Tolly.

Huawei CloudCampus Solution

vs. Cisco DNA Solution

Tolly Report #219140


November 2019

© 2019 TOLLY ENTERPRISES, LLC www.tolly.com

Contents
1 Executive Summary 3

2 Solution Overview 5

3 Automated Network Management 7

3.1 Design and Planning 9
3.2 Automated Deployment of the Underlay Network 13
3.3 Automated Deployment of the Overlay Network 15

4 Intelligent O&M and Experience Assurance 17

4.1 Network-Level Experience Visibility and Evaluation 19
4.2 User-Level Experience Visibility and Evaluation 22
4.3 User Access Fault Locating 23
4.4 Anomaly Identification and Root Cause Analysis 25
4.5 Network Troubleshooting and Optimization 27

5 Cybersecurity 29
5.1 Defense Configuration 30

5.2 Proactive Threat Deception 31

6 Network Openness 32
6.1 Interoperability with Aruba ClearPass 33
6.2 Interoperability with Cisco ISE 33
6.3 Interoperability with SolarWinds 33
6.4 Interoperability with Cisco Switches 33
6.5 Endpoint Compatibility 33

7 Test Topologies, Devices, and Versions 34

 1 Executive Summary
As enterprise digitalization rapidly accelerates, traditional Information and Communication Technology (ICT) is unable to
address service development requirements in terms of efficiency and cost. As such, new technologies including automation and
artificial intelligence (AI) are required to provide solutions for these digital transformation challenges, which include low
Operations and Maintenance (O&M) efficiency due to increasingly complex ICT systems. As a result, these innovative
technologies enable enterprises to step into the data-driven intelligent era.
Huawei commissioned Tolly to independently evaluate both the Huawei CloudCampus solution and the Cisco Digital Network
Architecture (Cisco DNA) solution across four dimensions:
• Automated network management: How does the network solution provide simpler design, planning, and policy
deployment capabilities for medium- to large-sized campus networks?
• Intelligent O&M and experience assurance: How does the network solution use AI-powered intelligent O&M tools to
visualize, predict, locate, and automatically rectify faults in a simplified and more intuitive manner?
• Network security: Does the network solution support faster automatic threat identification and proactive defense, thereby
reducing enterprises risks?
• Network openness: Is the network solution open enough to quickly integrate with industrial applications, so that the
network can help enterprises digitalize services?

The Bottom Line

Network management: Both Huawei CloudCampus and Cisco DNA offer automation capabilities ranging from
planning, design, deployment, and policy provisioning to network management. However, the Huawei CloudCampus solution
provides more functionalities and offers deployment that is less time-consuming and labor-intensive than the Cisco DNA
solution.

Network O&M and experience assurance: Both Huawei CloudCampus CampusInsight and Cisco DNA Assurance
support the use of AI algorithm-based machine learning capabilities to ensure network experience. Huawei CampusInsight can
also predict potential faults and optimize the network, and can mine deeper and more comprehensive data than Cisco DNA
Assurance.

Cybersecurity: Huawei CloudCampus and Cisco DNA both support basic network security capabilities and automatic
security policy provisioning. In contrast to Cisco DNA, Huawei CloudCampus is able to proactively deceive and defend against
network threats using deception, while also offering a simplified architecture.

Network openness: Huawei CloudCampus delivers comprehensive compatibility with industry applications, third-party
systems and network devices, and network endpoints.


TOLLY REPORT #219140 3

 Huawei CloudCampus vs. Cisco DNA Overview

Category Subcategory Huawei CloudCampus Cisco DNA
• One unified management platform - Agile • LAN Management: DNA Center
Controller V3.0 • SD-WAN Management: vManage
One-stop Management
• Firewall Management: Firepower Management
Center1
Solution
Architecture Full-lifecycle Network • Full-lifecycle network services from design, • Full-lifecycle network services from design,
Services deployment, policy, O&M, to security deployment, policy, O&M, to security
• On-premise mode • On-premise mode (DNA Center)
Deployment Mode
• Cloud hosting mode
• Indoor WLAN planning • Indoor WLAN planning
• Outdoor WLAN planning
WLAN Planning
• Mobile app-based site survey
• Interference source settings

• Site design • Site design

Design • Service template design • Service template design
• Service pre-configuration
Automation
Underlay 3 steps, 1 hour2 5 steps, 1.5 hours2
1 hour2 1 hour2
• Two-level (VN + user group) segmentation • Two-level (VN + user group) segmentation
Deployment Overlay
• Extended access of non-VXLAN capable devices • Extended access of non-VXLAN capable devices
• Inter-VN isolation/communication configuration
Policy • User group-based policy • User group-based policy
• Network-wide experience visibility in seven • Network-level health evaluation
dimensions
Network-
• Experience evaluation based on network
level
indicator mining and analysis
Experience • Quality evaluation report
Visibility
• Full-journey experience visibility to each user, in • Records historical user data (relatively few data
User-level
each application, and at each moment records)
Application • Audio and video experience evaluation • Audio and video experience evaluation
-level

O&M
Anomaly Identification
and Root Cause Analysis
• User access issue diagnosis based on always-on • Network anomaly identification and root cause
protocol tracing analysis
• User experience issue diagnosis based on KPI • Protocol tracing is not supported. Packets need
correlation analysis to be captured for manual user access fault
• Precise inference based on the fault knowledge analysis
base
• Group fault analysis based on the integrated
topology

Fault Prediction Optical module fault prediction None

Intelligent radio calibration, WLAN channel The radio calibration function is available, but the
Troubleshooting and simulation feedback and AI-based predictive self- simulation feedback and predictive optimization
Optimization optimization without manual intervention functions are not found

Basic Security
Big Data Security
Security
Advanced Security
Interoperability with
Third-party Applications
Interoperability with
Openness Third-party Systems
Interconnection with
Other Vendors’ Devices
Endpoint Compatability
IPS, antivirus, URL filtering, and more IPS, antivirus, URL filtering, and more
Security protection based on big data analytics Security protection based on big data analytics
• Encrypted communication analytics (ECA) • Encrypted traffic analytics (ETA)
• Proactive threat deception
Supported, for example, commercial Wi-Fi, Not tested
NA
electronic shelf label (ESL), asset management, etc.
Supported, for example, Cisco ISE and SolarWinds Not tested
NA
Supported Not tested
NA
Supported Not tested NA

1.The Cisco DNA solution does not include security devices such as firewalls. Instead, it uses security policies on SD-WAN routers for SD-WAN security. In this evaluation, it is
assumed that the network environment requires deployment and management of firewall devices. 2. Estimated time in the lab environment. The actual deployment time is
subject to the network environment and scale. 3. A complete green circle means strong capabilities, while a hollow circle means weak capabilities. 4. Solution evaluation is based
on test items mentioned in the table above. Test items do not necessarily cover the complete capabilities of Huawei and Cisco solutions.

