First, the current development status of the industry
The hotel's network is usually divided into different functional networks, including: management network (for interior management), room network (access to the Internet), Wi-Fi in public areas (wireless Internet access in public areas), IPTV network (used to carry IPTV) network of).
The hotel's rental operator's bandwidth is connected to the Internet, often in order to order the hotel IT Manager does not want to see:
● Some domestic guests use P2P technology (typical software including Thunder, EMU, BT, etc.) high-speed download, sempuls a limited Internet access bandwidth, leading to most hotel guests to internet speed and even unable to access the Internet.
● The hotel staff is addicted to the work-independent QQ chat, the access work has nothing to do with the website, accessing illegal websites, etc., affecting internal work efficiency, and introduces the virus into the internal network.
● Individual hotel employees transmit important documents via mail, FTP, etc., causing confidential leaks, how to provide effective evidence information?
In addition, according to the "Measures" (ie "No. 82") issued by the Ministry of Public Security (ie "No. 82"), the "Internet Service Provider" and the networking user shall have at least sixty preservation of the recovery technical measures in accordance with this provision. The function of the day records ", for the hotel, you are to record hotel internet access records.
In this case, a professional application control gateway product is urgently needed to solve the above problems, and the H3C ACG (Application Control Gateway) is to launch this strong demand!
Second, demand analysis
In the hotel industry, we must meet the national laws and regulations. In the "Network Security Law" just launched, the information construction summary must guarantee information construction, such as in the construction of wireless non-operating places, to ensure real-time recording users Internet behavior records, Internet information, real name certification, etc., here is a typical networking analysis of the hotel chain industry.
● Hotel chain, branches, and headquarters to achieve data sharing, headquarters should manage branch, considering cost and security issues, generally use IPSec VPNs to interconnect, carry OA / Mail / Performance / Order and other internal network systems ;
● In order to ensure good network stability, provide users with a good Internet experience, providing stable network security for the server, and enterprise network exports generally use multiple operators' export access to implement load balancing;
● The network generally needs to be accurately controlled to the user. For the user to perform online behavior management and flow control, considering network security issues, it is recommended to perform real-name authentication to security control;
● Hotel chain, large number of users, Internet traffic involves P2P download, web browsing, etc., need to protect most users' normal web browsing and other traffic, make certain restrictions on P2P, streaming media, etc..
Third, the solution introduction
Program description
For interlocking hotels, it is necessary to interconnect through VPN. In solution design, it is necessary to ensure that internal information docking is simple, and it is also necessary to ensure convenience and easy to ensure the management and operation of the headquarters.
For all "Total-Division" networks of all deployment IPSec VPNs, the traditional IPSec VPN is connected to the headquarters and branches, they can be online, but for the business chain, branch is generally no network management personnel. Or insufficient technical level of network management, leading to inconvenience in IPsec VPN; when there is a failure in IPSec VPN, it is difficult to maintain.
IPSec VPN dynamic connection
Xinhua Sanchao Hotel Network Interconnection Solution, you can realize dynamic VPN, ACG1000 device deploying IPSec VPN adopts "automated" mode, and later maintenance: After IPSec VPN is established, the device can also create, modify, and delete the stream network segment At this time, once the change occurs, XML will be pushed to the other party, and the above flow is automatically performed, without manual intervention.
Third, highlight function introduction
Concentration control
The chain hotel industry has frequent development, and the export bandwidth, room number, and access control demand are not the same. The ACG1000 can quickly dial in the VPN on the store, and then the management strategy.
ACG centralized management
At the exit deployment ACG gateway, you can integrate the IPSec VPN configuration and registration mechanism of the VPN gateway device through the ACG1000 centralized management components. When the VPN gateway is connected to the Internet, register with the Control Platform using a configuration account and password. After receiving the registration request, the current control platform is permitted according to the username, and the corresponding VPN configuration file is found according to the username, the configuration file is issued to the VPN gateway device, allowing the VPN gateway to quickly interconnect. At the same time, the device online mechanism is registered with the ACG active to the ACG Manager, which can not only solve the NAT problem, but the administrator can load the device configuration to the network management. When the store device is online, the administrator does not need to be in the company, but can take a break, as long as you go to work Time to adjust the strategy.
2. User real name authentication
Effective distinction users are the management basis for deploying differentiated authorization and auditing strategies, effectively defensing identity pre-proliferation, permission diffusion and abuse; and H3C is guided by user demand, leading the user's urgent WeChat certification.
3. Multiple authentication methods
Through this scheme, you can realize a variety of identity authentication methods, such as:
Local certification: web authentication, username / password authentication, IP / MAC / IP-MAC binding
Third-party certification: RADIUS, LDAP, etc.
Application: No need to use the data center software, no APP modification, avoid coordinated communication costs;
WeChat certification: connect the merchant WiFi, automatically pop up "one button WeChat even wifi" and pay attention to WeChat public number;
The ACG1000 supports and its own SAM server docking, and the third-party AAA server is docked, and the mainstream of the industry, such as: deep, urban hotspots, etc., can be perfectly docked.
4. User-based behavior trajectory analysis
Through the way of search engines, the user network account, behavior action, virtual account, keyword analysis, and internet duration, etc., the user's Internet behavioral management and auditing, the user's visualization is truly realized, and the user's The online behavior trajectory is clear and intuitive, which helps network managers formulate more targeted network management strategies to ensure reasonable and effective utilization and work efficiency of network resources.
User behavior trajectory analysis
5. Multi-level traffic management
By deploying the scheme, through superior application identification technology, the application recognition is greatly improved due to the effective combination of the DPI and DFI identification methods.
6. Promoting ads
For hotels with a lot of business and advertising, it is necessary to push to users. If you use the line to push, the cost is high, and the user is well perceived. You can use our company's advertising promotion function. While providing users with free WiFi, users connect to the hotel network, and the equipment enforces the user to deliver the advertisement page to implement Internet marketing.
Our other product:
