CN113162806A - Remote operation and maintenance method - Google Patents

Abstract

The invention provides a remote operation and maintenance method, which is applied to an unattended data center machine room, terminal equipment or intelligent manufacturing and production equipment and comprises the following steps: receiving login information through a wireless network, and identifying the authority of a login user according to the login information; providing an operating system and a plurality of Docker containers to form a complete virtual network (SDN), and allocating corresponding Docker containers to the login user according to the authority; the RS232 serial bus protocol is converted into a USB protocol, the USB protocol corresponds to different USB bus driver IDs of a system respectively, and the corresponding equipment information is labeled by the bus driver IDs in a backup mode, wherein the equipment information comprises: device name and unit name. The invention is used for realizing safe and convenient remote operation and maintenance operation under the condition that operation and maintenance personnel can not configure equipment on site.

Description

Remote operation and maintenance method

Technical Field

The invention belongs to the field of communication technology, Internet of things and big data, and particularly relates to a remote operation and maintenance method.

Background

Along with the popularization of the intelligent manufacturing technology, more and more production equipment needs to be managed and maintained through an information technology means, and in addition, the traditional IT equipment operation and maintenance brings huge workload to an operation and maintenance team of an owner.

In the traditional IT operation and maintenance, because the locations of the access devices are dispersed, a network management address needs to be configured for each device of the local area network when the local area network is deployed, and a plurality of maintenance personnel are equipped, the operation and maintenance cost is high, and because the management responsibilities of the system are also dispersed, the systems such as the server, the storage, the network, the security, the database and the like all have special personnel to take charge of the operation and maintenance. Under the circumstance, operation and maintenance personnel are required to enter a machine room to be directly connected to target equipment (a Console port may be provided if the network equipment is the network equipment, a BMC port may be provided if the network equipment is the server, and the like), so that the safety risk of the data center and the difficulty of machine room management are increased, and particularly, a safe and reliable remote maintenance means is urgently needed under the condition that the operation and maintenance personnel cannot reach the site due to some ineffectiveness, such as epidemic situations, severe weather, and the like.

Summary of the invention

In view of this, the present invention provides a remote operation and maintenance method, which can control a device in a remote access manner when an operation and maintenance network system fails and an operation and maintenance worker cannot arrive at a site, thereby reducing network operation and maintenance difficulty, improving security of an access device, storing and analyzing an operation log, tracing a failure, and establishing a knowledge base.

In order to achieve the purpose, the technical scheme of the invention is realized as follows:

a remote operation and maintenance method is applied to an unattended data center machine room, terminal equipment or intelligent manufacturing production equipment, and comprises the following steps:

receiving login information through a wireless network, and identifying the authority of a login user according to the login information;

providing an operating system and a plurality of Docker containers to form a complete virtual network (SDN), and allocating corresponding Docker containers to the login user according to the authority;

the RS232 serial bus protocol is converted into a USB protocol, the USB protocol corresponds to different USB bus driver IDs of a system respectively, and the corresponding equipment information is labeled by the bus driver IDs in a backup mode, wherein the equipment information comprises: device name and unit name.

Further, the rights include: network equipment maintenance authority, server hardware maintenance authority, storage operation and maintenance authority and software system operation and maintenance authority,

establishing corresponding Docker container service according to the authority, wherein the Docker container corresponding to the network equipment maintenance authority only comprises a USB bus driver or an RS232 serial bus driver and is used for directly connecting a console port of the network equipment; the Docker container corresponding to the server hardware maintenance authority is connected with a BMC port of the server; and the Docker container corresponding to the operation and maintenance authority of the software system is allowed to be connected with the application system by using a remote service tool for script configuration and modification.

Further, the method also comprises the following steps: according to a received system administrator instruction, an SDN network is configured in a system management area, and VLAN and access strategies among Docker containers are adjusted, so that login users of each system cannot access the system without the right of the login users.

Further, determining whether remote access is allowed according to a network admission policy, the network admission policy comprising: digital certificate mode, MAC binding strategy, mobile phone APP dynamic verification mode, RSA key mode, short message authentication and AD, LDAP and RADIUS authentication.

