FAQ

Frequently asked questions about LANCOM Management Cloud

The LANCOM Management Cloud is the world‘s first hyper-integrated management system that intelligently organizes, optimizes and controls your entire network architecture. State-of-the-art software-defined networking technology drastically simplifies the provision of integrated networks – the manual configuration of individual devices has become a thing of the past.

General information

1. What is the LANCOM Management Cloud?

The LANCOM Management Cloud is the world's first hyper-integrated management system that intelligently organizes, optimizes and controls your entire network architecture. State-of-the-art software-defined networking technology drastically simplifies the provision of integrated networks, so that the manual configuration of individual devices has become a thing of the past.

 

 

2. What does “Hyper Integration” mean?

“Hyper Integration” describes the unique interplay of a number of factors that make the “LANCOM Management Cloud” the world's first hyper-integrated network management system:

 

  • A premium portfolio of products “Made in Germany”, consisting of routers, switches and access points,
  • which are made “Cloud-ready” with a simple firmware update, so that existing installations can be integrated into the management system.
  • The application of the very latest “software-defined networking” technology to establish enterprise-wide WAN, LAN and WLAN scenarios (SD-WAN-, SD-LAN and SD-WLAN).
  • The choice of operating mode is yours: As a “Public Cloud” hosted in Germany, as a “Private Cloud”, or even as a self-hosted Cloud.

 

This unique combination means that the LANCOM Management Cloud ensures the intelligent organization, optimization and control of your entire network architecture, which drastically simplifies the provision of dynamic networks.

 

 

3. What does "software-defined networking" mean?

Software-defined networking does away with the former manual configuration of individual devices and replaces it with the automated orchestration of networks. The administrator uses an easy-to-operate, centralized interface to specify the framework conditions for the overall network design. The configuration and rollout of configuration changes are handled by a central management system—fully automatic and custom-designed for all of the network components (routers, gateways, switches and access points). This ensures that the capabilities of the network components are utilized to the full, particularly in the area of virtualization. Another aspect is the strict separation of management connections on the control plane from data connections on the data plane: While the data connections (e.g. VPN tunnels) are set up between the VPN gateways, the individual network components are connected directly to the LANCOM Management Cloud over independent management connections. What this means is: User data remain invisible to the LANCOM Management Cloud while the management and monitoring of network.

 

4. For what scale of network is the LANCOM Management Cloud recommended?

Whether it is just a few or even several thousand LANCOM devices to be managed: The LANCOM Management Cloud is individually scalable thanks to a flexible licensing model, and it greatly simplifies the operation of networks of an size.

 

5. What is the difference between the Public Cloud and Private Cloud?

The LANCOM Management Cloud is available in two versions.

 

  • The Public Cloud is hosted at a datacenter in Germany. A server hosts several organizations and projects, all of which are managed securely separated from one another. This Public Cloud provides a fast and easy entry into SDN-based Cloud management and is ideal for small, medium-sized and large projects.
  • In addition, the LANCOM Management Cloud can be set up as a private cloud at data centers operated by system vendors or end customers. This is ideal for service providers and integrators, and where specific data-protection requirements apply.

6. How are projects and companies organized in the LANCOM Management Cloud?

Within an "Organization", i.e. an area for specialist resellers, systems vendors and system integrators, it is possible to manage any number of independent network projects. Switching between individual projects at any time is quick and easy with just a single user interface. A “Project” is the administration area for a particular customer installation.

 

 

7. Which devices can I use to access the browser-based interface and monitor my network?

Be it from a smartphone, tablet PC or desktop: Thanks to the web-based responsive design of the LANCOM Management Cloud, the entire network benefits from 24/7 monitoring and control from any device with Internet access. The appearance of the browser-based user interface automatically adapts to the end device at hand. Currently, the following web browsers are supported (each in the latest version):

 

  • Google Chrome
  • Mozilla Firefox
  • Apple Safari
  • Microsoft Edge

8. Will LANCOM continue to offer products that work without the cloud?

Yes, with each new version of LCOS, the LANtools will continue to be maintained and enhanced with new features in the future. Both systems, can be synchronized in both directions.