TOLLY REPORT #219140 4

 2 Solution Overview
Huawei CloudCampus
The Huawei CloudCampus solution employs cutting-edge wired and wireless technologies, as well as big data, AI, and cloud
technologies, in order to build service-centric campus networks. The solution consists of the following main components:
• Huawei Agile Controller V3.0: This core Huawei CloudCampus component provides the following functions:
1. On-premises deployment or cloud hosting mode: For cloud hosting, the cloud is maintained by either Huawei or
Huawei's MSP, and customers can purchase tenant accounts.
2. Automated network fabric deployment: Automation of underlay and overlay networks is supported. Virtual networks
(VNs) are on top of a single physical infrastructure, enabling one network to be used for multiple purposes.
3. SD-WAN deployment and management.
4. SD-WAN security management and firewall configuration.
5. Collaboration with CampusInsight and Cybersecurity Intelligence System (CIS).
• Huawei CampusInsight (campus network analyzer): Uses the Telemetry technology to collect user experience indicators in
seconds. By leveraging big data and AI algorithms, CampusInsight is able to offer network-wide intelligent O&M and
experience assurance.
• Huawei Cybersecurity Intelligence System (CIS): Utilizes big data analytics and machine learning technologies to defend
against Advanced Persistent Threats (APTs).
• Four-engine offerings: Huawei CloudEngine S series campus switches, AirEngine series campus WLAN products,
NetEngine AR series access routers, and HiSecEngine series firewalls.
• Huawei Agile Controller V1.0 (campus policy controller): Centrally controls the rights, applications, bandwidth, QoS, and
security of the entire network. User Control List (UCL) security groups and policies are supported, providing users with a
location-independent, consistent network access experience.


TOLLY REPORT #219140 5

 Cisco Digital Network Architecture (Cisco DNA)
Cisco DNA offers a software-based approach to build intent-based networks and implement service automation and assurance
across campus, WAN, and branch networks. The main components of Cisco DNA include:
• Cisco DNA Center (centralized management platform): Supports on-premises deployment but does not support cloud
hosting. Cisco's cloud hosting mode is instead supported by its Meraki portfolio. SD-Access in Cisco DNA Center supports
automated fabric deployment (including automated deployment of underlay and overlay networks). DNA Assurance
provides an analytics and O&M tool based on real-time telemetry.
• Cisco SD-WAN: Cisco vManage manages SD-WAN and SD-WAN security. Cisco vManage supports on-premises
deployment or cloud hosting.
• Cisco DNA security: Cisco vManage manages SD-WAN security (security policies on SD-WAN routers), and Cisco
Stealthwatch is responsible for security analysis. The Cisco DNA solution does not include security devices such as firewalls.
If the network environment requires firewall deployment and management, Cisco Firepower Management Center needs to
be deployed as an additional management component.
• Campus network offerings: Catalyst series switches, WLAN controllers, WLAN access points (APs), and routers.
• Cisco Identity Services Engine (ISE): An identity services engine enabling the creation of user security groups. After the ISE
is integrated into the DNA Center, DNA Center can invoke user security groups from the ISE to configure policies in order to
deliver a consistent, location-independent network access experience.

Solution Architecture Analysis

Enterprises require networks that are automated, intelligent, secure, and open. Enterprise IT decision makers and network
engineers also expect simplified network architecture and intuitive O&M. Following this test, Tolly found that Huawei
CloudCampus and Cisco DNA both redefine the network architecture based on their latest networking concepts: Huawei's
Intent-Driven Network (IDN) and Cisco's Intent-Based Networking (IBN). The following table lists the architecture differences
between these two solutions:

Huawei CloudCampus Cisco DNA

One-stop • Only one set of Agile Controller V3.0 system is required • Cisco DNA requires two to three management systems:
Management to manage LANs, SD-WAN, and firewalls DNA Center to manage LANs, vManage to manage SD-
WAN and security policies on SD-WAN routers, and
• CloudEngine S series switches come with integrated Firepower Management Center to manage firewalls if
wireless access controller functions to manage WLAN
needed.
APs and support wired and wireless integration

Full-lifecycle • Huawei CloudCampus delivers full-lifecycle network • Cisco DNA also supports full-lifecycle network services
Network services from network planning, design, deployment, from network planning, design, deployment, and
and policy provisioning, to intelligent O&M and policy provisioning, to intelligent O&M and network
Services network security management security management
Deployment • Agile Controller V3.0 supports both on-premises • Cisco DNA Center only supports on-premises
Mode deployment and cloud hosting mode deployment. Cloud hosting is not supported. Cisco
vManage supports both on-premises and cloud
• Hierarchical tenant and MSP management architecture hosting modes
is also supported
• Cisco's cloud hosting mode uses its Meraki portfolio.
DNA Center does not support hierarchical tenant and
MSP management architecture

This test report compares and analyzes both the Huawei CloudCampus solution and the Cisco DNA solution. The following
sections elaborate on the differences between each in terms of automated network management, intelligent O&M and
experience assurance, network security, and network openness.


TOLLY REPORT #219140 6

 3 Automated Network Management
The amount of network management automation is related to whether network engineers can design, plan, and deploy
networks faster than with traditional manual management modes, and whether it can reduce the number of operational errors
that are normally difficult to avoid.
Tolly believes measurement of network management automation should focus on the following aspects:
• Whether online network planning and design satisfy the differentiated needs of network engineers in various scenarios.
• Whether the underlay network can be deployed more efficiently.
• Whether the overlay network can help define the isolation and communication between different services in a
differentiated manner, and deploy these services faster.
• Whether the network can manage network endpoints and applications in a more refined manner.

According to the networking test performed by Tolly, it was determined that both the Huawei CloudCampus solution and the
Cisco DNA solution are capable of automated network management. However, the Huawei solution supports more network
design and planning scenarios, more efficient underlay and overlay automated deployment, and more refined policies.
The following table compares the Huawei CloudCampus and Cisco DNA solutions in terms of automated deployment.


