Intelligent building solutions
Computer network system is an indispensable part of the weak current system of intelligent buildings. Hangzhou H3C Communication Technology Co., Ltd. (hereinafter referred to as H3C) is one of the major domestic IP network product and solution providers, with a wealth of IP network products and solutions. The weak current design unit and the weak current integrator choose during design and construction. Below we take intelligent buildings as an example to introduce several H3C company's IP network solutions.
1. IP network solution for low-rise buildings
The overall number of data information points in low-rise buildings is small, and the distance between each floor and the ground floor computer room is relatively short, so the general core equipment does not need to use very high-end equipment, and the number of core switch optical fiber interfaces is less required.
Equipment selection:
1. It is recommended to choose H3C S3100-EI series intelligent security switch for the access switch in the weak current room on each floor.
a) 8 ports, 16 ports, 24 ports, 48 ports can be selected according to the number of information points. If the number is more, the number of expansion ports can be stacked.
b) The link used from the weak current access switch to the core switch depends on the distance between the two. If the distance is less than 100 meters, a Category 5e cable can be used; if the distance is more than 100 meters, a multi-mode optical fiber transmission can be used.
c) As the uplink gathers all access traffic, it generally uses gigabit bandwidth. S3100-EI provides enough GE electrical ports and optical modules for selection.
d) If there are devices such as wireless APs, IP phones, etc., in order to facilitate power supply, you can choose the POE model of S3100-EI, and use the POE method to power these devices.
2. The core switch is deployed in the computer room on the ground floor. Since low-rise buildings require fewer optical fiber aggregation ports, the H3C S5500-28F-EI gigabit optical fiber aggregation switch can meet the requirements. If the reliability requirements of the core equipment are very high, the H3C S7502E chassis switch can meet the requirements.
3. Configure a set of network management system H3C iMC to realize comprehensive management of all network equipment, including equipment management, performance management, alarm management, configuration management, and topology management.
4. H3C's router or firewall can be used to connect the building to the internet. There are a wealth of product types to choose from, so I won't go into details.
2. IP network solution for high-rise buildings
The construction modes of high-rise buildings in different industries are very different: the selection of equipment is very different, the bandwidth is very different, the networking scheme is very different, the network structure is very different, and the investment is very different. Here is a brief discussion of some basic rules.
Considerations for the selection of access layer equipment:
l Many high-rise buildings are representative buildings in the industry or in a certain area. The construction specifications are high and the requirements for informatization are also high. Therefore, technological advancement needs to be taken into consideration. An important development trend of the current network is the popularization of gigabit access, so gigabit access switches are used in the access layer of many high-rise buildings.
l H3C has the most complete Gigabit switch product line in the industry. S5100-EI/S5100-SI are all Gigabit Layer 2 switches with high cost performance. The uplink can use 10 Gigabit fiber, so that each access user can obtain a sufficiently high bandwidth. You can also use multiple gigabit bundles for uplink first, and use 10 gigabit links when needed later.
l For customers who still want to use 100M access, H3C has S3100 series/S3600 series of abundant types of 100M access switches to choose from. The use of 100M access switches can refer to the selection considerations of low-rise buildings.
Consideration of core equipment:
l The failure of core equipment will affect the network usage of the entire building. Therefore, it must have high enough reliability and stability. In addition, it must have strong scalability, multi-service support capabilities, security protection capabilities, large-capacity access capabilities, etc. .
l H3C S9500/S7500E and other high-end switches are one of the mainstream core switches at home and abroad. They have dozens of reliability technical guarantees and have a large number of applications on the domestic Internet. The maturity and stability have been fully tested.
l In order to realize the security isolation between the different departmental networks of the building and prevent various network security threats from the external network to the building intranet, the core switch is required to support the integration of various security service boards to facilitate the deployment of security prevention technologies . H3C S9500/S7500E switches can support multiple security service boards such as FW/IPS/NTA, realizing high-integration and low-cost security deployment.
Considerations for network management system construction:
l H3C iMC Intelligent Management Center is a basic network management platform. By adding different management components, it can realize the integrated management of users, services, and resources. That is to help you see clearly what resources are available on the Internet? Which businesses are using these resources? Which users are using these resources? Which users are using which services?
3. Wired and wireless integrated IP network solution
Although in the planning and construction of the building, optical fiber or copper cable has been laid as the backbone network of the building. However, the wired network still has to be restricted by the wiring in some occasions: for example, the amount of wiring and rerouting is large; the lines are easily damaged; the nodes in the network cannot be moved, etc. Especially for home users, the location of network nodes is relatively unstable, and network laying should try to avoid large workloads such as slotting.
