CN114520753A - Highly integrated edge intelligent gateway based on cloud edge cooperation - Google Patents
Highly integrated edge intelligent gateway based on cloud edge cooperationDownload PDFInfo
- Publication number
- CN114520753A CN114520753ACN202111633526.XACN202111633526ACN114520753ACN 114520753 ACN114520753 ACN 114520753ACN 202111633526 ACN202111633526 ACN 202111633526ACN 114520753 ACN114520753 ACN 114520753A
- Authority
- CN
- China
- Prior art keywords
- edge
- layer
- cloud
- data
- architecture unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891communicationMethods0.000claimsabstractdescription42
- 230000003993interactionEffects0.000claimsabstractdescription12
- 238000007726management methodMethods0.000claimsdescription43
- 230000006870functionEffects0.000claimsdescription32
- 238000004364calculation methodMethods0.000claimsdescription28
- 238000012545processingMethods0.000claimsdescription20
- 238000012550auditMethods0.000claimsdescription18
- 238000004458analytical methodMethods0.000claimsdescription11
- 238000005516engineering processMethods0.000claimsdescription11
- 238000007405data analysisMethods0.000claimsdescription10
- 238000000034methodMethods0.000claimsdescription9
- 238000004519manufacturing processMethods0.000claimsdescription8
- 238000004422calculation algorithmMethods0.000claimsdescription7
- 238000001514detection methodMethods0.000claimsdescription6
- 230000007246mechanismEffects0.000claimsdescription5
- 238000012549trainingMethods0.000claimsdescription5
- 238000013500data storageMethods0.000claimsdescription4
- 230000008569processEffects0.000claimsdescription4
- 230000000007visual effectEffects0.000claimsdescription4
- 238000009826distributionMethods0.000claimsdescription3
- 238000012544monitoring processMethods0.000abstractdescription6
- 239000010410layerSubstances0.000description53
- 230000005540biological transmissionEffects0.000description10
- 238000003860storageMethods0.000description9
- 238000013473artificial intelligenceMethods0.000description5
- 230000010354integrationEffects0.000description5
- 238000013461designMethods0.000description3
- 238000007781pre-processingMethods0.000description3
- 230000009286beneficial effectEffects0.000description2
- 238000011161developmentMethods0.000description2
- 230000017525heat dissipationEffects0.000description2
- 238000009434installationMethods0.000description2
- 239000000463materialSubstances0.000description2
- 238000004806packaging method and processMethods0.000description2
- 230000000737periodic effectEffects0.000description2
- 238000007789sealingMethods0.000description2
- 230000003068static effectEffects0.000description2
- 230000009466transformationEffects0.000description2
- 238000012795verificationMethods0.000description2
- 206010000117Abnormal behaviourDiseases0.000description1
- 244000035744Hura crepitansSpecies0.000description1
- 230000002776aggregationEffects0.000description1
- 238000004220aggregationMethods0.000description1
- 230000004075alterationEffects0.000description1
- 238000006243chemical reactionMethods0.000description1
- 230000000295complement effectEffects0.000description1
- 238000010276constructionMethods0.000description1
- 239000012792core layerSubstances0.000description1
- 230000007547defectEffects0.000description1
- 230000002950deficientEffects0.000description1
- 230000001419dependent effectEffects0.000description1
- 238000010586diagramMethods0.000description1
- 239000000428dustSubstances0.000description1
- 238000001914filtrationMethods0.000description1
- 230000010365information processingEffects0.000description1
- 238000011900installation processMethods0.000description1
- 238000012986modificationMethods0.000description1
- 230000004048modificationEffects0.000description1
- 230000002265preventionEffects0.000description1
- 238000003672processing methodMethods0.000description1
- 238000004088simulationMethods0.000description1
- 238000006467substitution reactionMethods0.000description1
- 239000002699waste materialSubstances0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Technical Field
The invention belongs to the technical field of edge gateways, and particularly relates to a highly integrated edge intelligent gateway based on cloud edge cooperation.
Background
The edge gateway is concerned when being widely applied to novel information technologies such as cloud computing, big data, artificial intelligence and the internet of things, and can be universally understood to be used for computing at the edge of a network by means of various network node devices, including data analysis, application deployment and the like. With the continuous development of the internet of things, the practical application problems of network bandwidth, data delay, security and the like cause the edge gateway to be quickly approved and focused.
The edge gateway is a product highly integrating the technology of an OT layer and an IT layer in the field of industrial internet, wherein the edge calculation is different from the traditional field data analysis and processing method and is different from the cloud calculation and big data analysis in the consumption internet, and the edge gateway has special advantages and values. The edge gateway effectively solves the problems that a user pays more and more attention to sensitive data protection, the real-time data processing efficiency is low, and the cloud, edge and end effectively cooperate and the like in the falling process of the industrial internet.