TOLLY REPORT #219140 7

 Huawei CloudCampus vs. Cisco DNA Automated Deployment Comparison

Huawei CloudCampus Cisco DNA SD-Access
WLAN Planning Huawei CloudCampus’ online WLAN planning tool WLAN Planner supports: Cisco DNA's online WLAN planning tool supports indoor network
• Indoor and outdoor network planning planning. However, no outdoor network planning capability was found
in the tool, in addition to no interference source setting, or 3D roaming
• Mobile app-based site survey
track simulation. Performing site survey using a mobile app is not
• Placing and defining obstacles and interference sources supported. Network planning results cannot be exported together with
• Automated design of WLAN AP deployment for multi-story buildings device information and imported to the DNA Center for use during
• 3D roaming track simulation deployment
• Export of network planning results (including plans and devices), which
can be imported to Huawei Agile Controller V3.0 for deployment use

Campus Network Agile Controller V3.0 supports: Cisco DNA Center supports site creation and design, including general
Design • Online site creation and design, including indoor floor plan, outdoor GIS templates and resource pool creation. However, it does not support
identification, general authentication templates, and resource pool device and link planning, import, and pre-configuration. Devices can be
creation configured only after automatic discovery during deployment
• Planning and importing devices and links using an Excel template
• Pre-creating a fabric: Specify the pre-imported devices in the fabric,
specify the role of each device in the fabric, configure extended access,
and specify the access type of each port on each device
Automated Underlay 1 hour1 1.5 hours1
Network Deployment
Agile Controller V3.0 implements automated underlay network Cisco DNA Center implements automated underlay network
deployment in three steps: deployment in five steps:
1. Configure DHCP (including option 148) on the gateway 1. Connect and power on all switches according to the planning
2. Connect and power on all switches according to the planning. The 2. Install and power on WLAN APs
underlay network will be automatically deployed 3. Add one or two seed switches in the DNA Center
3. Install and power on WLAN APs: scan barcodes using the mobile 4. LAN switches are automatically discovered, and devices are named
Huawei CloudCampus APP to deploy APs after powering them on (you using an Excel template (binding the serial numbers of the devices).
can also pre-import APs using serial numbers)
5. Bind the devices to a site and deliver public site configuration data
to the devices
Automated Overlay 1 hour1 1 hour1
Network Deployment
Agile Controller V3.0 implements automated overlay network deployment Cisco DNA Center implements automated overlay network deployment
in two steps: in four steps:
1. Create a VN (logical network), specifying the external gateway and the 1. Create a VN in the Policy page
interface corresponding to the DHCP server 2. Create group-based access control in the Policy page
2. Configure access permission policies for UCL user groups 3. Create a fabric and configure Fabric Infrastructure in the Provision
page
• Decoupling of security access policies from IP addresses and VLANs 4. In the fabric created on the Provision page, configure Host
• Two-level network segmentation: Onboarding and specify the access type of each port on each device
a. VN isolation
b. The VN uses user security groups (UCL groups) to implement • Cisco also supports VN-based network segmentation and user security
free mobility. Users obtain the same access permission group-based access control
regardless of where they log in from and which IP address they • No VN mutual access settings are found on the Cisco DNA Center GUI.
obtain Configuring a shared egress gateway for different VNs is not
• Isolation or mutual access between VNs; refined special scenarios such supported
as independent or shared egress gateway configuration for VNs • Cisco DNA also supports the reuse of legacy devices as extension
• Legacy Huawei switches that do not support the VXLAN feature can be nodes
reused as extended access devices, implementing VLAN-VXLAN hybrid
networking using policy association

Automated SD-WAN Agile Controller V3.0 supports: An additional vManage system is required to manage SD-WAN and SD-
Deployment • Zero-touch provisioning (ZTP) of AR series routers WAN security
• Configuration of intelligent traffic steering and application-based traffic
control for AR series routers
• SD-WAN security (including security settings on the firewall)
• One system to manage both LAN and WAN
Automated Policy Agile Controller V1.0 functions as the RADIUS authentication server, and Cisco DNA Center can integrate Cisco ISE to invoke user security groups
Deployment access policies can be configured for UCL user groups2. from ISE and configure user access policies

1. Estimated time in the lab environment. Actual deployment time varies depending on network environment and scale. 2. Agile Controller V1.0 needs to be used as the RADIUS
authentication server to configure user security groups and corresponding policies. Huawei disclosed that these functions will soon be incorporated into Agile Controller V3.0. All
other functions in this report use Agile Controller V3.0.

TOLLY REPORT #219140 8

 3.1 Design and Planning
Core devices, access switches, and WLAN APs all need to be carefully planned before deployment. Specifically, the deployment
of WLAN APs needs to be designed according to each scenario, so as to achieve optimal network coverage. In addition, links
need to be planned for switches based on their role and location. The following sections describe WLAN planning, policy
template planning, and resource pool planning for Huawei CloudCampus and Cisco DNA solutions, and whether these solutions
support device pre-import and pre-configuration.

Huawei CloudCampus
WLAN Planning:
Huawei uses the web application WLAN Planner (https://serviceturbo-cloud.huawei.com/serviceturbocloud/#/Home?lang=en)
and the mobile app CloudCampus APP for WLAN planning. The following uses indoor WLAN planning as an example to
describe the specific procedure:
1. Import a floor plan (supporting images and CAD drawings) into the WLAN Planner.
2. Log in to the CloudCampus APP and perform site survey (for example, take photos and mark obstacles and interference
sources on the floor plan, such as microwave ovens). Site survey marks and photos will be automatically synchronized to
the cloud.
3. On the WLAN Planner GUI, lay out the interference sources on the floor plan according to the site survey marks and define
their types. Then draw obstacles and define the obstacle type.
4. Select the area to be covered, and the area where APs can be deployed.
5. Automatically or manually deploy APs in the floor plan.
6. Generate a signal simulation heatmap to simulate the signal-to-noise ratio (SNR) and connection rate of Wi-Fi clients.
7. Export the WLAN planning file.
8. Import the exported network planning file to Agile Controller V3.0 for later use. The floor plan and devices will be
automatically imported.
Huawei WLAN Planner also provides a number of unique features, such as automatic deployment of APs in multi-story
buildings, and simulation of 3D roaming tracks. This tool also supports planning for outdoor AP deployment. Based on maps,
Huawei WLAN Planner can simulate the signals of outdoor WLAN APs and generate heatmaps after obstacles such as trees and
buildings are drawn. Outdoor WLAN planning results can also be exported.


Huawei WLAN Planner Indoor WLAN Planning Huawei WLAN Planner Outdoor WLAN Planning

TOLLY REPORT #219140 9

 Policy Template and Resource Pool Planning:
Global policy templates of Huawei Agile Controller V3.0 include RADIUS, web portal, and authentication templates. Resource
Pools of Huawei Agile Controller V3.0 include fabric resource pools and underlay network resource pools. Planning and
configuration of these templates and resource pools make the deployment phase more simplified.

Fabric Resource Pool Underlay Network Resource Pool

TOLLY REPORT #219140 10

 Device Import and Fabric Pre-configuration:
Huawei Agile Controller V3.0 provides an Excel template for device import. You can plan device names, roles, and links between
devices based on the equipment serial number (ESN) in the template. After the planned Excel template is imported to Agile
Controller V3.0, the planned devices and topology can be displayed on the GUI. In addition, Agile Controller V3.0 supports pre-
creation of fabrics. The pre-creation process includes specifying the pre-imported devices to be included in the fabric, specifying
the roles of devices in the fabric, configuring extended access, and setting the access type of each port on each device
(connecting to extended access switches, WLAN APs, or users, and configuring authorization policies for the users).

Fabric Creation

Distributed Gateways

Select the role of each device in the fabric.

(Devices have been pre-imported using an
Excel template)

When pre-creating a fabric, administrators can activate the automated configuration of the underlay network with one click.

With pre-imported devices and pre-created fabric from the planning process, the actual deployment of physical devices and
underlay & overlay network services will be easy.


TOLLY REPORT #219140 11

 Cisco DNA
WLAN Planning:
Cisco DNA Center supports the import of WLAN planning images to display floor plans and AP locations. These images can be
generated using Cisco Prime Infrastructure or third-party network planning tools. As these network planning tools need to be
deployed additionally, Tolly engineers evaluated Cisco’s web-based WLAN planning application, the RF Wi-Fi Planner (https://
rftool.cisco.com/), similar to the Huawei WLAN Planner. The Cisco RF Wi-Fi Planner offers limited functionality when compared
with the Huawei WLAN Planner. It helps draw obstacles, define obstacle types, and simulate AP signal heatmaps. However, this
tool does not support site survey using a mobile app, interference source deployment, or roaming track simulation. Additionally,
Cisco RF Wi-Fi Planner does not allow import of network planning results to Cisco DNA Center for later use during deployment.
Only network planning results in image format can be imported to the DNA Center, and this does not import devices.

Policy Template and Resource Pool Planning:

Cisco DNA Center supports the creation of public templates (such as the AAA template) and resource pools.

Device Import and Pre-configuration:

Cisco DNA Center does not support import and pre-configuration of devices. Device configuration can only occur when devices
and links are automatically discovered through the seed device, and only once the devices have been powered on. In addition,
automatically discovered devices cannot be bound to physical devices through automatic naming. Device serial numbers need
to be manually bound to user-defined names (similar to Huawei's device import process) using an Excel template to properly
name these devices.

TOLLY REPORT #219140 12

 3.2 Automated Deployment of the Underlay Network
Based on the network planning in the previous phase, engineers can deploy devices to build a Layer 3 network between all
devices as the underlying network of the fabric.

Huawei CloudCampus
Huawei's underlay network is automatically deployed in only three steps, as follows:
1. Configure the gateway as the DHCP server with IP pools to assign management IP addresses to new switches and WLAN
APs. Configure DHCP Option 148 on the gateway to deliver the Agile Controller V3.0 address to new switches so that the
new switches can go online on Agile Controller V3.0.
2. Connect and power on all switches as planned. Huawei Agile Controller V3.0 automatically extracts VLAN resources and IP
network segments from the underlay resource pool based on the devices in the pre-configured fabric. Agile Controller V3.0
then automatically delivers OSPF configurations to these devices to enable Layer 3 communication between all devices. In
addition, all devices go online and are managed by Agile Controller V3.0 through the management VLAN.
3. Log in to the CloudCampus APP on a mobile phone. Then, connect to Agile Controller V3.0 to obtain the floor plan and AP
information that have been exported from the WLAN Planner. When deploying an AP, engineers can find the AP's icon in
the topology on the CloudCampus APP based on the AP's physical location. Next, touch "Install here", and scan the barcode
on the back of the AP. The AP then goes online and is managed by Agile Controller V3.0. Deployment by scanning barcodes
is intuitive and perfectly matches WLAN planning. In addition, the APs on the floor plan on Agile Controller V3.0 accurately
map the actual physical APs, facilitating subsequent O&M. Huawei Agile Controller V3.0 also supports import of WLAN APs
by binding ESNs.

WLAN AP Deployment by Scanning Barcodes


TOLLY REPORT #219140 13

 Cisco DNA
Cisco DNA Center does not support device planning, import, and pre-configuration. Therefore, automatic deployment of the
underlay network takes more steps and a longer time.
1. Connect and power on all switches.
2. Install, connect and power on all WLAN APs.
3. Add one or two seed switches in the DNA Center. The DNA Center needs to use the seed switches to automatically discover
other devices.
4. Use the LAN Automation feature to automatically discover other devices. Adjacent devices that are one or two hops away
from the seed switches can be automatically discovered. The DNA Center can automatically name devices based on the
preset naming rule, or by importing an Excel template in which device serial numbers (SNs) are bound to user-defined
names. Automatic naming may cause confusion and difficulty in locating physical devices. Therefore, it’s recommended to
manually name devices by importing an Excel template, although this naming method is more complicated.

Naming devices by
importing a CSV file with
device serial numbers

5. On the Provision page, bind each device to a site and apply common configurations of the site to devices.


TOLLY REPORT #219140 14

 3.3 Automated Deployment of the Overlay Network
After the underlay network is automatically deployed, engineers can deploy the overlay network of the fabric to implement
two-level network segmentation.
1. Different virtual networks (VNs) or logical networks are isolated from each other.
2. Each VN supports user security groups (Huawei UCL groups) to implement free mobility. In this way, a user can obtain the
same access permissions regardless of where the user logs in and which IP address the user obtains.

Huawei CloudCampus
Huawei fabric has been pre-created in the campus network design phase. After devices go online and BGP EVPN and VXLAN
configurations are automatically delivered, Huawei overlay network can be automatically deployed in only two steps (no specific
order is required):
1. Create VNs (logical networks) and perform access configurations.

Configurations of access
ports (authentication
profiles and VLANs)

2. Configure user security groups and access permission policies in a matrix to implement free mobility.

Fabrics in the Huawei CloudCampus solution are more flexible. For example, the fabrics support VN isolation or mutual access
between VNs in special scenarios. In addition, Huawei fabrics support independent or shared egress gateways between VNs.
Fabrics in the Huawei CloudCampus solution support the reuse of network devices. Even if some older generation access
switches do not support VXLAN, they can be used as extended access switches and can connect to upstream edge devices.
Through association between VLANs and policies, users and WLAN APs can connect to extended access switches, implementing
network segmentation of fabrics and user access control. Extended access switches are also automatically deployed through
Agile Controller V3.0.