 

 

9. Will LANCOM continue to maintain and develop the LANtools?

Yes, with each new version of LCOS, the LANtools will continue to be maintained and enhanced with new features in the future. Both systems, can be synchronized in both directions.

Security

1. How can LANCOM ensure the security and confidentiality of network configuration data?

The LANCOM Management Cloud (Public) is “Made in Germany”, hosted at a German data center, and is thus subject to German data protection law. This allows LANCOM to guarantee a high level of data security and legally compliant handling of the devices. LANCOM additionally offers private versions of the LANCOM Management Cloud, which are operated either by system vendors or even directly on customer premises. In these cases, the corresponding network configuration data are of course secured by the private data centers run by the systems vendor or by the end customer. The LANCOM Management Cloud is regularly audited internally and externally.

 

2. Which protocol serves as a basis for the secure communications?

All communications between the LANCOM devices and the LANCOM Management Cloud use TLS-encrypted certificate-based connections, such as those used for HTTPS. Communications between the Web front end and the LANCOM Management Cloud are also secured by HTTPS.

 

3. Does the LANCOM Management Cloud support multitenancy?

The LANCOM Management Cloud features full multitenancy. This allows several (customer) projects to be administered from just one management account. The individual projects stay securely separated from one another at all times.

 

4. Can different roles and rights be assigned to different users?

Within the LANCOM Management Cloud, users are assigned roles with different rights that only give them access to their own data.

 

  • Organization administrator
  • Project administrator (all rights within a project)
  • Project member (rights to conduct network, site and device management and monitoring within a project)
  • Project observer (read-only rights within a project) into the solution, or even returned to conventional operation again).

5. Is it possible to audit configuration changes, and are they logged?

Yes. Uploading a new configuration on one or more devices is logged and can be traced chronologically. However, there is no record of which parameters were changed specifically with the new configuration.

 

6. Can LANCOM resellers see the information in my installation?

A LANCOM reseller who creates a new project is initially the project administrator and is thus able to view all of the information on the network. Where end customers manage a project themselves, they can restrict or disable the reseller's access to it. This ensures that, with self-managed projects, the network operational information remains private.

 

7. Google Maps is used on the dashboard. What information does Google receive about my Projects?

Google Maps merely supplies the maps for the display. The transmission of this information will be registered by Google. All other depictions, such as the positioning of LANCOM devices on a map, site information, or network activities are processed on a completely different level by the LANCOM Management Cloud. This information is invisible to Google.

 

Migration

1. Can I operate my existing LANCOM devices with the LMC, or do I need new components?

All LANCOM routers, gateways and access points that support LCOS version 10 can be operated with the LMC. In addition, you can also use the LMC to manage LANCOM WLAN controllers with limited functionality. LANCOM switches of GS-23xx series can be upgraded with the LANCOM Switch OS 3.30, which enables these switches to integrate into the LMC. Currently (04/2017) there is a total of approx. 400,000 LANCOM products installed in the field, which are capable of integration into the LMC. You will find a complete list of devices capable of upgrading to LCOS 10 or Switch OS 3.30 in the product tables of our : LANCOM SW Lifecycle Management.

2. Can a device be managed in parallel by both LANconfig/LANmonitor and the LANCOM Management Cloud?

Operations that mix the two systems are not recommended. It is possible for devices that were setup by LANconfig to be included into the LMC at a subsequent time. However, under certain circumstances, some LMC functions may only be available to a limited extent. Monitoring of devices in parallel with LANmonitor and the LMC is possible without restrictions.

Routers/VPN

1. How is the initial router provisioning handled without any technical know-how?

For initial provisioning, Cloud-ready routers that are connected to a LAN with Internet access are able to automatically connect to the Cloud and to be configured from there.

If this is not the case, the routers must first be commissioned in the usual way with the user-friendly Basic Setup Wizard and the Internet Wizard. As soon as they are connected to the Internet, the devices can then be integrated into the LMC management.

 

2. Can I use the LANCOM Management Cloud to generate configuration files for the LANCOM Advanced VPN Client?

This feature is planned and will be included in a later version of the LANCOM Management Cloud.