The edge gateway mainly provides services of collecting, processing, storing, analyzing, transmitting and the like for information of an industrial field. As a link for connecting field equipment and a data storage platform, on one hand, the edge gateway needs to collect, convert a communication protocol and transmit a data packet for a large amount of static information and real-time dynamic information in an industrial field heterogeneous network; on the other hand, the core services such as data processing, integration, analysis, decision making, sharing and utilization are more focused.
The edge intelligent gateway needs to support not only multiple industrial protocols but also TCP/IP protocols. Due to the fact that data packet transmission formats corresponding to different communication protocols are different, application requirements of large-scale and high-speed safe transmission and information processing of a support platform can be met only by achieving heterogeneous network conversion.
The edge intelligent gateway needs to provide data push services for the field devices and the support platform, including data acquisition and interaction. The field device continuously generates real-time data, and after receiving the data, the edge intelligent gateway performs preprocessing, calculation and analysis, and then sends the data to the support platform, so that the data are served for platform applications such as big data, AI (artificial intelligence) calculation, cloud simulation and the like. On the contrary, the edge intelligent gateway can also be connected with and support an industrial internet platform to carry out reverse control on the field device.
The field devices frequently upload large amounts of data, including normal data, invalid data, and urgent data. Part of the data does not need to be uploaded to the supporting platform for storage and analysis, and the other part of the data needs to be processed and fed back in time. The edge intelligent gateway provides calculation and intelligent online analysis services of local data, preprocessing calculation services such as filtering and aggregation of the data and the like, aggregates complementary or redundant information in space and time, and then sends the processed effective data to the support platform. For field devices with huge data quantity, the preprocessing calculation service can reduce the problems of large network transmission pressure, waste of storage space and the like caused by uploading of a large amount of data.
1. In the prior art, the expansibility of the edge gateway is poor, and only common industrial hardware communication ports such as RS232, USB, CAN and the like are covered. Only supports a wired communication mode; the communication module and the storage module can not be expanded without reserving an expansion interface; edge computing is not supported, and edge side AI application cannot be supported; and the industrial design is relatively poor, the structure is complex, and the performances such as sealing, dust prevention, heat dissipation and earthquake resistance are relatively weak.
2. In the prior art, an edge gateway adopts an open source operating system in the aspect of operating systems, so that the safety guarantee performance is poor; in the aspect of application functions, built-in industrial software resources are deficient, and various cloud-edge cooperative applications such as cloud services, cloud configuration and remote updating are not supported. Meanwhile, the current gateway only supports data acquisition and data transmission, can not manage the edge intelligent gateway through an edge intelligent service platform, and download, deployment and state monitoring of light application, and does not support 5G, and the gateway security is poor.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a highly integrated edge intelligent gateway based on cloud edge cooperation, so as to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: a highly integrated edge intelligent gateway based on cloud edge coordination comprises a technical architecture unit, a service architecture unit, a deployment architecture unit and a safety protection architecture unit;
the technical architecture unit comprises a connection layer, a data layer, an application layer, a communication layer, a link layer and an edge-cloud coordination layer;
the business architecture unit comprises a running environment component, an equipment interaction component, a data service component, a network connection component, a safety protection component and an intelligent application;
the deployment architecture unit comprises system deployment, containerized deployment, mirror image production, warehouse, container and edge intelligent service platform deployment;
the safety protection architecture unit comprises a kernel layer, a system layer and an application protection layer.
Further optimizing the technical scheme, the connection layer in the technical architecture unit is used for communicating with bottom layer equipment, including communication protocols including MODBUS TCP, MODBUS RTU, S7, Profinet and OPC UA; the data layer is used for storing and processing equipment data, system data and calculation data, interacting with the equipment, storing data and commands in a distributed mode and processing the instructions in real time.
Further optimizing the technical scheme, the application layer in the technical architecture unit is used for providing the intelligent data analysis and calculation functions of the edge, providing the basic data calculation functions of a calculation rule engine, a real-time algorithm model and time early warning for the edge intelligent gateway, and providing an operating environment for the user-defined data calculation service.
Further optimizing the technical scheme, a communication layer in the technical architecture unit is used for establishing, processing and maintaining the relationship between the edge intelligent gateway and cloud computing, the application in the cloud platform performs interaction between computing tasks and computing results through the communication layer and the edge intelligent gateway, other layers in the edge intelligent gateway collect data for the layer and issue the data to service functions executed on the layer, and the service functions at least comprise MQTT, HTTP, HTTPS, MODBUS SERVER and SNMP.