Further, image information of a login person is collected, the consistency of the image information and login account information is checked, and connection is allowed only after the check is passed.

Furthermore, the operation performed in the Docker container is subjected to screen recording and log recording, and is stored in a credible network storage position, if the operation log is checked by an administrator, the administrator can log in a system management area, and retrieve the corresponding log file according to the account name, the operation time, the name of the operation device and other conditions of the login personnel, and then export and archive the log file.

The utility model provides a long-range fortune dimension system, is applied to unmanned on duty's data center computer lab, terminal equipment or intelligent manufacturing production facility, includes: the remote operation and maintenance method is characterized in that the server comprises a processor, and the processor realizes the remote operation and maintenance method when executing a computer program.

A terminal comprising a memory and a processor: the memory is used for storing a computer program; the processor is configured to implement the remote operation and maintenance method when executing the computer program.

Compared with the prior art, the remote operation and maintenance method has the following advantages:

the remote operation and maintenance method provided by the invention can be used for controlling the equipment in a remote access mode when an operation and maintenance network system fails and operation and maintenance personnel cannot arrive at the site, so that the network operation and maintenance difficulty is reduced, the safety of the access equipment is improved, operation logs are stored and analyzed, faults are traced, a knowledge base is established, the efficiency is improved for debugging maintenance personnel, the operation logs are stored as the knowledge base, experience reference is provided for solving similar faults in the future, and a data basis is provided for capacity expansion and reconstruction planning of the existing environment by management personnel.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:

fig. 1 is a schematic diagram illustrating a working flow of a server in a remote operation and maintenance method according to an embodiment of the present invention;

fig. 2 is a first schematic diagram illustrating a remote operation and maintenance method according to an embodiment of the present invention;

fig. 3 is a schematic diagram illustrating a remote operation and maintenance method according to an embodiment of the present invention.

Detailed Description

It should be noted that the embodiments and features of the embodiments of the present invention may be combined with each other without conflict.

In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like are used in the orientation or positional relationship indicated in the drawings, which are merely for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and are therefore not to be construed as limiting the invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the invention, the meaning of "a plurality" is two or more unless otherwise specified.

In the description of the invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "mounted", "connected" and "connected" are to be construed broadly, e.g. as being fixed or detachable or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the creation of the present invention can be understood by those of ordinary skill in the art through specific situations.

The invention will be described in detail with reference to the following embodiments with reference to the attached drawings.

A remote operation and maintenance method is applied to an unattended data center machine room, terminal equipment or intelligent manufacturing production equipment, and comprises the following steps:

receiving login information through a wireless network, and identifying the authority of a login user according to the login information;

providing an operating system and a plurality of Docker containers to form a complete virtual network (SDN), and allocating the corresponding Docker containers to login users according to the authority;

the RS232 serial bus protocol is converted into the USB protocol, the USB protocol corresponds to different USB bus drive IDs of the system respectively, and the corresponding equipment information is labeled by the bus drive IDs in a remarking mode, wherein the equipment information comprises: device name and unit name.

Further, the rights include: network equipment maintenance authority, server hardware maintenance authority, storage operation and maintenance authority and software system operation and maintenance authority,

establishing corresponding Docker container service according to the authority, wherein the Docker container corresponding to the network equipment maintenance authority only comprises a USB bus driver or an RS232 serial bus driver and is used for directly connecting a console port of the network equipment; the Docker container corresponding to the server hardware maintenance authority is connected with a BMC port of the server; and the Docker container corresponding to the operation and maintenance authority of the software system is allowed to be connected with the application system by using a remote service tool for script configuration and modification.

Further, the method also comprises the following steps: according to a received system administrator instruction, an SDN network is configured in a system management area, and VLAN and access strategies among Docker containers are adjusted, so that login users of each system cannot access the system without the right of the login users.

Further, determining whether remote access is allowed according to a network admission policy, the network admission policy comprising: digital certificate mode, MAC binding strategy, mobile phone APP dynamic verification mode, RSA key mode, short message authentication and AD, LDAP and RADIUS authentication.

