OptiX RTN 900 V100R009C10 Device Anti-Theft Guide

OptiX RTN 900
V100R009C10
Device Anti-theft Guide
Issue 01
Date 2017-01-10
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2017. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and feat ures are stipulated by the contract made bet ween Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchas e scope or the usage scope. Unless otherwis e specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. E very effort has been made in th e
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Issue 01 (2017-01-10) Huawei Proprietary and Confidential i

Copyright © Huawei Technologies Co., Ltd.
OptiX RTN 900
Device Anti-theft Guide Change History
Change History
Issue Date Description Author
01 2017-01-10 This issue is the first official release. Yao Yunlong
Issue 01 (2017-01-10) Huawei Proprietary and Confidential ii

OptiX RTN 900
Device Anti-theft Guide Contents
Contents
Change History .................................................................................................................................ii

1 Background and Principle ........................................................................................................... 1
1.1 Backg round ....................................................................................................................................................................................... 1
1.2 Anti-theft Principle .......................................................................................................................................................................... 1
1.2.1 Anti-theft Policies of System Control Boards ......................................................................................................................... 1
1.2.2 Anti-theft Policies of Service Boards and ODUs .................................................................................................................... 1
2 Operations on the NMS ............................................................................................................... 3

2.1 Generating a Public Key and a Private Key ................................................................................................................................ 3
2.2 Enabling Device Anti-theft............................................................................................................................................................. 5
2.3 Querying the Anti-theft Status of a Board ................................................................................................................................... 7
2.4 Modify ing the Control Policy ........................................................................................................................................................ 9
2.5 Performing Operations in Dep loyment Scenarios .................................................................................................................... 10
2.6 Performing Operations in Maintenance Scenarios ................................................................................................................... 12
3 Precautions ................................................................................................................................... 14
4 Appendix ...................................................................................................................................... 15
4.1 RTN Devices Supporting Anti-theft ........................................................................................................................................... 15
4.2 Boards Supporting Anti-theft....................................................................................................................................................... 15
4.3 ODUs Supporting Anti-theft ........................................................................................................................................................ 16
Issue 01 (2017-01-10) Huawei Proprietary and Confidential iii

OptiX RTN 900
Device Anti-theft Guide 1 Background and Principle
1 Background and Principle
1.1 Background
In some areas with poor public security, devices may get stolen every month, involving
dozens of sites in the most severe case. This causes huge economic losses. Because no control
method is implemented, stolen devices can be illegally deployed and used again. To prevent
devices from use after being stolen, Huawei introduces device anti-theft.
1.2 Anti-theft Principle

When an anti-theft license is purchased for an RTN device, an authentication relationship can
be established between the iManager U2000 and the RTN device. An RTN device can run
properly only after being legally connected to the iManager U2000. Once an RTN device is
stolen, it becomes unreachable by the iManager U2000 and therefore cannot run properly.
That is, configuration commands or the service rate is restricted.
1.2.1 Anti-theft Policies of System Control Boards

Either of two anti-theft policies can be selected for system control boards: configuration
control and service control.
Policy Description
Configuration control All configuration commands are restricted on a device

unreachable by the NMS.
Service control The service rate on an IF port of a system control board is
restricted to 10 Mbit/s when the device is unreachable by the
NMS for a specified number of days (7, by default).
1.2.2 Anti-theft Policies of Service Boards and ODUs

After a service board or ODU with anti-theft enabled is stolen and deployed again, it enters
the anti-theft scenario if it encounters a mismatch with the public and private keys of the
system control board or detects no public and private keys from the system control board.
Issue 01 (2017-01-10) Huawei Proprietary and Confidential 1

OptiX RTN 900
Device Anti-theft Guide 1 Background and Principle
Theft Scenario Description
A service board is stolen EG4/EG4P: The service rate is restricted to 10 Mbit/s.

and deployed again. ISV3/ISM6: The services are interrupted.
The ODU is stolen and The ODU is muted half an hour every 8 hours.
deployed again.

OptiX RTN 900
Device Anti-theft Guide 2 Operations on the NMS
2 Operations on the NMS
When a public key and a private key are generated on the NMS for an RTN device, the device
anti-theft function can be directly enabled for the RTN device. When an RTN device is not
connected to the NMS during site deployment, export a public key certificate from the NMS
and use the Web LCT to enable the anti-theft function for the RTN device. During
maintenance on a missing NE (which is also unreachable by the NMS), a temporary
certificate can be exported from the NMS and imported to the Web LCT.
2.1 Generating a Public Key and a Private Key

The procedure is as follows:
Step 1 On the U2000, choose Administration > NE Security Management > NE Anti-theft from
the main menu.
Step 2 In the dialog box that is displayed, specify User Name and Remarks and then click Apply.
The user name is used to identify a public and private key pair.