有线网络 | 无线网络 | |
布设线缆或租用线路 | 是 | 否 |
线路是否易损 | 是 | 否 |
施工难易度 | 高 | 低 |
工程时间 | 较长 | 短 |
工程美观度 | 杂乱 | 简洁美观 |
维护 | 复杂 | 简单 |
Through the above comparison, it can be seen that wireless networks have many unique advantages over wired networks. According to the current network construction practice in intelligent buildings, it has become a trend for the two networks to "deploy at the same time and complement each other". The backbone and fixed information points of the network are more wired networks, and the information points and mobile information points that are not easy to wire are more wireless networks.
However, a prominent problem at present is that in most cases, the wireless network is managed separately from the wired network as an independent network. This leads to the need for a separate management system and security strategy for the wireless network, which makes the management cost of the wireless network high.
H3C advocates "wired and wireless integrated network solutions" in intelligent buildings. The main features are "equipment integration, management integration, security integration, and business integration". Below we introduce these features in combination with some actual projects:
1. Equipment integration
Wireless network equipment mainly includes wireless controller (AC) and wireless access point (AP). The so-called "device integration" refers to the integration of wired equipment and wireless equipment, which is mainly reflected in the integration of wireless controllers and wired network equipment.
H3C has two integration methods: "one high and one low": "one high" refers to the integration of high-end wireless controllers and high-end switches. The high-end wireless controllers are directly made into switch boards and inserted into the slots of high-end switches. , H3C's S7500E and S9500 high-end switches support wireless controller card.
Seamless integration of H3C's "7500E Series Switch + Wireless Controller Module + SecBlade Firewall"
What are the benefits of the integration of wireless controllers and high-end switches?
l The first is to reduce the cost, no longer need to provide a case, power supply, fan, etc. for the wireless controller
l Secondly, the wireless controller and the switch become one device, which is more convenient to manage
l Do not connect between the switch and the wireless controller, use the backplane connection directly to avoid single point of failure
l Stronger expansion capability, high-end switches can insert more wireless controller cards
l Occupies less space and consumes less power
"One low" refers to the small-capacity wired and wireless integrated switch WX3024, which integrates: weak three-layer function, 24 Gigabit electrical ports/4 combo ports/10 Gigabit slots, POE+ power supply, wireless controller, DHCP Rich functions such as server and Radius server. It truly realizes the integration of wired and wireless networks in smart buildings, simplifies construction complexity, reduces energy consumption, and achieves the goal of green and energy saving.
2. Management integration
There is a status quo in network management: the use of someone's equipment is the management of someone's network management, which can sometimes cause trouble. If the wireless network of manufacturer A and the wired network of manufacturer B are used in an intelligent building, we have to use the network management of manufacturer A and the network management of manufacturer B, so that a common network topology cannot be displayed.
As a manufacturer that provides both wired and wireless networks, H3C has an advantage in the management of wired and wireless networks. H3C provides an intelligent management platform for unified management of all IT equipment-the iMC Intelligent Management Center. A set of iMC can manage wired and wireless networks in a unified manner.
Wired and wireless integrated network management topology diagram, schematic diagram of wireless radio frequency coverage
The integrated management not only includes basic functions such as device management, topology management, alarm management, performance management, and configuration management, but iMC can also provide more management functions, such as network traffic analysis, user account management, etc. These all share a set of iMC system, and there is no need to provide one set for the wired part and the wireless part.
3. Safety integration
First, let’s analyze what security measures are needed for the integrated wired and wireless network of smart buildings?
Attacks on smart building networks usually come from outside and inside. Attacks from the outside are prevented by network border security solutions, and products such as firewalls, intrusion prevention systems, anti-virus walls, and anti-spam are used at the exit of the network. Security issues from the inside use intranet security control solutions, which include security isolation between different network areas, high-level security protection for important security areas, and endpoint access control. . . and many more. The big challenge here is whether to implement a consistent policy of endpoint access control for wired and wireless networks.
First, a brief introduction to endpoint access control: As the saying goes, "house thieves are hard to guard against", and the same is true for network security. At present, 70% of network security is triggered from within, so the industry is paying more and more attention to the security control of the intranet. The security problem of the smart building intranet is often caused by a certain terminal. For example, the terminal uses illegal software to form an internal network attack, or fails to update the virus database in time to cause a virus on the Internet, or the operating system patch is not updated and the Internet is online. Be hacked and become a puppet machine. . . How to avoid such problems? H3C has launched the "EAD (Endpoint Admission Defense) Endpoint Admission Defense" solution. The following is the architecture diagram of the EAD solution:
Any PC on the intranet is required to enter the internal network: no illegal software is installed, the virus database is up to date, the operating system patch database is up to date, and the PC is used by internal employees. How is it achieved? A small software "H3C iNODE" is installed on each PC. It maintains communication with the "EAD Security Policy Server". It will check your PC when you try to connect to the local area network. If you find that you have not reached If requested, refuse to access the network!