Further optimizing the technical scheme, the link layer in the technical architecture unit supports a 5G link; the edge-cloud cooperative layer issues and deploys function calculation, stream data analysis, event management, mechanism/training models and other applications to edge nodes in a container mode through an edge end service management system, and the edge nodes upload processing results and data to a cloud platform for further analysis and management after performing primary processing on the data through various components.
The technical scheme is further optimized, the service architecture unit supports operating environments of Docker, node. js, Python and Tensflow, and is internally provided with an equipment interaction module supporting industrial communication protocols of Modbus, OPCUA and S7, a data pool module supporting data storage and distribution services and a network connection module supporting communication protocols of HTTPS and MQTT, a visual programming tool, a calculation formula editing row, time management and gateway management applications are provided, data interaction and sharing are performed among the modules through API interfaces, and part of the API interfaces are open to the outside to provide basic services for the edge applications of the Internet of things.
Further optimizing the technical scheme, the system deployment in the deployment architecture unit is used for packaging all files related to the edge intelligent gateway function into compressed files, deploying the compressed files in the gateway through a deployment script one-key, copying the lib files and the executable binary files to the specified working directory, and then setting the self-starting function of the program.
Further optimizing the technical scheme, the edge intelligent service platform in the deployment architecture unit deploys edge service products for uniformly managing edge intelligent network nodes on the cloud platform, the edge side application full-life-cycle management consistent with the container cloud products is constructed based on a container technology, an open interface is provided, and the edge side bears cloud platform application deployment, gateway default application and third-party application.
Further optimizing the technical scheme, the kernel layer in the safety protection architecture unit is used for providing safety increase for the kernel and safety management of network messages; the system layer is responsible for providing basic security services and security support for applications; the application protection layer is used for providing system applications to complete management of system configuration and identity authentication and providing a safe communication component for business applications.
Further optimizing the technical scheme, the safety protection architecture unit is used for realizing safety protection functions of inner core layer safety, network protection, safety audit, integrity detection, system upgrade and application management.
Compared with the prior art, the invention provides a highly integrated edge intelligent gateway based on cloud edge cooperation, which has the following beneficial effects:
1. this high integrated edge intelligent gateway based on cloud limit is cooperative through setting up technical framework unit, realizes cloud limit cooperative function based on KubeEdge technique, and user's accessible edge intelligent service platform manages edge intelligent gateway to and the download, the deployment and the state monitoring of lightweight application.
2. This highly integrated edge intelligent gateway based on cloud limit is in coordination through setting up safety protection constitutional unit, provides multiple safety guarantee ability in the edge side: supporting multi-user management of the system, and using a strong user password strategy; TLS encryption is adopted for data communication, and a high-strength encryption algorithm is adopted for data encryption storage and transmission; the network port, connection and service are protected through the firewall; and providing an audit log interface, saving the audit log and managing the audit log.
Drawings
Fig. 1 is a schematic diagram of a technical architecture of a highly integrated edge intelligent gateway based on cloud edge coordination according to the present invention;
fig. 2 is a schematic view of a service architecture of a highly integrated edge intelligent gateway based on cloud edge coordination according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment is as follows:
a highly integrated edge intelligent gateway based on cloud edge cooperation comprises a technical architecture unit, a service architecture unit, a deployment architecture unit and a safety protection architecture unit.
The technical architecture unit comprises a connection layer, a data layer, an application layer, a communication layer, a link layer and an edge-cloud coordination layer.
Further, as shown in fig. 1, the connection layer (i.e., the connection pool in fig. 1) clearly divides the functions and services in the north direction (the edge smart gateway interacts with the cloud platform) and the south direction (the edge smart gateway interacts with the device) inside the edge smart gateway. The layer is mainly used for communicating with bottom layer equipment and mainly comprises communication protocols such as MODBUS TCP, MODBUS RTU, S7, Profinet, OPC UA and the like.
Further, the data layer (i.e., the data pool in fig. 1) is mainly responsible for storing and processing device data, system data, and calculation data. And is responsible for interacting with the device, is an edge connector that interacts with the device. Meanwhile, data and commands are stored in a distributed mode, and the commands are processed in real time.
Further, the application layer (i.e., the application pool in fig. 1) includes a plurality of data computing service functions, providing intelligent data analysis and computing functions at the edge. The layer not only provides basic data calculation functions such as a calculation rule engine, a real-time algorithm model and time early warning for the edge intelligent gateway, but also can provide an operating environment for user-defined data calculation service.
Further, a communication layer (i.e., a communication pool in fig. 1) is used to establish, process, and maintain a relationship between the edge intelligent gateway and cloud computing, an application in the cloud platform performs interaction between a computing task and a computing result with the edge intelligent gateway through the communication layer, and other layers in the edge intelligent gateway collect data for the layer and issue the data to a service function executed at the layer. These service functions include at least: MQTT, HTTP, HTTPS, MODBUS SERVER, SNMP.
The link layer in the technical architecture unit supports a 5G link, and the 5G link has the characteristics of low delay, high reliability, support of massive connection and large broadband and high speed. With the 5G scale deployment, the network transmission delay, the bandwidth and the connection density are all improved by orders of magnitude, and a basic guarantee is provided for end-edge-cloud cooperation; 5G provides a good network foundation for the landing and development of the edge computing industry.
In the edge-cloud coordination layer in the technical architecture unit, function calculation, stream data analysis, event management, a mechanism/training model and other applications are distributed and deployed to edge nodes in a container mode through an edge service management system, and the edge nodes upload processing results and data to a cloud platform for further analysis and management after performing primary processing on the data through various components.
The business architecture unit comprises a running environment component, an equipment interaction component, a data service component, a network connection component, a safety protection component and an intelligent application.
Furthermore, on one hand, the edge intelligent gateway acquires a large amount of static information and real-time dynamic information in a sensor network, converts a communication protocol and transmits a data packet; on the other hand, the core services such as data processing, integration, analysis, decision making, sharing and utilization are more focused. As shown in fig. 2, the edge intelligent gateway supports operating environments such as Docker, node. js, Python, and TensorFlow, and is provided with a device interaction module supporting industrial communication protocols such as Modbus, opua, and S7, a data pool module supporting data storage and distribution services, and a network connection module supporting communication protocols such as HTTPS and MQTT, and provides applications such as a visual programming tool, a calculation formula editing queue, time management, and gateway management. And data interaction and sharing are carried out among the modules through API interfaces, and part of the API interfaces are open to the outside, so that basic service is provided for the edge application of the Internet of things.
The edge intelligent gateway overall service mainly comprises the following parts:
1) the system supports 26 communication protocols such as an industrial bus protocol, a remote service protocol, a hardware port protocol, a wireless communication protocol, a data transmission protocol and the like. Industrial bus protocols such as ModbusRTU, ModbusTCP, S7, and OPCUA; the remote service protocol comprises SSH, FTP, Tel-net and VPN; the hardware port communication protocols comprise RS232, RS485, RS422, USB and LAN; wireless communication protocols comprise WIFI, GPRS, 4G, NB-IOT and WIA; HTTP, HTTPCM0TT, TCP, UDP, IPv4, IPV6.
2) The method supports a cloud-edge collaborative mode, the cloud platform carries out full-life-cycle management (creation, configuration, unloading, updating and monitoring) on the gateway and the application, carries out gateway configuration, edge-side data processing strategy arrangement and model training through the cloud platform, and then issues configuration information, models, applications and the like to the edge intelligent gateway for updating and execution.
3) The method provides various general operation models, supports the local real-time processing logic of the editing tool arrangement data of the visual rule engine, has various high-level programming language analysis and operation environments such as C \ C + +, Go, Python and the like, and supports higher-level application data analysis of local data.
4) The system has multiple safety guarantee functions, supports multi-system user management, and uses a strong user password strategy; TLS encryption is adopted for data communication, and network ports, connection and service are subjected to safety protection through a firewall; and providing an audit log interface, saving the audit log and managing the audit log.
The deployment architecture unit comprises system deployment, containerized deployment, mirror image production, warehouse, container and edge intelligent service platform deployment.
Further, the deployment architecture unit includes the following details:
1. system deployment
All files related to the edge intelligent gateway function software are packaged into a compressed file, the compressed file is deployed in the gateway through a deployment script one-key, the lib file and the executable binary file are mainly copied to a specified working directory, and then the self-starting function of the program is set.
2. Containerized deployment
The container deployment technology mainly aims to realize application deployment by running a container, and the container runs based on mirror images. The project and the dependency package (basic image) are made into a project image with a starting instruction, then a container is created in the server, and the image is operated in the container, so that the project deployment is realized. The server is the host machine of the container, and the docker container and the host machine are isolated from each other.
3. Mirror image production
The docker image is an application package constructed by using a Dockerfile script and building an application and a dependent package of the application, and usually carries a start command of the application. These commands are executed at the start of the container, i.e. the application is started at the start of the container. The creation of the image needs to be created by configuring a Dockerfile script and then executing a Dockerbiuld command.
4. Storage house
The manufactured docker mirror image is pushed to a docker warehouse through a push command, and then the docker mirror image can be pulled down through the push command in any place where the docker command can be used.
5. Container with a lid
A container is a sandbox independent of a host (server), and may be understood as a box with a special structure, which automatically executes some instructions mirrored from itself when created, thereby implementing the running of the application. The main purpose of the container is to provide the running space and environment for the image and to execute the instructions of the image.
6. Edge intelligent service platform deployment
In the aspect of application deployment, in this embodiment, an edge service product for uniformly managing edge intelligent gateway nodes is built on a space cloud network cloud platform, edge side application full-life-cycle management consistent with a container cloud product is built based on a container technology, an open interface is provided, and cloud platform application deployment, gateway default application and third-party application are borne on an edge side. Function calculation, stream data analysis, event management, mechanism/training models and other applications can be issued and deployed to edge nodes in a container mode through an edge intelligent service platform, and the edge nodes perform primary processing on data through various components and upload processing results and data to a cloud platform for further analysis and management.
The safety protection architecture unit comprises a kernel layer, a system layer and an application protection layer.
Further, the safety protection framework unit adopts an autonomous controllable safety operation system, and provides multiple safety guarantee capabilities at the edge side: supporting multi-user management of the system, and using a strong user password strategy; TLS encryption is adopted for data communication, and a high-strength encryption algorithm is adopted for data encryption storage and transmission; the network port, connection and service are protected through the firewall; and providing an audit log interface, saving the audit log and managing the audit log. The kernel layer mainly comprises the security increase of the kernel and the security management of the network message; the system layer is responsible for providing some basic security services and security support for applications; the application protection layer is mainly used for managing system configuration and identity authentication by system application and providing a safe communication component for service application.
The edge intelligent gateway safety function design based on three layers is used for realizing the following functions:
1. the inner nuclear layer is safe:
the safety of the kernel layer is realized mainly through the integrity verification of the kernel module and the protection of the process memory.
2. Network protection:
and the firewall supports the security policy configuration according to the source IP address, the source port, the target IP address and the target port of the IP message. Black and white list security mechanisms are supported.
The system supports various forms of VPNs, mainly including IPsec VPNs and SSL VPNs.
3. Security audit
And (3) regularly collecting safety logs of various devices and applications, storing and analyzing the safety logs, discovering violation, override and abnormal behaviors of the applications, predicting and alarming violation operations and tracing afterwards.
4. Integrity detection
And the integrity detection module is mainly used for providing periodic integrity detection for the operating system and providing periodic integrity detection for the application.
5. System upgrade
And the system upgrading module is mainly responsible for verifying the integrity of the upgrading packet and upgrading the system.
6. Application management
Application management includes application package management and rights management. The application package management module is mainly responsible for installation of the application and carries out integrity verification on the application package in the application installation process; the application authority management module is used, and applications in the gateway are divided into system applications and three-party applications, wherein the system applications can modify the security configuration of the terminal, and the three-party applications do not have the authority. And the application authority management module is mainly responsible for the authority management of the three-prevention application.
Based on the highly integrated edge intelligent gateway based on cloud edge collaboration, when the edge intelligent gateway is applied, platform users can comprise equipment production enterprises, equipment service enterprises, developers, enterprise units of various industries and the like. The intelligent manufacturing transformation upgrading enterprise and the intelligent manufacturing system integration service provider in different industries can be oriented, advanced products and services are provided through the edge intelligent gateway to carry out field intelligent transformation, and an integral solution is provided for users by combining the industrial internet platform cloud service and the edge side service. Meanwhile, the method actively responds to the national and local government policy guidance, does not have the complex information system construction capacity based on new generation information technologies such as cloud computing, big data, artificial intelligence and the like, and needs to realize wide medium and small enterprises on the cloud of the enterprises urgently. The cloud-up of enterprises is realized by applying edge intelligent gateway access equipment, products and the like, and the production management efficiency of the enterprises is improved.
Compared with the prior art, the invention has the following advantages:
1. the problem of poor interface is solved, common industrial hardware communication ports such as RS232, USB and CAN are covered, and wired and wireless communication modes are supported; an expansion interface is reserved, and the communication module and the storage module can be expanded; the compact industrial design of the whole machine, simple structure, and excellent sealing, dust-proof, heat dissipation and anti-seismic performance.
2. The problem of an operating system is solved, an independently controllable safe operating system is adopted, and multiple safety guarantee capabilities are provided on the edge side: supporting multi-user management of the system, and using a strong user password strategy; TLS encryption is adopted for data communication, and a high-strength encryption algorithm is adopted for data encryption storage and transmission; the network port, connection and service are protected through the firewall; and providing an audit log interface, saving the audit log and managing the audit log.
3. The problem of small number of application functions is solved, a smart main program is preinstalled to be used as an edge intelligent gateway, access is flexible, equipment can be connected at the lower part, and a cloud platform can be connected at the upper part; the software application pre-installation aerospace cloud network company INDIS edge platform can be used as an edge server to build a private cloud environment, pre-install mainstream industrial application software, interact with an aerospace cloud network application store, expand cloud application, embed rich industrial software resources and support various cloud edge cooperative applications such as cloud service, cloud configuration, remote updating and the like; providing a workshop-level solution for an enterprise: and the closed loop of the workshop-level application can be realized at the edge side.
4. By integrating the 5G module on the edge intelligent gateway, low-delay and high-reliability wireless data acquisition with equipment is realized for the lower part, and ultra-fast and high-capacity data cooperation with a cloud platform is realized for the upper part.
5. The problem of cloud edge collaborative integration is solved, a cloud edge collaborative function is achieved based on a KubeEdge technology, and a user can manage an edge intelligent gateway through an edge intelligent service platform and download, deploy and state monitoring of light application.
6. The problem of Docker containerization technology integration is solved, and the Docker technology is used for realizing containerization packaging of the edge intelligent gateway functional components, so that the functional components are independently cut, configured, operated and updated.
The invention has the beneficial effects that:
1. this high integrated edge intelligent gateway based on cloud limit is cooperative through setting up technical framework unit, realizes cloud limit cooperative function based on KubeEdge technique, and user's accessible edge intelligent service platform manages edge intelligent gateway to and the download, the deployment and the state monitoring of lightweight application.
2. This highly integrated edge intelligent gateway based on cloud limit is in coordination through setting up safety protection constitutional unit, provides multiple safety guarantee ability in the edge side: supporting multi-user management of the system, and using a strong user password strategy; TLS encryption is adopted for data communication, and a high-strength encryption algorithm is adopted for data encryption storage and transmission; the network port, connection and service are protected through the firewall; and providing an audit log interface, saving the audit log and managing the audit log.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A highly integrated edge intelligent gateway based on cloud edge coordination is characterized by comprising a technical architecture unit, a service architecture unit, a deployment architecture unit and a safety protection architecture unit;
the technical architecture unit comprises a connection layer, a data layer, an application layer, a communication layer, a link layer and an edge-cloud coordination layer;
the business architecture unit comprises a running environment component, an equipment interaction component, a data service component, a network connection component, a safety protection component and an intelligent application;
the deployment architecture unit comprises system deployment, containerized deployment, mirror image production, warehouse, container and edge intelligent service platform deployment;
the safety protection architecture unit comprises a kernel layer, a system layer and an application protection layer.
2. The highly integrated edge intelligent gateway based on cloud edge coordination according to claim 1, wherein the connection layer in the technical architecture unit is used for communication with the underlying device, including communication protocols of MODBUS TCP, MODBUS RTU, S7, Profinet, OPC UA; the data layer is used for storing and processing equipment data, system data and calculation data, interacting with the equipment, storing data and commands in a distributed mode and processing the instructions in real time.
3. The highly integrated edge intelligent gateway based on cloud edge collaboration as claimed in claim 1, wherein an application layer in the technical architecture unit is configured to provide an edge data intelligent analysis and calculation function, provide a calculation rule engine, a real-time algorithm model, a basic data calculation function of time early warning for the edge intelligent gateway, and provide an operating environment for a user-defined data calculation service.
4. The highly integrated edge intelligent gateway based on cloud-edge collaboration as claimed in claim 1, wherein the communication layer in the technical architecture unit is used to establish, process and maintain the relationship between the edge intelligent gateway and cloud computing, the application in the cloud platform performs interaction between the computing task and the computing result through the communication layer and the edge intelligent gateway, and other layers in the edge intelligent gateway collect data for the layer and issue the data to the service functions executed in the layer, and the service functions at least include MQTT, HTTP, HTTPs, MODBUS SERVER, SNMP.
5. The highly integrated cloud edge coordination based edge intelligent gateway according to claim 1, wherein a link layer in said technical architecture unit supports 5G link; the edge-cloud cooperative layer issues and deploys function calculation, stream data analysis, event management, mechanism/training models and other applications to edge nodes in a container mode through an edge end service management system, and the edge nodes upload processing results and data to a cloud platform for further analysis and management after performing primary processing on the data through various components.
6. The highly integrated edge intelligent gateway based on cloud-edge collaboration as claimed in claim 1, wherein the service architecture unit supports operating environments of Docker, node. js, Python and tensrflow, and is internally provided with a device interaction module supporting industrial communication protocols of Modbus, opua and S7, a data pool module supporting data storage and distribution services, and a network connection module supporting communication protocols of HTTPS and MQTT, and provides a visual programming tool, a calculation formula editor, time management and gateway management application, and the modules share data interaction through API interfaces, and part of the API interfaces are open to the outside to provide basic services for internet of things edge applications.
7. The highly integrated edge intelligent gateway based on cloud edge collaboration as claimed in claim 1, wherein the system deployment in the deployment architecture unit is configured to package all files related to edge intelligent gateway functions into compressed files, deploy the compressed files in the gateway through a deployment script key, copy lib files and executable binary files to a specified working directory, and then set the self-start of a program.
8. The highly integrated edge intelligent gateway based on cloud edge collaboration as claimed in claim 1, wherein the edge intelligent service platform in the deployment architecture unit deploys edge service products for building unified management on edge intelligent gateway nodes on the cloud platform, builds full lifecycle management of edge side applications consistent with container cloud products based on container technology, and provides an open interface, and carries cloud platform application deployment, gateway default applications and third party applications on the edge side.
9. The highly integrated cloud edge coordination based edge intelligent gateway according to claim 1, wherein a kernel layer in said security protection architecture unit is configured to provide security management including security addition to a kernel and network packets; the system layer is responsible for providing basic security service and security support for the application; the application protection layer is used for providing system application to complete management of system configuration and identity authentication and providing a safe communication component for service application.
10. The highly integrated cloud-edge collaboration based edge intelligent gateway as claimed in claim 1, wherein said security protection architecture unit is configured to implement security protection of kernel layer security, network protection, security audit, integrity detection, system upgrade and application management.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111633526.XACN114520753A (en) | 2021-12-29 | 2021-12-29 | Highly integrated edge intelligent gateway based on cloud edge cooperation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111633526.XACN114520753A (en) | 2021-12-29 | 2021-12-29 | Highly integrated edge intelligent gateway based on cloud edge cooperation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114520753Atrue CN114520753A (en) | 2022-05-20 |
Family
ID=81597101
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111633526.XAPendingCN114520753A (en) | 2021-12-29 | 2021-12-29 | Highly integrated edge intelligent gateway based on cloud edge cooperation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114520753A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115079648A (en)* | 2022-05-30 | 2022-09-20 | 武汉市水务集团有限公司 | Intelligent industrial control system |
| CN115129396A (en)* | 2022-07-15 | 2022-09-30 | 哈尔滨工业大学 | Industrial software cross-domain service integration and arrangement method based on OPC UA |
| CN115225675A (en)* | 2022-07-18 | 2022-10-21 | 国网信息通信产业集团有限公司 | Charging station intelligent operation and maintenance system based on edge calculation |
| CN115357308A (en)* | 2022-10-21 | 2022-11-18 | 国网信息通信产业集团有限公司 | Docker-based edge IoT agent device, system and application method |
| CN115361363A (en)* | 2022-08-24 | 2022-11-18 | 杭州磐诚科技有限公司 | Edge calculation method of intelligent gateway |
| CN115802193A (en)* | 2023-01-29 | 2023-03-14 | 航信德利信息系统(上海)有限公司 | Information processing all-in-one machine |
| CN116016186A (en)* | 2023-01-04 | 2023-04-25 | 北京天拓四方科技有限公司 | Data processing method, system and device based on industrial edge computing service gateway |
| CN116232647A (en)* | 2022-12-15 | 2023-06-06 | 中信数字创新(上海)科技有限公司 | Edge computing gateway architecture with internal network transverse micro-isolation and micro-isolation method thereof |
| CN116633923A (en)* | 2023-03-18 | 2023-08-22 | 光魄智能科技(徐州)有限公司 | A cloud-native intelligent edge terminal |
| CN116708084A (en)* | 2023-07-17 | 2023-09-05 | 上海电器科学研究所(集团)有限公司 | Edge computing gateway based on industrial Internet |
| CN116719283A (en)* | 2023-06-09 | 2023-09-08 | 杭州优稳自动化系统有限公司 | Cloud edge cooperative industrial control system architecture with endophytic safety |
| CN118337809A (en)* | 2024-03-18 | 2024-07-12 | 广州欧创智能科技有限公司 | Communication method and system based on Internet of things integrated gateway |
| CN119886954A (en)* | 2024-12-30 | 2025-04-25 | 中国电力科学研究院有限公司 | Collaborative optimization system, method, equipment and medium for regulating and controlling cloud platform data quality |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN211908836U (en)* | 2020-04-30 | 2020-11-10 | 江苏九鱼电子科技有限公司 | Edge computing gateway based on 5G transmission |
| CN112073461A (en)* | 2020-08-05 | 2020-12-11 | 烽火通信科技股份有限公司 | Industrial Internet system based on cloud edge cooperation |
| US20210168127A1 (en)* | 2019-12-03 | 2021-06-03 | Aetna Inc. | Hybrid cloud application programming interface management platform |
- 2021