OptiX RTN 900
Step 3 Confirm the user name. You cannot change the user name after confirming it.
Step 4 In the dialog box that is displayed indicating a key generation success, click OK.
Step 5 Export the private key and back it up.
The private key backup is used for 1+1 protection on the NMS. When a private key is missing
on the U2000 due to a system error and all managed devices enter the theft mode, the private
key that was backed up can be imported to the NMS for device recovery. Therefore, the
private key that was backed up must be properly stored for future use.

OptiX RTN 900
----End
2.2 Enabling Device Anti-theft

Step 1 On the NE anti-theft management page, select the desired device and click
(highlighted in the following figure) to add the device to the management list on the right.

OptiX RTN 900
The following table describes each parameter on the management page.
Parameter Description
NE NE name.
NE Type NE type.
User Name User name, which is entered to generate the public key
and private key.
Anti-theft State Enable status of the device anti-theft function.
Authorization State Authorization status, which indicates whether an NE is

under the control of a legal NMS.
Control Policy Control policy, which can be a configuration control
policy or a service control policy.
Grace Period Maximum days for an unreachable and missing NE to

properly function.
Grace Period Left Time Remaining days within the grace period, or remaining
days for a service control policy takes effect.
Step 2 Right-click the cell under Anti-theft State for the NE, and choose Enable from the shortcut
menu.

OptiX RTN 900
The default control policy is Configuration (configuration control policy). In this example,
there is no need to change the control policy. Therefore, click Apply to issue the policy.
Step 3 Click Query to query the current anti-theft status of the NE.
The query result is displayed.
----End
2.3 Querying the Anti-theft Status of a Board

Step 1 Click the Query Board Anti-theft State tab. The page for querying the board anti-theft status
is displayed.

OptiX RTN 900
Step 2 Select the desired device and click to add the device to the management list on the
right.
Step 3 Click Query on the lower right of the page.

OptiX RTN 900
The query result is displayed.
----End
2.4 Modifying the Control Policy

Step 1 Right-click the cell under Control Policy, and choose the desired policy from the shortcut
menu.
In this example, the control policy is modified to Service (service control policy). Set Grace
Period (the maximum days for an unreachable and missing device to properly function).

OptiX RTN 900
Step 2 Click Apply, and complete the confirmation dialog box that is displayed.
Step 3 After the settings succeed, click Query.
----End
2.5 Performing Operations in Deployment Scenarios

Step 1 On the NE anti-theft management page on the U2000, click Export Public Key on the lower
part to export a public key certificate.

OptiX RTN 900
Step 2 On the Web LCT, log in to the desired NE. In the NE Explorer, choose Security > NE
Anti-theft Management from the navigation tree.
Step 3 Select the public key certificate and click Apply.
Step 4 Click Query to query the anti-theft status of the desired device.
The control policy defaults to Configuration when a public key certificate is used at
deployment. To modify the control policy, use a temporary certificate.

OptiX RTN 900
----End
2.6 Performing Operations in Maintenance Scenarios

Step 1 On the U2000, select the desired NE and click Export temporary certification to export a
temporary certificate. You can set parameters.
Note: You can also click Export certification to export a temporary certificate, but you need
to manually enter the barcode of the system control board.
Step 2 Import the temporary certificate to the Web LCT.

Specifically, select the temporary certificate file to be imported, and click Apply.

OptiX RTN 900
According to a query, the temporary certificate has been successfully imported.
Step 3 After the maintenance is complete, click Lock Ne on the lower part of the page so that the
temporary certificate is disabled.
----End

OptiX RTN 900
Device Anti-theft Guide 3 Precautions
3 Precautions
1. When you are generating a public key and a private key on the U2000, the user name
cannot be modified once it is specified.
2. When maintenance is complete but the temporary certificate is not used up, manually
expire it on the Web LCT.
3. The control policy for the anti-theft function can be set to the configuration control
policy or service control policy. If it is set to the configuration control policy, it
immediately takes effect once the NE is unreachable by the NMS. When the period in
which a device is unreachable and missing is longer than the configured grace period, the
service control policy takes effect, and the service rate is restricted to 10 Mbit/s. The
default grace period is set to 7 days and is configurable.
4. When a device for which anti-theft is managed by the NMS, anti-theft data is imported to
boards and ODUs. If any of the boards or ODUs is inserted into a device for which
anti-theft is disabled, the board or ODU will immediately enter the theft mode due to a
public/private key mismatch with the system control board of the device. As a result, the
board rate is restricted, or the ODU is muted periodically.

