FAQ LANCOM Management Cloud

Network security explained simply.
Finding the right firewall quickly.

FAQ LANCOM Management Cloud

The LANCOM Management Cloud is the world's first fully integrated management system that intelligently organizes, optimizes and controls your entire network architecture. State-of-the-art software-defined networking technology drastically simplifies the provision of integrated networks – the manual configuration of individual devices has become a thing of the past.

 

General questions

What exactly is meant by "fully integrated"?

A premium portfolio of products engineered in Germany, consisting of routers, switches, access points, and firewalls which are "cloud-ready". The application of the very latest software-defined networking technology to establish enterprise-wide, highly automated infrastructures in the areas of WAN,…

A premium portfolio of products engineered in Germany, consisting of routers, switches, access points, and firewalls which are "cloud-ready". The application of the very latest software-defined networking technology to establish enterprise-wide, highly automated infrastructures in the areas of WAN, LAN, WLAN, and security. The choice of operating mode is yours: As a Public Cloud hosted in Germany or as a private cloud. "Fully integrated" describes the unique interplay of a number of factors that make the LANCOM Management Cloud an integrated network management system: This unique combination means that the LANCOM Management Cloud ensures the intelligent organization, optimization and control of your entire network architecture, which drastically simplifies the provision of dynamic networks.

 

What does "software-defined networking" mean?

"Software-defined networking" does away with the former manual configuration of individual devices and replaces it with the automated orchestration of networks. The administrator uses an easy-to-operate, centralized interface to specify the framework conditions for the overall network design. The…

"Software-defined networking" does away with the former manual configuration of individual devices and replaces it with the automated orchestration of networks. The administrator uses an easy-to-operate, centralized interface to specify the framework conditions for the overall network design. The configuration and rollout of configuration changes are handled by a central management system – fully automatic and custom-designed for all of the network components (routers, gateways, switches, access points, and firewalls). This ensures that the capabilities of the network components are utilized to the full, particularly in the area of virtualization. Another aspect is the strict separation of management connections on the control plane from data connections on the data plane: While the data connections (e.g. VPN tunnels) are set up between the VPN gateways, the individual network components are connected directly to the LANCOM Management Cloud over independent management connections. What this means is: User data remain invisible to the LANCOM Management Cloud while the management and monitoring of network.

What is the difference between the Public Cloud and Private Cloud?

The Public Cloud is hosted at a datacenter in Germany. A server hosts several organizations and projects, all of which are managed securely separated from one another. This Public Cloud provides a fast and easy entry into SDN-based Cloud management and is ideal for small, medium-sized and large…

The Public Cloud is hosted at a datacenter in Germany. A server hosts several organizations and projects, all of which are managed securely separated from one another. This Public Cloud provides a fast and easy entry into SDN-based Cloud management and is ideal for small, medium-sized and large projects. In addition, the LANCOM Management Cloud can be set up as a private cloud at data centers operated by system vendors or end customers. This is ideal for service providers and integrators, and where specific data-protection requirements apply.

 

For what scale of network is the LANCOM Management Cloud recommended?

Whether it is just a few or even several thousand LANCOM devices to be managed: The LANCOM Management Cloud is individually scalable thanks to a flexible licensing model, and it greatly simplifies the operation of networks of an size.

 

How are projects and companies organized in the LANCOM Management Cloud?

Within an "organization", i.e. an area for specialist resellers, systems vendors and system integrators, it is possible to manage any number of independent network projects. Switching between individual projects at any time is quick and easy with just a single user interface. A "project" is the administration area for a particular customer installation.

 

Will LANCOM continue to offer products that work without the cloud?

Yes, all LANCOM products can still be managed via the LANtools or WEBconfig in the future.

 

Which devices can I use to access the browser-based interface?

Be it from a smartphone, tablet PC or desktop: Thanks to the web-based responsive design of the LANCOM Management Cloud, the entire network benefits from 24/7 monitoring and control from any device with Internet access. The appearance of the browser-based user interface automatically adapts to the…

Be it from a smartphone, tablet PC or desktop: Thanks to the web-based responsive design of the LANCOM Management Cloud, the entire network benefits from 24/7 monitoring and control from any device with Internet access. The appearance of the browser-based user interface automatically adapts to the end device at hand. Currently, we recommend the following web browsers (each in the latest version): Google Chrome, Mozilla Firefox, and Apple Safari.

Will LANCOM continue to maintain and develop the LANtools?

Yes, with each new version of LCOS, the LANtools will continue to be maintained and enhanced with new features in the future. Local configurations and LMC configurations can be synchronized in both directions.

 

Security

How can LANCOM ensure the security and confidentiality of network configuration data?

The LANCOM Management Cloud (Public) is "Engineered in Germany", hosted at a German data center, and is thus subject to German data protection law. This allows LANCOM to guarantee a high level of data security and legally compliant handling of the devices. LANCOM additionally offers private versions…

The LANCOM Management Cloud (Public) is "Engineered in Germany", hosted at a German data center, and is thus subject to German data protection law. This allows LANCOM to guarantee a high level of data security and legally compliant handling of the devices. LANCOM additionally offers private versions of the LANCOM Management Cloud, which are operated either by system vendors or even directly on customer premises. In these cases, the corresponding network configuration data are of course secured by the private data centers run by the systems vendor or by the end customer. The LANCOM Management Cloud is regularly audited internally and externally.

Which protocol serves as a basis for the secure communications?

All communications between the LANCOM devices and the LANCOM Management Cloud use TLS-encrypted certificate-based connections, such as those used for HTTPS. Communications between the Web front end and the LANCOM Management Cloud are also secured by HTTPS.

 

Does the LANCOM Management Cloud support multitenancy?

The LANCOM Management Cloud features full multitenancy. This allows several (customer) projects to be administered from just one management account. The individual projects stay securely separated from one another at all times.

 

Can different roles and rights be assigned to different users?

The different roles are Organization administrator, Project administrator (all rights within a project), Technical administrator (rights to conduct network, site and device management and monitoring within a project), Project member (rights to conduct device management and monitoring within a…

The different roles are Organization administrator, Project administrator (all rights within a project), Technical administrator (rights to conduct network, site and device management and monitoring within a project), Project member (rights to conduct device management and monitoring within a project), Rollout wizard (right to use the LMC rollout app to add devices to the project and read device information), Project observer (read-only rights within a project). Within the LANCOM Management Cloud, users are assigned roles with different rights that only give them access to their own data.

 

Is it possible to audit configuration changes, and are they logged?

Yes. Uploading a new configuration on one or more devices is logged and can be traced chronologically. However, there is no record of which parameters were changed specifically with the new configuration.

 

Can LANCOM resellers see the information in my installation?

A LANCOM reseller who creates a new project is initially the project administrator and is thus able to view all of the information on the network. Where end customers manage a project themselves, they can restrict or disable the reseller's access to it. This ensures that, with self-managed projects, the network operational information remains private.

 

Google Maps is used on the dashboard; what information does Google receive about my Projects?

Google Maps merely supplies the maps for the display. The transmission of this information will be registered by Google. All other depictions, such as the positioning of LANCOM devices on a map, site information, or network activities are processed on a completely different level by the LANCOM Management Cloud. This information is invisible to Google.

 

How long is log data stored in the LMC?

Log data is stored in the LMC for one year. The data can be exported and saved at any time, e.g. to meet compliance requirements.

 

Features

Can I set up notifications about events in my network?

Yes. The customer is given access by the organization or project administrator, for example as a project observer with read-only access to the dashboard. In this case, passwords are hidden and the configuration cannot be changed.

Yes. The customer is given access by the organization or project administrator, for example as a project observer with read-only access to the dashboard. In this case, passwords are hidden and the configuration cannot be changed.

Is it possible to automa­tically rollout firmware updates at a specific time?

Yes, firmware updates can be initiated and rolled out centrally in the LMC. The LANCOM Management Cloud is able to activate the automatic firmware update functionality in the managed devices (currently with LCOS and LCOS LX). In the process, policies can be defined and download and software installation time frames can be determined.