TOLLY REPORT #219140 15

 Cisco DNA
The Cisco DNA Center does not support device planning, import, and pre-configuration. Therefore, fabrics cannot be pre-
created and devices cannot be specified. Therefore, more steps are required for automated overlay deployment.
1. Create a VN on the Policy tab.
2. Create a group-based access control policy on the Policy tab.

3. Create a fabric on the Provision tab and configure the fabric infrastructure.
4. On the fabric created on the Provision tab, configure Host Onboarding and set the access type of each port.

Configuration of each access port

(authentication profile and network
segment)

Cisco DNA solution also supports the reuse of network devices. Older generation Cisco access switches that do not support
fabric configuration can be configured as extended nodes.

TOLLY REPORT #219140 16

 4 Intelligent O&M and Experience Assurance
Wired and wireless network faults are inevitable and affect user and service experience. Currently, many solutions in the industry
apply artificial intelligence (AI) to network O&M to improve automated network O&M capabilities, predict network threats, and
reduce the fault probability and loss. According to Tolly, the intelligence in network O&M and experience assurance must meet
the following four requirements:
• Historical and real-time network quality, including user experience and service process indicators, must be visualized.
• Network anomalies, including wireless and wired network faults, must be predictable and identifiable.
• Causes for network anomalies can be displayed and provided as the basis for troubleshooting.
• At least some network faults can be automatically rectified without manual intervention.
Huawei CampusInsight and Cisco DNA Assurance both claim to support AI-assisted network O&M for improved network
experience.
Tolly tests prove that Huawei CampusInsight and Cisco DNA Assurance both meet the preceding four requirements. Huawei
CampusInsight, however, outperforms Cisco DNA Assurance. Specifically, Huawei CampusInsight provides some capabilities
that Cisco DNA Assurance does not offer, for example, network system quality evaluation and report exports; evaluation on
WLAN roaming faults and air interface packet loss; network fault demarcation based on an integrated topology; optical module
fault prediction; real-time WLAN AP channel simulation feedback; and big data-based predictive optimization.

Huawei CampusInsight: Data Processing Flowchart


Source: Huawei

TOLLY REPORT #219140 17

 Huawei CloudCampus vs. Cisco DNA: Intelligent O&M and Experience Assurance


Huawei CloudCampus Cisco DNA

Network-level Experience Huawei CampusInsight supports visualized network
Visibility and Evaluation quality evaluation:
1. Evaluates and scores network-wide user experiences
from seven indicator dimensions, mines and
analyzes technical indicators from each experience
dimension, and compares and analyzes these
indicators in time and space
2. Supports dynamic generation of regional network
quality baselines and displays key root cause
indicators, facilitating the location of faulty devices
or clients
3. Supports automatic generation and sending of
quality evaluation reports in real time or periodically
Cisco DNA Assurance supports network-level experience
visibility and evaluation. However, it does not support
systematic network quality evaluation with scores and
real-time or periodic report sending. Cisco DNA
Assurance also collects data statistics such as Client
Onboarding Times, Client Roaming Times. However,
unlike Huawei CampusInsight, Cisco DNA Assurance does
not further mine technical indicators about these data or
analyze the trend of each indicator

User-level Experience Huawei CampusInsight provides whole-journey Cisco DNA Assurance supports online evaluation of user
Visibility and Evaluation experience visibility of each user at any time. For experience. The supported data types are less than those
example, CampusInsight displays the time when a user supported by Huawei CampusInsight. Cisco DNA
connects to a WLAN AP, which WLAN AP the user Assurance does not support evaluation of roaming fault
connects to, what the access experience is (including the causes and air-interface packet loss rate
access time consumed, average negotiated rate, air-
interface packet loss rate, latency, total traffic, and signal
strength), how the user roams, what problems the user
encounters, and whether the problems are caused by the
network or client

Application-level Huawei CampusInsight supports visualization and Cisco DNA Assurance provides similar capabilities
Experience Visibility and evaluation of video and audio application experiences
Evaluation

Anomaly Identification and Huawei CampusInsight supports the following functions: Cisco DNA Assurance supports network anomaly
Root Cause Analysis 1. Identifies user access issues through protocol tracing identification and root cause analysis, and provides
and analyzes root causes. remediation suggestions

2. Identifies users with poor experience based on

historical KPIs or AI algorithms and analyzes the root Cisco DNA Assurance does not support refined analysis
causes. similar to Huawei's protocol tracing function. It only
3. Accurately infers fault scenarios based on the fault supports manual anomaly analysis based on captured
knowledge base, identifies network connection, air packets
interface performance, roaming, and device issues,
and provides possible causes and remediation
suggestions.
4. Supports topology-based fast analysis of group
faults and quick fault demarcation and locating.

Fault Prediction Huawei CampusInsight supports prediction of optical Cisco DNA Assurance does not provide similar functions
module faults, displays the status of network-wide
optical modules in the optical link view, and predicts the
optical link fault probability based on expert experience

Network Troubleshooting Huawei CampusInsight provides the intelligent radio The radio calibration function is available, but the
and Optimization calibration function that enables real-time simulation simulation feedback and predictive optimization
feedback of WLAN AP channels, big data-based functions are not found
predictive WLAN calibration without manual
intervention, and comparison of gains before and after
calibration

TOLLY REPORT #219140 18

 4.1 Network-Level Experience Visibility and Evaluation
With the rapid development of mobile devices, Wi-Fi is widely used for network access. Compared with wired access, wireless
access experience is more easily affected by the environment, device configuration, and client. Therefore, in addition to basic
indicators signifying whether devices are online, modern network O&M tools focus more on user experience. For example, they
focus on whether clients can successfully access the network, network access is fast enough, signal quality is good enough, the
network throughput meets the requirement, and roaming is smooth. In addition, with the help of big data and AI technologies,
modern network O&M tools can self-adapt to network application scenarios and dynamically generate baselines based on
scenarios at each location and time point to determine network quality and reduce false alarms.