OptiX RTN 900
Device Anti-theft Guide 4 Appendix
4 Appendix
4.1 RTN Devices Supporting Anti-theft

Device Version Anti-theft
OptiX RTN 310 V100R007C10 Yes

OptiX RTN 380e V100R007C10 Yes
OptiX RTN 380H V100R007C10 Yes
OptiX RTN 9051E V100R009C10 Yes
OptiX RTN 9052E V100R009C10 Yes

OptiX RTN 910A V100R009C10 Yes
OptiX RTN 950A V100R009C10 Yes

OptiX RTN 980L V100R009C10 Yes
4.2 Boards Supporting Anti-theft

Board Anti-theft
ISV3 Yes
ISM6 Yes

OptiX RTN 900
Device Anti-theft Guide 4 Appendix
Board Anti-theft
EG4 Yes
EG4P Yes
CSHR (RTN910A) Yes
CSHU(RTN950) Yes
CSHUA(RTN950) Yes
F1CSHO(RTN950A) Yes
F2CSHO(RTN950A) Yes
CSHNA (RTN980) Yes
CSHNU (RTN980) Yes
CSHL (RTN980L) Yes
CSHLU (RTN980L) Yes
4.3 ODUs Supporting Anti-theft

ODU Frequency
XMC-3 13 GHz, 15 GHz, 18 GHz, 23 GHz, 28 GHz
NOTE
The anti-theft function will be available on more ODUs.


OptiX RTN 900 V100R009C10 Device Anti-Theft Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OptiX RTN 900 V100R009C10 Device Anti-Theft Guide

Uploaded by

Copyright:

Available Formats

OptiX RTN 900

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 01 (2017-01-10) Huawei Proprietary and Confidential i

Issue Date Description Author

01 2017-01-10 This issue is the first official release. Yao Yunlong

Issue 01 (2017-01-10) Huawei Proprietary and Confidential ii

Change History .................................................................................................................................ii

2 Operations on the NMS ............................................................................................................... 3

Issue 01 (2017-01-10) Huawei Proprietary and Confidential iii

1 Background and Principle

1.2 Anti-theft Principle

1.2.1 Anti-theft Policies of System Control Boards

Configuration control All configuration commands are restricted on a device

1.2.2 Anti-theft Policies of Service Boards and ODUs

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 1

Theft Scenario Description

A service board is stolen EG4/EG4P: The service rate is restricted to 10 Mbit/s.

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 2

2 Operations on the NMS

2.1 Generating a Public Key and a Private Key

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 3

Step 5 Export the private key and back it up.

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 4

2.2 Enabling Device Anti-theft

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 5

The following table describes each parameter on the management page.

Authorization State Authorization status, which indicates whether an NE is

Grace Period Maximum days for an unreachable and missing NE to

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 6

The query result is displayed.

2.3 Querying the Anti-theft Status of a Board

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 7

Step 3 Click Query on the lower right of the page.

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 8

The query result is displayed.

2.4 Modifying the Control Policy

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 9

Step 3 After the settings succeed, click Query.

2.5 Performing Operations in Deployment Scenarios

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 10

Step 3 Select the public key certificate and click Apply.

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 11

2.6 Performing Operations in Maintenance Scenarios

Step 2 Import the temporary certificate to the Web LCT.

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 12

According to a query, the temporary certificate has been successfully imported.

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 13

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 14

4.1 RTN Devices Supporting Anti-theft

OptiX RTN 310 V100R007C10 Yes

OptiX RTN 320 V100R007C10 Yes

OptiX RTN 360 V100R007C10 Yes

OptiX RTN 380 V100R007C10 Yes

OptiX RTN 380H V100R007C10 Yes

OptiX RTN 9051E V100R009C10 Yes

OptiX RTN 9052E V100R009C10 Yes

OptiX RTN 950 V100R009C10 Yes

OptiX RTN 950A V100R009C10 Yes

OptiX RTN 980 V100R009C10 Yes

4.2 Boards Supporting Anti-theft

Issue 01 (2017-01-10) Huawei Proprietary and Confidential 15