 

Is it possible to rollout firewall rules with an “SDN configuration”?

Yes, the setup of self-defined parameters and firewall rules are done in the menu entry "Security". For every network of a LMC project, a security profile is automatically created or existing settings and rules are migrated there. In addition, security rules such as those for Application Management,…

Yes, the setup of self-defined parameters and firewall rules are done in the menu entry "Security". For every network of a LMC project, a security profile is automatically created or existing settings and rules are migrated there. In addition, security rules such as those for Application Management, Content Filter, and Packet Filter can be created there centralized for all networks of a project, also called security profiles, and applied automatically to all desired locations. For more information, see the techpaper cloud-managed security.

 

Can a customer be given access to a certain project?

Yes. The customer is given access by the organization or project administrator, for example as a project observer with read-only access to the dashboard. In this case, passwords are hidden and the configuration cannot be changed.

 

Can LMC-managed devices still be configured locally?

Yes, the LMC offers the possibility to adopt local configurations. This function is deactivated by default. Thus, the LMC determines the configuration. Please note that the automatic SDN configuration overwrites parts of the device's configuration. The integrated password management of the LANCOM…

Yes, the LMC offers the possibility to adopt local configurations. This function is deactivated by default. Thus, the LMC determines the configuration. Please note that the automatic SDN configuration overwrites parts of the device's configuration. The integrated password management of the LANCOM Management Cloud ensures that no unauthorized configurations can be made locally.

Is it possible to integrate and manage devices from other manufacturers?

This is currently not supported.

 

Is it possible to rollback a configuration to restore a previous configuration setup?

The LANCOM Management Cloud initially writes the configurations in test mode, only after a configuration was successful and a connectivity check to the LMC was carried out the device finally accept the configuration. In case the LMC is not accessible for more than 5 minutes after a configuration…

The LANCOM Management Cloud initially writes the configurations in test mode, only after a configuration was successful and a connectivity check to the LMC was carried out the device finally accept the configuration. In case the LMC is not accessible for more than 5 minutes after a configuration rollout, the configuration of the device will automatically be rolled back. A “snapshot” feature for multiple configuration statuses is not currently available.

 

What happens if the Cloud fails or turns off?

The devices continue to work autonomously, although during this time they cannot be monitored or reconfigured from the Cloud.

A device connected to the Cloud acts as follows in case of reset: In case of a device reset, the device's LMC certificate will be deleted and the LMC domain will be set back…

The devices continue to work autonomously, although during this time they cannot be monitored or reconfigured from the Cloud.

A device connected to the Cloud acts as follows in case of reset: In case of a device reset, the device's LMC certificate will be deleted and the LMC domain will be set back to the default value cloud.lancom.de. A cloud-ready device with zero-touch function will autonomously try to connect to the public LMC. If the cloud-ready device had been actively managed in a LMC project and integrated via PIN in this project before the reset, the device will automatically be integrated in this project again as long as the device can connect to the internet after the reset. If the cloud-ready device had been managed in a private LMC and had been integrated via PIN in a certain project before the reset, the device will automatically be forwarded from the public LMC to this private LMC but will NOT autonomously be integrated in the project again. Such devices have to be integrated in the respective project manually with a vaild activation code.

Devices can also be permanently disconnected from the Cloud and operated stand-alone (e.g. operated with LANconfig, WEBconfig or WLAN controller).

To disconnect a device from an instance of the Cloud, the following commands have to be executed:

LCOS-based devices (routers, access points and WLAN controllers):

WEBconfig: In the configuration area Configuration > LMC > Configuration, set the Operating switch to No and execute the Delete Certificates command.

Alternative: On the Switch OS command line, go to the LMC directory by entering the command “lmc”, then run the commands “delete-certificate” and “operating no”.

For LANCOM switches, the same procedure is performed as follows:

WEBconfig: In the Configuration area of the LCOS menu tree SETUP > LMC, set the Operating switch to No and execute the Delete Certificates command.

Alternative: On the LCOS command line under Setup/LMC, execute the commands “do delete-certificate” and “set operating no”.