WLAN

1. Do I need a WLAN controller in future, or does the LANCOM Management Cloud offer the equivalent functionality?

LANCOM WLAN controllers offer functions such as configuration, monitoring, firmware management, layer-3 tunneling, roaming acceleration and client steering. In the long term, the capabilities of the WLAN controller will be provided by the LANCOM Management Cloud, so the future is set to be “controller-less”. Currently the LANCOM Management Cloud supports configuration, monitoring, firmware management and fast roaming. The layer-3 tunneling functionality and client steering can be outsourced to a LANCOM router by a subsequent LCOS update. In many cases, it is a good idea to use existing WLAN controllers in connection with the LMC as a hotspot gateway. Furthermore LANCOM has a temporarily offer for the migration from a WLAN controller installation to an LMC installation.

 

2. Can I manage the WLAN controller in the LANCOM Management Cloud?

WLAN controllers and managed access points can be integrated into the Cloud. We recommend that you transfer the WLAN configuration from the WLC to the LMC. This avoids conflicts between the WLC and LMC configurations for the access points.

 

3. Does the WLAN controller operate as a fallback if the LANCOM Management Cloud cannot be reached?

WLAN controllers and the LANCOM Management Cloud are based on completely different technologies and functionalities. This makes a mutual backup technically impossible.

Even in Cloud mode, the access points are able to operate autonomously (i.e. when the Cloud is not accessible).

 

4. Can I use the LANCOM Management Cloud to put RADIUS-authenticated SSIDs into service?

Yes, in this case you need a RADIUS server that is accessible from the local network where the access points are located.

 

5. When will the LANCOM Management Cloud support the Public Spot function?

Currently, the hotspot function requires a device with an activated LANCOM Public Spot option (WLAN controller or router, management by individual device configuration in the LMC).

Integrated Public Spot management and control by the LMC are currently under preparation (planned for 2nd half of 2017). The aim is to gradually integrate elements of the user management and the captive portal functionality into the LANCOM Management Cloud.

 

6. By default, the same SSIDs are broadcast on all access points at a site. How do I ensure that only specific SSIDs are broadcast only on certain access points?

For alternative SSID constellations, additional (sub) locations can be created. This allows, for example, a site to be divided into "Office" and "Production".

Networks can also be added in by configuring the devices individually.

Switches

1. Which switch configuration options are available through the LANCOM Management Cloud

The LANCOM Management Cloud allows port configurations to be conducted for entire groups of switches of a certain type (10-port, 26-port, 28-port, 52-port) as well as for individual switches.

The innovative 1-Click Switch Port Profiles of the LANCOM Management Cloud allow the defined networks, including VLAN assignments, to be assigned to the desired ports simply by drop-down menu in the GUI.´

 

2. In the case of a cascaded switch configuration, how can I be sure that a misconfiguration or a reconfiguration of a switch port does not disconnect any other downstream switches?

After any configuration change, a device checks that it can connect to the LANCOM Management Cloud. If the LMC is not reached inside 5 minutes, it falls back to its previous configuration. This avoids misconfigurations and reliably prevents a “lock-out”.

Device management

1. Can LMC-managed devices still be configured locally?

This is possible in principle, but it doesn't make much sense. The configuration stored in the LMC takes priority, and every time a configuration is rolled out, it will overwrite the configuration on the device. For any changes to be effective long term, they must be stored in the LMC. The integrated password management of the LANCOM Management Cloud ensures that all devices follow the central password policy.

 

2. Is it possible to integrate and manage devices from other manufacturers?

This is currently not supported.

 

3. Is it possible to rollback a configuration to restore a previous configuration setup?

The LANCOM Management Cloud initially writes the configurations in test mode, so that only after a configuration was successful and a connectivity check was carried out does the device finally accept the configuration.

A “snapshot” feature for multiple configuration statuses is not currently available.

 

4. Is it possible to import existing configuration files so that existing installations can be integrated into the LANCOM Management Cloud?