Huawei CloudCampus
Huawei CampusInsight provides a quality evaluation system based on seven indicator dimensions (namely, access success rate,
access time consumed, roaming fulfillment rate, coverage signal strength, capacity fulfillment rate, throughput fulfillment rate,
and device in-service rate) in four categories. CampusInsight can learn based on AI-powered dynamic baselines to intuitively
score the overall network quality. While focusing on user experience, Huawei CampusInsight supports in-depth mining of
technical indicators from each user experience dimension, and identifies the cause of poor experience through analysis and
comparison in space and time.
• User access: It covers the access success rate and access time consumed. Huawei CampusInsight analyzes the success rate
and time consumption of clients in the authentication, association, and DHCP-based IP address acquisition phases, and
displays the total success rate and time consumption after statistics collection. In terms of experience evaluation,
CampusInsight focuses not only on the access success rate but also on the access speed.
• Air interface performance: CampusInsight evaluates air interface performance from the perspectives of the signal strength,
capacity fulfillment rate, and throughput fulfillment rate. It also analyzes the signal strength of campus WLANs, average
number of connected clients and channel usage of WLAN APs, air interface congestion fulfillment rate of WLAN AP radios,
proportion of interfered clients, and proportion of clients connected through non-5G signals.
• Roaming: CampusInsight displays the client roaming fulfillment rate, and analyzes the roaming success rate and roaming
time consumed.
• Device in-service rate: CampusInsight displays the in-service rate of network devices including wireless access controllers,
WLAN APs, and switches.

Huawei CampusInsight – Quality Evaluation System


Score of the overall network quality (seven indicator
dimensions including the Access Success Rate, Coverage, etc.)

Overall status of each indicator dimension and

details of each technical indicator

Dynamically generated baselines based on

historical data patterns

TOLLY REPORT #219140 19

华为 CampusInsight 可⼿手动或定时⾃自动
⽣生成整⽹网质量量报告，并发送到管理理员邮箱
 CampusInsight – In-depth Indicator Mining and Analysis

Mining and analyzing the “association success rate” technical indicator in the “user
access success rate” indicator dimension
Trend

Issue Analysis: analyze and locate the AP, client, configuration, or air interface environment that causes
each issue
Faulty AP / Issue Cause / Faulty Client (displaying AP in this figure)

N6_AP_183 Number of Association Other Top Faulty APs

Failure: 6834

Association Failure Event List

TOLLY REPORT #219140 20

 Cisco DNA
Cisco DNA Assurance does not support systematic experience quality scoring, but evaluates network quality by health. Cisco
DNA Assurance also collects the following data statistics: Client Onboarding Times, Client Roaming Times, Connectivity RSSI,
Connectivity SNR, and Client Count per SSID. However, unlike Huawei CampusInsight, Cisco DNA Assurance does not further
mine technical indicators about these data or analyze the trend of each indicator. In addition, Cisco uses a fixed baseline for data
statistics, and does not learn usage scenarios or dynamically adjust the baseline.

Cisco DNA Assurance - Homepage

DNA Assurance focuses on device health and does not score experience



Cisco DNA Assurance – Data Statistics


The red part is the

fixed baseline

TOLLY REPORT #219140 21

 4.2 User-Level Experience Visibility and Evaluation
When WLAN users report poor experience or faults, administrators need to use the users' online historical data to locate these
anomalies. The more detailed the historical data, the easier it is to locate anomalies.
Currently, both Huawei CampusInsight and Cisco DNA Assurance provide such historical data. However, Huawei CampusInsight
provides more detailed end-to-end user journey data, including the client air interface packet loss rate and roaming information
(which are not provided by Cisco DNA Assurance).

Huawei CampusInsight: End-to-end User Journey


Displays the entire user access process: to which AP the user was connected,
experience status (including the average negotiated rate, packet loss rate,
latency, total traffic, and RSSI), and whether a problem had occurred

TOLLY REPORT #219140 22

 4.3 User Access Fault Locating
User access faults occur frequently on WLANs. When such a fault is reported, the administrator needs to quickly locate it.
When a user accesses the WLAN, there are many steps involved, including association, authentication, and IP address
acquisition. Because each step involves protocol interaction between multiple components, traditional methods for locating
faults are complicated and ineffective.

Huawei CloudCampus
Huawei CampusInsight makes a difference by providing the powerful protocol tracing function that records detailed
information about every time a user accesses the WLAN. In this way, the administrator can quickly pinpoint at which step the
fault occurred, and then locate and rectify the fault based on the remediation suggestions provided by CampusInsight.

Protocol Trace by Huawei CampusInsight


Association
Fault

Root Cause
Analysis

Authentication DHCP Fault

Fault

Root Cause Analysis

Root Cause
Analysis

TOLLY REPORT #219140 23

 Cisco DNA
Cisco DNA Center records events. However, the information contained in event records is limited, covering just the start and end
of association and authorization. This is clearly far less than the information provided by Huawei CampusInsight (with the
protocol tracing function), which records each step of protocol interaction more granularly. With Cisco DNA Center, if the
administrators need more refined information to locate faults, they have to manually enable the real-time packet capture
function. This approach, however, cannot be used to locate faults that have already happened.
Packet capture data can only be parsed and analyzed manually using tools such as Wireshark.


Start Live Capture

TOLLY REPORT #219140 24

 4.4 Anomaly Identification and Root Cause Analysis
When a group fault occurs on the network, the administrator needs to locate the fault right away. Both Huawei and Cisco
solutions are able to analyze faults and provide remediation suggestions.

Huawei CloudCampus
Huawei CampusInsight offers the following functions for anomaly identification and root cause analysis:
• Accurately infers fault scenarios based on the fault knowledge base.
• Identifies four issue categories (network access, air interface performance, roaming, and device issues) and root causes.
• Provides remediation suggestions.
Each issue category contains multiple specific issue types. For example, the network access issue category includes
authentication failure, authentication timeout, slow authentication, association failure, slow association, DHCP failure, and slow
DHCP address acquisition. The air interface performance issue category covers weak signal coverage, high interference, high
channel utilization, air interface congestion, non-5G-priority access, and client capacity threshold-crossing.

Issue Statistics on Huawei CampusInsight

Four issue categories: network access, air interface performance,
roaming, and device issues

Each issue category has multiple specific issue types

TOLLY REPORT #219140 25

 Root Cause Analysis and Remediation Suggestions on Huawei CampusInsight

Failure to obtain IP addresses through DHCP

Impacted vendor, SSID, AP, switch, client, and root cause analysis

Associated Events

Possible Causes

TOLLY REPORT #219140 26

 4.5 Network Troubleshooting and Optimization
WLANs are complex network environments. Therefore, ensuring good coverage while avoiding interference requires network
deployment and operations to effectively calibrate the channel, bandwidth, and power of each AP. Only then user experience
can be optimized across the entire network.

Huawei CloudCampus
Huawei CampusInsight is designed with the intelligent radio calibration feature that provides two key functions:
• Offers fast simulation feedback during WLAN deployment and provides channel suggestions on a per-AP basis.
• Delivers predictive calibration during WLAN operations. Based on the historical big data collected through Telemetry,
Huawei CampusInsight can identify and analyze edge APs, predict APs that will be highly loaded, and predictively auto-
optimize the network. In the following example, after predictive calibration is performed, CampusInsight shows that the
average downlink bandwidth for clients increases by 58%; average uplink bandwidth for clients increases by 54%; average
interference rate (the lower, the better) decreases by 49%; and average channel usage (the lower, the better) decreases by
36%.

Real-time Simulation Feedback Results on Huawei CampusInsight


AP physical
topology Current
network status
& score

Simulation
status & score
on the floor
after suggested
calibration
Calibration suggestion to each AP,
including the current channel and the
suggested channel

TOLLY REPORT #219140 27

 WLAN Performance Comparison Before and After Predictive Calibration


Result for the

entire network

Predictive calibration result of the H2 building (pre-calibration value in green, post-calibration value in blue, magnified below)

Mbps Mbps

58% Higher 54% Higher 49% Lower 36% Lower

Predictive calibration details about the H2 building

Before Calibration After Calibration

After calibration, client bandwidth had continuous

Average Client Bandwidth (Downlink)
improvement

Time Time

Average Interference Rate

After calibration, the interference rate stayed low

Average Channel Usage Rate

After calibration, with the same user scenario, the
channel usage rate stayed low to save radio resources

Calibration Details
AP Name Radio Channel Before/After Calibration Frequency Bandwidth
Before/After Calibration

TOLLY REPORT #219140 28

 5 Cybersecurity
Network services are migrating to be cloud- and Internet-based offerings at an ever-increasing pace. As such, network threats
are becoming more complex and covert. Such evolving threats cannot be effectively identified by traditional passive security
defense methods, resulting in prolonged periods of threat detection, response, and handling. In addition, cybersecurity
engineers wish to improve cybersecurity without being forced to increase the complexity and cost of network deployment.
Therefore, when measuring cybersecurity capabilities, the following two factors should be considered:
• Powerful cybersecurity defense capabilities are provided to proactively fend off network threats.
• Cybersecurity capabilities are improved, without increasing network deployment complexity and cost.
Tolly verified that the Huawei CloudCampus solution uses Agile Controller V3.0 to manage security policies, including IPS, anti-
virus, URL filtering and more. The Cisco DNA solution achieves similar results by separately deploying the management tool
vManage, which is needed to configure security policies on SD-WAN routers. In addition, Huawei Agile Controller 3.0 of the
Huawei CloudCampus solution supports firewall management while the Cisco DNA solution does not include security devices
such as firewalls. If the network environment requires deployment and management of firewall devices, Cisco Firepower
Management Center needs to be deployed as an additional management component.
The Huawei CloudCampus solution also supports proactive threat deception, an innovative feature that exposes many false
resources to attackers, preventing attackers from obtaining real resources and vulnerability information. Tolly did not find similar
functions in Cisco DNA.

Cybersecurity Comparison

Huawei CloudCampus Cisco DNA

Basic Security Capabilities IPS, anti-virus, and URL filtering IPS, anti-virus, and URL filtering

Big Data Security Defense Supported Supported

• Supports Encrypted Communications Analytics • Supports Encrypted Traffic Analytics (ETA)

Advanced Security Features (ECA)
• No capability similar to proactive threat
• Supports Proactive threat deception deception was found

• Apart from DNA Center, the management tool

vManage is needed to manage SD-WAN
security (policies on SD-WAN routers)

• Stealthwatch is responsible for security

• Agile Controller V3.0 can manage SD-WAN
security and firewall configurations
Network Deployment Mode
• Cybersecurity Intelligence System (CIS) is
responsible for security analytics
analytics
• The Cisco DNA solution does not include
security devices such as firewalls. If the
network environment requires deployment
and management of firewall devices, Cisco
Firepower Management Center needs to be
deployed as an additional management
component

TOLLY REPORT #219140 29

 5.1 Defense Configuration
Huawei Agile Controller V3.0 can manage Huawei firewalls and allow users to configure policies such as IPS, anti-virus, and URL
filtering, thereby protecting the communication between the local and external networks. In addition, Huawei Agile Controller
V3.0 can collaborate with Huawei CIS and campus switches to detect and analyze threats in encrypted traffic.

Huawei CloudCampus Solution: Firewall Configuration


URL filtering, IPS, anti-virus, APT defense, and

other configurations for Firewalls

TOLLY REPORT #219140 30

 5.2 Proactive Threat Deception
When preparing to carry out attack on a network, attackers will usually scan the network to find targets. They may, for example,
do this by pinging different addresses or accessing different addresses through HTTP to find reachable targets. Huawei's
proactive threat deception solution is able to mitigate this kind of attack.

Huawei CloudCampus
Proactive threat deception is achieved through collaboration between Huawei campus switches, Agile Controller V3.0, and CIS.
Tolly engineers verified two types of proactive threat deception:
• When an attacker attempts to scan the network and ping a nonexistent IP address (no device is using this IP address),
Huawei campus switches redirect the ping request to Huawei CIS. CIS then simulates an endpoint reply to this ping request
and records the attack event.
• When an attacker attempts to scan the network and access an HTTP page with a nonexistent IP address, Huawei campus
switches redirect the access request to Huawei CIS. CIS then simulates a website reply to this access request and records the
attack event.

Decoy Website Generated for Proactive Threat Deception


When an attacker attempts to
scan an HTTP page with a
nonexistent IP address,
Huawei campus switches
redirect the access request to
Huawei CIS. CIS then
simulates a website reply to
this access request, records
the attack event, and
collaborates with Agile
Controller V3.0 for further
response.
Logon

TOLLY REPORT #219140 31

 6 Network Openness
As all industries go digital, the openness of enterprise networks determines office and production efficiencies, and may even
determine the success or failure of business decision-making and execution. After testing, Tolly found that Huawei's
CloudCampus solution can extensively interoperate with third-party industry applications, systems, protocols, and endpoints.
Due to a large number of test items, Tolly engineers only verified the openness capabilities of Huawei devices and did not verify
those of Cisco devices.

