet security protection mechanism greatly reduces risks of virus infection and information leakage. With rich information security management experience, the solution protects data security for Industrial Bank from technology and management perspectives. 13

Page 13

Security Guarantee for 12000 Terminals of North China Grid Background North China Grid Company Limited is a state-owned company invested by State Grid in Beijing. Terminal users can connect extranet devices to the information intranet by inserting network cables, which may introduce viruses and malicious code threatening the power system. It is hard to trace subsidiary companies' unauthorized access to the information intranet and locate the violating personnel. Devices on the information intranet support USB devices, which may also introduce viruses and cause information leakage. IT assets on the information Intranet cannot be managed in a unified manner.

Huawei Solution The network access control system is deployed on the information networks of the headquarters, five subsidiary power supply companies, and two subsidiary super power voltage companies to implement access control, behavior management, and audit. There are about 2,000 terminals in Tangshan, Qinhuangdao, Zhangjiakou, and Chengde companies respectively and 1,000 to 1,500 terminals in Langfang, Beichao, and Dachao companies. SACGs are connected to the networks in bypass mode to implement application-level access control, without changing the original network topology.

Customer Benefits With Policy Center deployed, the solution uses access control technologies to protect the desktop standard system, anti-virus system, and server resources of North China Grid Company, ensuring effective running and implementation of the security system specified by State Grid. 14

Unified Policy Engine Helps Huawei BYOD Solution Terminal

Network

Application

Management

LTE/4G

SWITCH

SVN

Push Mail

Video Conference

Wi-Fi

AP

AC

Security Efficiency

Yellow Pages

Blog

CRM

…

…

....

....

FW PBX

Experience

UC 2.0

IMS

Server

Third Party

Unified policy Policy Center

Mobile work can be achieved at any time from any place with superior user experience. Full lifecycle management ensures terminal, network, application, and data security. A high-efficient network ensures uninterrupted services, improving 20% work efficiency.

15

HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY

Copyright © 2014 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.