Furthermore, image information of the login personnel is collected, the consistency of the image information and the login account information is checked, and connection is allowed after the check is passed.

Furthermore, the operation performed in the Docker container is subjected to screen recording and log recording, and is stored in a credible network storage position, if the operation log is checked by an administrator, the administrator can log in a system management area, and retrieve the corresponding log file according to the account name, the operation time, the name of the operation equipment and other conditions of the login personnel, and then export and archive the log file.

The utility model provides a long-range fortune dimension system, is applied to unmanned on duty's data center computer lab, terminal equipment or intelligent manufacturing production facility, includes: the server and the user terminal are characterized in that the server comprises a processor, and when the processor executes a computer program, the remote operation and maintenance method is realized.

A terminal comprising a memory and a processor: the memory is used for storing a computer program; the processor is configured to implement the remote operation and maintenance method when executing the computer program.

A remote operation and maintenance method is applied to an unattended data center machine room, terminal equipment or intelligent manufacturing and production equipment, operation and maintenance personnel are remotely connected to server equipment through a VPN or a 4G/5G communication module, the server equipment identifies the authority of a login user of the operation and maintenance personnel according to login information and allocates a corresponding Docker container to the user, a network to which the Docker container belongs can only be used for configuring a target system and cannot download any information for reservation and screen capture;

the server device is internally provided with an operating system and a Docker container, a complete virtual network (SDN) is formed inside the server device, and operation and maintenance personnel are divided into roles, such as network maintenance personnel, server maintenance personnel, storage operation and maintenance personnel, software system operation and maintenance personnel and the like. Corresponding Docker container services are established for all operation and maintenance personnel, and Docker containers logged in by network equipment maintenance personnel only comprise USB bus drivers or RS232 serial bus drivers and are used for directly connecting a console port of the network equipment; the Docker container corresponding to the server hardware maintainer can be connected with a BMC port of the server, and the Docker container where the software system operation and maintenance staff is located can be connected with an application system by using various built-in remote service tools to perform script configuration and modification. A system administrator can flexibly configure the SDN network in a system management area of the device, adjust the VLAN among containers and different access strategies, and ensure that operation and maintenance personnel of each system cannot access the SDN network without being unauthorized.

In order to support the RS232 protocol of the Console port of the general network device, the device itself integrates a plurality of protocol conversion chips, converts the RS232 serial bus protocol into the USB protocol, respectively corresponds to different USB bus driver IDs of the system, supports to label the bus ID with the corresponding device information (such as device name, belonging unit, etc.) in a backup manner, and externally embodies the device in a general RS232 interface form.

The operation and maintenance personnel who remotely access the system can also see login personnel through a high-definition camera, so that the login account is ensured to be consistent with an operator, and the connection is allowed after the login account passes the verification of a system manager. After the system is connected and accessed to a network, the system allocates one or more Docker containers to login personnel according to the identity authority of operation and maintenance personnel, defines a network setting access strategy through SDN software, and limits which ports of which ip addresses can only be accessed by the maintenance personnel, which protocol is used, or only a specified usb bus or RS232 bus can be used without network access.

Each Docker container is only a springboard, and serves as a ferry between a network where an operation and maintenance person is located and a target device and a target system which need to be maintained, the operation person is not allowed to map a local storage path, data leakage is avoided, and during operation, a watermark appears on a screen, the content of the watermark is an account name of the operation person, so that the operation and maintenance person is prevented from recording the screen or taking pictures during operation, and data traceability is achieved.

If necessary files such as update packages need to be uploaded, the files can be uploaded to a designated trusted network location through verification approval of management personnel, and then the files are called by the Docker container to be uploaded.

The system can record screens and logs of each operation in each Docker container and store the logs to a credible network storage position, if the operation logs are checked by an administrator and need to be exported, the administrator can log in a system management area, and corresponding log files are retrieved according to conditions of account names, operation time, operation equipment names and the like of the operators and then exported and filed.