Alternatively, the device can be deleted from the LMC device list. If the device is connected actively to the LMC at this point of time, the LMC certificate will likewise be deleted from the device. Thus, the device will then be uncoupled from the LMC.

How can multiple devices be transferred to the Cloud at the same time?

As an alternative to inputting individual serial numbers and PINs, it is possible to generate an activation code for pairing multiple devices with the LMC. You do this from the Device view. LANconfig automatically lists all of the devices on the network. Just use the LMC icon in the menu bar or the context menu (right-click with the mouse) to easily and centrally connect any number of selected devices to the LMC.

 

Is it possible to incorporate individualized device configurations into automated configurations for rollout by the LANCOM Management Cloud?

It is not possible to use an existing configuration as a basis for creating a matching SDN config.

 

Is it possible to import existing configuration files? / Can existing installations be integrated into the LANCOM Management Cloud?

Configurations that are on the device when it connects to the LMC for the first time are incorporated without change and are saved for future configuration rollouts. Site-specific configuration data can be imported automatically in the LMC via a CSV file import.

 

Can I add an existing device configuration to the Cloud, or is it better to setup certain parts of the configuration again?

In general, we recommended that you give the devices a clean start and reset them before configuring them with the Cloud. If previously configured devices are integrated into the Cloud, their individual parameters are from then on written to the individual device configuration of the Cloud, and…

In general, we recommended that you give the devices a clean start and reset them before configuring them with the Cloud. If previously configured devices are integrated into the Cloud, their individual parameters are from then on written to the individual device configuration of the Cloud, and cross-device settings can be made via the SDNconfig of the LMC. The SDNconfig works in such a way that previously existing and identically named settings are updated by the LMC. So for example, if a network called INTRANET or an SSID called GUEST is already configured on the device, and a network of the same name is defined in the LMC, the SDNconfig "wins" and overwrites those entries in the tables of the devices.

 

What happens to local changes on the devices?

In principle the Cloud is the “master system”. When a device is connected to the LMC for the first time, the local device configuration is read into the LMC. There are two possibilities: Local changes are logged in the LMC by default, but are overwritten the next time the configuration is written…

In principle the Cloud is the “master system”. When a device is connected to the LMC for the first time, the local device configuration is read into the LMC. There are two possibilities: Local changes are logged in the LMC by default, but are overwritten the next time the configuration is written from the LMC. However, it is also possible to set the "Project defaults" in the LMC so that local changes are adopted in the LMC configuration.

 

What parameters does the LMC SDN configuration create?

The individual device configuration features a button named “Display automatically generated values”. With this option enabled, all values changed by the SDNconfig are output as read-only fields.

 


Licensing

Where do I get access and licenses for the LANCOM Management Cloud?

End customers should contact LANCOM resellers directly. The LANCOM reseller then creates the end-customer projects and takes care of the licensing. Alternatively, licenses are available from specialist resellers (for the case that an end customer wishes to manage their own project). LANCOM specialist resellers obtain an organization account within the framework of the LANCOM LANcommunity partner program. Licenses are available directly from distributors. Orders are project-related and must specify an e-mail address and project ID. License keys are then sent by e-mail.


Router / VPN

How is the initial router provisioning handled without any technical know-how?

For initial provisioning, Cloud-ready routers that are connected to a LAN with Internet access are able to automatically connect to the Cloud and to be configured from there. If this is not the case, the routers must first be commissioned in the usual way with the user-friendly Basic Setup Wizard and the Internet Wizard. As soon as they are connected to the Internet, the devices can then be integrated into the LMC management.

 

Can I use the LMC to generate configuration files for the LANCOM Advanced VPN Client?

This feature is planned and will be included in a later version of the LANCOM Management Cloud.

 


WLAN

Do I need a WLAN controller in future, or does the LMC offer the equivalent functionality?

LANCOM WLAN controllers offer functions such as configuration, monitoring, firmware management, layer-3 tunneling, roaming acceleration and client steering. In the long term, the capabilities of the WLAN controller will be provided by the LANCOM Management Cloud, so the future is set to be…

LANCOM WLAN controllers offer functions such as configuration, monitoring, firmware management, layer-3 tunneling, roaming acceleration and client steering. In the long term, the capabilities of the WLAN controller will be provided by the LANCOM Management Cloud, so the future is set to be “controller-less”. Currently, the LANCOM Management Cloud supports configuration, monitoring, firmware management, client steering and fast roaming. The layer-3 tunneling functionality can be outsourced to a LANCOM router by a subsequent LCOS update. In many cases, it is a good idea to use existing WLAN controllers in connection with the LMC as a hotspot gateway. Furthermore, LANCOM has a temporary offer for the migration from a WLAN controller installation to an LMC installation.

 

Can I manage the WLAN controller in the LANCOM Management Cloud?

WLAN controllers and managed access points can be integrated into the Cloud. We recommend that you transfer the WLAN configuration from the WLC to the LMC and to activate the adoption of local changes to the device's configuration - but only if the Layer-3-Tunneling functionality is not required. This avoids conflicts between the WLC and LMC configurations for the access points. Your WLAN controller can still be managed and operated as an existing hotspot gateway.

 

Does the WLAN controller operate as a fallback if the LANCOM Management Cloud cannot be reached?

WLAN controllers and the LANCOM Management Cloud are based on completely different technologies and functionalities. This makes a mutual backup technically impossible. Even in Cloud mode, the access points are able to operate autonomously (i.e. when the Cloud is not accessible).

 

Can I use the LANCOM Management Cloud to put RADIUS-authenticated SSIDs into service?

Yes, in this case you need a RADIUS server that is accessible from the local network where the access points are located.

 

How do I ensure that only specific SSIDs are broadcast only on certain access points?

By default, the same SSIDs are broadcast on all access points at a site. For alternative SSID constellations, additional (sub) locations can be created. This allows, for example, a site to be divided into "Office" and "Production". Networks can also be added in by configuring the devices individually.

 


Switches

Which switch configuration options are available through the LANCOM Management Cloud?

The LANCOM Management Cloud allows port configurations to be conducted for entire groups of switches of a certain type (10-port, 26-port, 28-port, 52-port) as well as for individual switches. The innovative Easy Port Config of the LANCOM Management Cloud allows the defined networks, including VLAN assignments, to be assigned to the desired ports simply by drop-down menu in the GUI.

 

In the case of a cascaded switch configuration, how can I be sure that a misconfiguration or a reconfiguration of a switch port does not disconnect any other downstream switches?

After any configuration change, a device checks that it can connect to the LANCOM Management Cloud. If the LMC is not reached inside 5 minutes, it falls back to its previous configuration. This avoids misconfigurations and reliably prevents a “lock-out”.

 


Migration

Can I operate my existing LANCOM devices with the LMC, or do I need new components?

All LANCOM routers, gateways and access points that support LCOS version 10 can be operated with the LMC. In addition, you can also use the LMC to manage LANCOM WLAN controllers with limited functionality. LANCOM fully-managed switches can be upgraded with the LCOS SX operating system, which enables these switches to integrate into the LMC. You will find a complete list of devices capable of upgrading to LCOS 10 or the current LCOS SX version in the product tables of our : LANCOM SW Lifecycle Management.

 

Can a device be managed in parallel by both LANconfig/LANmonitor and the LANCOM Management Cloud?

Yes, that mix of the two systems is possible. Devices that were set up locally by LANconfig can be included into the LMC - including their individual configurations; later local changes in their configurations can also be transmitted into the LMC. Monitoring of devices in parallel with LANmonitor and the LMC is possible without restrictions. However, we recommend to configure LMC managed devices exclusively via the LMC.

 


Further information


You have another question?

Then feel free to use our contact form to clarify any open questions or give us a call. We will be pleased if we can help you further.


We answer your questions

Your direct line to us

Most questions can be resolved best in direct contact.

We look forward to answering your questions and requests by phone or via the contact form.

Inside Sales International Team
+49 (0)2405 49936 122