At present, H3C's EAD can be deployed uniformly for different methods such as wired access, wireless access, remote VPN access, WAN access, and gateway access. In the authentication protocol adopted, the wired and wireless EAD are the same, and both adopt the 802.1X or Portal protocol. Difference: The EAP authentication protocol of 802.1X is different. Wired generally uses EAP-CHAP, and wireless uses EAP-PEAP and EAP-TLS.
Through "security integration", regardless of whether users enter the network through wired, wireless, or VPN, the security strategy is consistent. Such a network has no security loopholes and can provide a truly secure wired and wireless integrated network for intelligent buildings. surroundings.
Four, IP video surveillance program
IP video surveillance is the development trend of video surveillance systems. Based on its long-term accumulation in the IP field, H3C has innovatively integrated IP network, IP video, IP storage, and IP management technologies, and launched an IVS intelligent surveillance solution.
The IP surveillance system is composed of front-end equipment, encoders, video surveillance computer networks, control centers, storage systems and other parts. The system block diagram is as follows:
1. Front-end equipment
The front-end equipment in the IP surveillance system includes cameras, lenses, protective covers, mounting brackets, pan-tilts, etc., as well as encoders. The camera is responsible for capturing the scene and converting it into an analog signal. The encoder converts the analog signal of the camera into a digital signal, transmits the signal to the control center via the IP network, and then restores it to an analog signal through a decoder, and sends it to the display device display.
2. Control Center
The control center is responsible for processing the signal transmitted by the front-end camera and displaying it on the designated monitor. The signal can also be stored and processed. The control center can control the rotation, zoom, and focus of the front-end integrated camera through the control device, so that the control center can obtain the corresponding picture.
Control center equipment includes codecs, storage systems, management systems, network systems, TV screen walls, central consoles, UPS power supplies, and security system power distribution cabinets.
1) Codec
The codec supports encoding formats such as H.264, MPEG2, MPEG4, and MJPEG. The decoder is responsible for converting the digital image from the front end into an analog image, which is displayed on the above TV screen wall. The encoder provides monitoring of the monitoring center to prevent insider theft.
2) Storage system
Build a complete network storage system, storage resources can be distributed and subordinated according to demand, and unified resource management and scheduling, support dynamic storage resource management, online subordinate, can meet customer needs of different storage quality, capacity and service quality based on a unified platform. Provide complete backup and storage lifecycle management functions.
3) Management system
Including a dedicated video management server and web client. The video management server is a dedicated signaling server for centralized authentication, registration, configuration, control, and alarm forwarding control. It can realize complete network management functions of video codec equipment and support multiple devices. The signaling management servers work together to form a multi-level and multi-domain management platform. The web client can provide friendly and convenient man-machine interface functions, including real-time monitoring, query, and pan-tilt control of the monitored object.
5. Domestic application
H3C's series of IP products and solutions have been widely used in many intelligent buildings at home and abroad:
※ Intelligent buildings (including government buildings, corporate buildings, high-end office buildings, high-end hotels and other different types of buildings). For example: Xinhua News Agency New Building, PetroChina New Building, Guodian New Building. High-end hotels include Beichen Intercontinental Hotel, Park Hyatt Shanghai World Financial Center, etc.
※Large venues, such as: National Grand Theater, Palace Museum, National Library, National Stadium, Olympic Park, International Convention Center, Wukesong Stadium, Qingdao Olympic Sailing Center, Hong Kong Olympic Racetrack, Shandong National Games, etc.
※Digital parks (large enterprise parks, software parks, etc.). For example: UFIDA Software Park, Neusoft Dalian Software Park, etc.
※Traffic engineering (railway, subway, expressway, bus, civil aviation, port, wharf, etc.). For example: Beijing Metro Line 4, Line 5, Line 13, Airport Line, Shenyang Metro, Qinghai-Tibet Railway, Beijing Bus BRT, Capital T3 Terminal, Shenzhen Airport, Jinan/Qingdao/Wuhan/Kunming and other airports.
※Digital urban management, such as Hangzhou Digital Urban Management, Nanning Digital Urban Management, etc.
※Safety project (Since the US 911 in 2001, all countries in the world have attached great importance to urban safety issues. In 2006, various cities in China began to construct "safe cities", strengthening video surveillance of cities, detecting safety problems in time, and dealing with them promptly and decisively) . H3C currently has won the bid and served the construction of 120 safe cities (as of the end of December 2008), accounting for the largest share of the safe engineering market and becoming the first brand of "safe engineering". For example: Ping An Hangzhou, Ping An Shenzhen, Ping An Fushun, etc.