The big data file system and the virtualization management node are arranged in a system management area of the server device, logs such as device logs, operating system logs, application system logs, database system logs and operation and maintenance personnel in a monitoring and management range can be recorded to form a continuous log chain, when a certain system fails and warns, the big data system can comprehensively analyze and trace a failure source, thereby improving the efficiency of debugging maintenance personnel, storing the failure source as a knowledge base, providing experience reference for solving similar failures in the future and providing data basis for planning of capacity expansion and transformation of the existing environment for management personnel.

The remote operation and maintenance system provides rich API interfaces, supports the butt joint of other operation and maintenance management platforms, and is convenient for users to establish a central cockpit system.

The remote login and built-in RS232 protocol conversion chip is also used for:

the system is not suitable for occasions where personnel arrive at the site, such as offshore floats, petroleum production equipment and the like, the equipment needing to be managed in the occasions is not centralized, the system is single, no complex network environment exists, hardware interfaces can be simplified, the equipment is connected in a 5G mode, a management platform is not integrated in the equipment, a flash memory card is used as a storage medium, log files are asynchronously transmitted to a cloud end in an event message mode, and the cloud end is used for completing functions of gathering, archiving and analyzing. After the local operation processing function is simplified, the operation with low power consumption of 5-15 watts can be realized, and the industrial control structure is more favorable for the severe environment of unattended operation at remote places.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and should not be taken as limiting the invention, so that any modifications, equivalents, improvements and the like, which are within the spirit and principle of the present invention, should be included in the scope of the present invention.

Claims (8)

1. A remote operation and maintenance method is applied to an unattended data center machine room, terminal equipment or intelligent manufacturing production equipment, and is characterized by comprising the following steps:

receiving login information through a wireless network, and identifying the authority of a login user according to the login information;

providing an operating system and a plurality of Docker containers to form a complete virtual network (SDN), and allocating corresponding Docker containers to the login user according to the authority;

the RS232 serial bus protocol is converted into a USB protocol, the USB protocol corresponds to different USB bus driver IDs of a system respectively, and the corresponding equipment information is labeled by the bus driver IDs in a backup mode, wherein the equipment information comprises: device name and unit name.

2. The remote operation and maintenance method according to claim 1, wherein the right comprises: network equipment maintenance authority, server hardware maintenance authority, storage operation and maintenance authority and software system operation and maintenance authority,

establishing a corresponding Docker container according to the authority, wherein the Docker container corresponding to the network equipment maintenance authority only comprises a USB bus driver or an RS232 serial bus driver and is used for directly connecting a console port of the network equipment; the Docker container corresponding to the server hardware maintenance authority is connected with a BMC port of the server; and the Docker container corresponding to the operation and maintenance authority of the software system is allowed to be connected with the application system by using a remote service tool for script configuration and modification.

3. The remote operation and maintenance method according to claim 1, further comprising: according to a received system administrator instruction, an SDN network is configured in a system management area, and VLAN and access strategies among Docker containers are adjusted, so that login users of each system cannot access the system without the right of the login users.

4. The remote operation and maintenance method according to claim 1, wherein determining whether remote access is allowed according to a network admission policy comprises: digital certificate mode, MAC binding strategy, mobile phone APP dynamic verification mode, RSA key mode, short message authentication and AD, LDAP and RADIUS authentication.

5. The remote operation and maintenance method according to claim 1, wherein image information of a login person is collected, consistency between the image information and login account information is checked, and connection is allowed only after the check is passed.

6. The remote operation and maintenance method according to claim 1, wherein the operations performed in the Docker container are recorded and logged, and stored in a trusted network storage location, if the operations are checked by an administrator and the operation log is really required to be exported, the administrator logs in a system management area, and retrieves the corresponding log file according to conditions such as account name, operation time, and operation device name of the login administrator, and exports and archives the log file.

7. The utility model provides a long-range fortune dimension system, is applied to unmanned on duty's data center computer lab, terminal equipment or intelligent manufacturing production facility, includes: server, user terminal, characterized in that the server comprises a processor, which when executing a computer program implements the remote operation and maintenance method according to any of claims 1 to 6.

8. A terminal, comprising a memory and a processor: the memory is used for storing a computer program; the processor is configured to implement the remote operation and maintenance method according to any one of claims 1 to 6 when executing the computer program.

Images