Configurations that are on the device when it connects to the LMC for the first time are incorporated without change and are saved for future configuration rollouts.

An import function for site-specific and device-specific configuration data is in preparation.

 

5. Is it possible to incorporate individualized device configurations into automated configurations for rollout by the LANCOM Management Cloud?

It is not possible to use an existing configuration as a basis for creating a matching SDN SMARTconfig.

 

6. What happens if the Cloud fails or turns off?

The devices continue to work autonomously, although during this time they cannot be monitored or reconfigured from the Cloud.

Devices can also be permanently disconnected from the Cloud and operated stand-alone (e.g. operated with LANconfig, WEBconfig or WLAN controller). A device connected to the Cloud remains permanently connected to it, even following a reset,

To disconnect a device from an instance of the Cloud, the following commands have to be executed:

LCOS-based devices (routers, access points and WLAN controllers):

WEBconfig: In the Configuration area of the LCOS menu tree SETUP > LMC, set the Operating switch to No and execute the Delete Certificates command.

Alternative: On the LCOS command line under Setup/LMC, execute the commands “do delete-certificate” and “set operating no”

For LANCOM switches, the same procedure is performed as follows:

WEBconfig: In the configuration area Configuration > LMC > Configuration, set the Operating switch to No and execute the Delete Certificates command.

Alternative: On the Switch OS command line, go to the LMC directory by entering the command “lmc”, then run the commands “delete-certificate” and “operating no”.

 

7. How can multiple devices be transferred to the Cloud at the same time?

As an alternative to inputting individual serial numbers and PINs, it is possible to generate an activation code for pairing multiple devices with the LMC. You do this from the Device view. LANconfig automatically lists all of the devices on the network. Just use the LMC icon in the menu bar or the context menu (right-click with the mouse) to easily and centrally connect any number of selected devices to the LMC.

 

8. Can I add an existing device configuration to the Cloud, or is it better to setup certain parts of the configuration again?

In general, we recommended that you give the devices a clean start and reset them before configuring them with the Cloud.

If previously configured devices are integrated into the Cloud, their individual parameters are from then on written to the individual device configuration of the Cloud, and cross-device settings can be made via the SMARTconfig of the LMC.

The SMARTconfig works in such a way that previously existing and identically named settings are updated by the LMC. So for example, if a network called INTRANET or an SSID called GUEST is already configured on the device, and a network of the same name is defined in the LMC, the SMARTconfig "wins" and overwrites those entries in the tables of the devices.

 

9. What happens to local changes on the devices?

In principle the Cloud is the “master system”. When a device is connected to the LMC for the first time, the local device configuration is read into the LMC.

If local changes to a Cloud-managed device (e.g. via CLI, WEBconfig or LANconfig) are made “behind the Cloud's back”, then the next time the device configuration is updated, those changes are overwritten with the device configuration from the Cloud.

 

10. What parameters does the LMC SMARTconfiguration create?

The individual device configuration features a button named “Display automatically generated values”. With this option enabled, all values changed by the SMARTconfig are output as read-only fields.

Features

1. Can a customer be given access to a certain project?

Yes. The customer is given access by the organization or project administrator, for example as a project observer with read-only access to the dashboard. In this case, passwords are hidden and the configuration cannot be changed.

 

2. Is it possible to rollout firewall rules with an “SDN configuration”?

An upgrade to the SDN configuration to include self-defined parameters and firewall rules is in preparation.

 

3. Is it possible to automatically rollout firmware updates at a specific time?

Firmware updates can be triggered and routed centrally with the LMC. A scheduler and a firmware policy manager are in preparation

Licensing & distribution

1. Where do I get access and licenses for the LANCOM Management Cloud?

End customers should contact LANCOM resellers directly. The LANCOM reseller then creates the end-customer projects and takes care of the licensing. Alternatively, licenses are available from specialist resellers (for the case that an end customer wishes to manage their own project). LANCOM specialist resellers obtain an organization account within the framework of the LANCOM LANcommunity partner program. Licenses are available directly from distributors. Orders are project-related and must specify an e-mail address and project ID. License keys are then sent by e-mail.