Network Openness of The Huawei CloudCampus Solution

Huawei CloudCampus Solution

Support of third-party industry applications Supports commercial Wi-Fi, electronic shelf label (ESL), asset management, AGV,
(such as retail, manufacturing, and enterprise and UWB applications
office applications)

Interoperability with third-party systems (such Interoperates with Aruba ClearPass, Cisco ISE, and SolarWinds systems
as AAA, NMS, and network planning systems)

Interoperability with other vendors' devices on Interoperates with Cisco switches on network protocols, including Layer 2 basic
network protocols protocols, Layer 2 high availability protocols, link aggregation protocols, routing
protocols, Layer 3 high availability protocols, MPLS VPN protocols, Layer 3
multicast routing protocols, and NTP protocols

Interoperability with a wide variety of Interoperates with and provides PoE power supply to IP phones (including those
endpoints from ATCOM, AudioCodes, Avaya, Cisco, Mitel, Polycom, and Yealink), WLAN APs
(for example, Aruba, Cisco, D-LINK, Fortinet, H3C, Huawei, Motorola, Ruckus,
Ruijie, SUNDRAY, and TP-LINK brands), and IP cameras (IPCs) (such as Dahua,
Hikvision, and Huawei IPCs)

TOLLY REPORT #219140 32

 6.1 Interoperability with Aruba ClearPass
The Huawei CloudCampus solution can interoperate with Aruba ClearPass for network access control (NAC). For the full report,
visit:
https://reports.tolly.com/DocDetail.aspx?DocNumber=219126

6.2 Interoperability with Cisco ISE

The Huawei CloudCampus solution can interoperate with Aruba ClearPass for network access control (NAC). For the full report,
visit:
https://reports.tolly.com/DocDetail.aspx?DocNumber=219114

6.3 Interoperability with SolarWinds

The Huawei CloudCampus solution can interoperate with the SolarWinds system for network management and monitoring. For
the full report, visit:
https://reports.tolly.com/DocDetail.aspx?DocNumber=219115

6.4 Interoperability with Cisco Switches

The Huawei CloudCampus solution can interoperate with Cisco switches in terms of commonly used network protocols. For the
full report, visit:
https://reports.tolly.com/DocDetail.aspx?DocNumber=219128

6.5 Endpoint Compatibility

The Huawei CloudCampus solution can provide PoE power and service assurance for endpoints such as IP phones, WLAN APs,
and IP cameras. For the full report, visit:
https://reports.tolly.com/DocDetail.aspx?DocNumber=219132

Alternatively, go to Huawei's interoperability web page to download the preceding reports at:

https://e.huawei.com/en/related-page/solutions/business-needs/enterprise-network/campus-network/partners/
Interconnection-and-interworking

TOLLY REPORT #219140 33

 7 Test Topologies, Devices, and Versions
Huawei CloudCampus
When testing the Huawei CloudCampus solution, Tolly engineers used a relatively comprehensive network, including the
headquarters and a branch. The VXLAN-based fabric architecture was used at the headquarters, while a traditional Layer 2
network was adopted at the branch network. The test was run in August 2019.

TOLLY REPORT #219140 34

 Cisco DNA
When testing the Cisco DNA solution, Tolly engineers used the network shown in the following figure. Some of the Cisco
information in the report comes from Cisco's official documents. The test was run in August 2019.

TOLLY REPORT #219140 35

 Devices Under Test


Vendor Solution Product Version

CloudEngine S6730-H switch V200R019C00

CloudEngine S5731-H switch V200R019C00

CloudEngine S12700E switch V200R019C00

AP4050DN-E WLAN AP V200R019C00

Huawei Technologies AP7060DN WLAN AP V200R019C00

CloudCampus
Co., Ltd. AR6280 access router V200R019C00

USG6500E AI firewall V600R006C00

Agile Controller V3.0 V300R019C00

Agile Controller V1.0 V100R003C60

CampusInsight V100R019C00

AIR-AP3802I-H WLAN AP 8.8.120.0

AIR-CT5520-K9 WLAN controller 8.8.120.0

C9300-24U switch 16.8.1a

Digital Network C9407R switch 16.9.1

Cisco Systems, Inc. Architecture (DNA)
C9500-24Y4C switch 16.9.1

ISR4321/K9 router 16.6.5

DNA Center 1.3.0.2

Identity Services Engine (ISE) 2.6.0.156

TOLLY REPORT #219140 36

 About Tolly
The Tolly Group companies have been
delivering world-class ICT services for
over 30 years. Tolly is a leading global
provider of third-party validation
services for vendors of ICT products,
components and services.
More Reading
To learn more about Huawei's complete set of campus network solutions, visit:
https://e.huawei.com/en/solutions/business-needs/enterprise-network/campus-
network
To learn more about Huawei's enterprise business, visit:
https://e.huawei.com/en/

You can reach the company by E-mail

at sales@tolly.com, or by telephone at
+1 561.391.5610.

Visit Tolly on the Internet at:


http://www.tolly.com

Terms of Usage
This document is provided, free-of-charge, to help you understand whether a given product, technology or service merits additional
investigation for your particular needs. Any decision to purchase a product must be based on your own assessment of suitability
based on your needs. The document should never be used as a substitute for advice from a qualified IT or business professional. This
evaluation was focused on illustrating specific features and/or performance of the product(s) and was conducted under controlled,
laboratory conditions. Certain tests may have been tailored to reflect performance under ideal conditions; performance may vary
under real-world conditions. Users should run tests based on their own real-world scenarios to validate performance for their own
networks.
Reasonable efforts were made to ensure the accuracy of the data contained herein but errors and/or oversights can occur. The test/
audit documented herein may also rely on various test tools the accuracy of which is beyond our control. Furthermore, the
document relies on certain representations by the sponsor that are beyond our control to verify. Among these is that the software/
hardware tested is production or production track and is, or will be, available in equivalent or better form to commercial customers.
Accordingly, this document is provided "as is", and Tolly Enterprises, LLC (Tolly) gives no warranty, representation or undertaking,
whether express or implied, and accepts no legal responsibility, whether direct or indirect, for the accuracy, completeness, usefulness
or suitability of any information contained herein. By reviewing this document, you agree that your use of any information contained
herein is at your own risk, and you accept all risks and responsibility for losses, damages, costs and other consequences resulting
directly or indirectly from any information or material available on it. Tolly is not responsible for, and you agree to hold Tolly and its
related affiliates harmless from any loss, harm, injury or damage resulting from or arising out of your use of or reliance on any of the
information provided herein.
Tolly makes no claim as to whether any product or company described herein is suitable for investment. You should obtain your
own independent professional advice, whether legal, accounting or otherwise, before proceeding with any investment or project
related to any information, products or companies described herein. When foreign translations exist, the English document is
considered authoritative. To assure accuracy, only use documents downloaded directly from Tolly.com. No part of any document may
be reproduced, in whole or in part, without the specific written permission of Tolly. All trademarks used in the document are owned
by their respective owners. You agree not to use any trademark in or as the whole or part of your own trademarks in connection with
any activities, products or services which are not ours, or in a manner which may be confusing, misleading or deceptive or in a
manner that disparages us or our information, projects or developments.

219140 ivcofs30 yx-20191121-VerO

TOLLY REPORT #219140 37