- 2021-12-29CNCN202111633526.XApatent/CN114520753A/enactivePending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210168127A1 (en)* | 2019-12-03 | 2021-06-03 | Aetna Inc. | Hybrid cloud application programming interface management platform |
| CN211908836U (en)* | 2020-04-30 | 2020-11-10 | 江苏九鱼电子科技有限公司 | Edge computing gateway based on 5G transmission |
| CN112073461A (en)* | 2020-08-05 | 2020-12-11 | 烽火通信科技股份有限公司 | Industrial Internet system based on cloud edge cooperation |
Non-Patent Citations (1)
| Title |
|---|
| 施磊: "基于Web边缘网关的增量式工业网络网管系统解决方案", 电力信息与通信技术, vol. 19, no. 2, pages 2 - 5* |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115079648A (en)* | 2022-05-30 | 2022-09-20 | 武汉市水务集团有限公司 | Intelligent industrial control system |
| CN115129396A (en)* | 2022-07-15 | 2022-09-30 | 哈尔滨工业大学 | Industrial software cross-domain service integration and arrangement method based on OPC UA |
| CN115225675A (en)* | 2022-07-18 | 2022-10-21 | 国网信息通信产业集团有限公司 | Charging station intelligent operation and maintenance system based on edge calculation |
| CN115361363A (en)* | 2022-08-24 | 2022-11-18 | 杭州磐诚科技有限公司 | Edge calculation method of intelligent gateway |
| CN115361363B (en)* | 2022-08-24 | 2023-08-11 | 杭州磐诚科技有限公司 | Edge computing method of intelligent gateway |
| CN115357308A (en)* | 2022-10-21 | 2022-11-18 | 国网信息通信产业集团有限公司 | Docker-based edge IoT agent device, system and application method |
| CN115357308B (en)* | 2022-10-21 | 2023-01-06 | 国网信息通信产业集团有限公司 | Docker-based edge IoT agent device, system and application method |
| CN116232647A (en)* | 2022-12-15 | 2023-06-06 | 中信数字创新(上海)科技有限公司 | Edge computing gateway architecture with internal network transverse micro-isolation and micro-isolation method thereof |
| CN116016186A (en)* | 2023-01-04 | 2023-04-25 | 北京天拓四方科技有限公司 | Data processing method, system and device based on industrial edge computing service gateway |
| CN115802193B (en)* | 2023-01-29 | 2023-04-28 | 航信德利信息系统(上海)有限公司 | Information processing all-in-one machine |
| CN115802193A (en)* | 2023-01-29 | 2023-03-14 | 航信德利信息系统(上海)有限公司 | Information processing all-in-one machine |
| CN116633923A (en)* | 2023-03-18 | 2023-08-22 | 光魄智能科技(徐州)有限公司 | A cloud-native intelligent edge terminal |
| CN116719283A (en)* | 2023-06-09 | 2023-09-08 | 杭州优稳自动化系统有限公司 | Cloud edge cooperative industrial control system architecture with endophytic safety |
| CN116708084A (en)* | 2023-07-17 | 2023-09-05 | 上海电器科学研究所(集团)有限公司 | Edge computing gateway based on industrial Internet |
| CN118337809A (en)* | 2024-03-18 | 2024-07-12 | 广州欧创智能科技有限公司 | Communication method and system based on Internet of things integrated gateway |
| CN119886954A (en)* | 2024-12-30 | 2025-04-25 | 中国电力科学研究院有限公司 | Collaborative optimization system, method, equipment and medium for regulating and controlling cloud platform data quality |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114520753A (en) | Highly integrated edge intelligent gateway based on cloud edge cooperation | |
| US11953890B2 (en) | Centralized management of a software defined automation system | |
| US10740293B2 (en) | Modular control manifest generator for cloud automation | |
| Merlino et al. | Enabling workload engineering in edge, fog, and cloud computing through OpenStack-based middleware | |
| US9729678B2 (en) | Methods of processing data corresponding to a device that corresponds to a gas, water, or electric grid, and related devices and computer program products | |
| RU2744562C2 (en) | Method and system for providing proxy services in an industrial system | |
| Flaus | Cybersecurity of industrial systems | |
| WO2019055948A1 (en) | Network asset characterization, classification, grouping and control | |
| CN115037600B (en) | A low-power Internet of Things platform supporting long connections and its equipment and management method | |
| Merlino et al. | Software defined cities: A novel paradigm for smart cities through iot clouds | |
| CN113949703A (en) | Cloud edge cooperative system for electric power artificial intelligence | |
| Salhaoui et al. | An IoT control system for wind power generators | |
| Comer et al. | Externalization of packet processing in software defined networking | |
| CN110262420A (en) | A kind of distributed industrial control network security detection system | |
| Barzegaran et al. | Fogification of electric drives: An industrial use case | |
| CN118656206A (en) | Energy network computing power coordination system | |
| CN116339970A (en) | Software defined edge computing platform and method of use thereof | |
| CN119420778A (en) | An intelligent management platform for IoT devices based on edge computing | |
| Han et al. | Open framework of gateway monitoring system for internet of things in edge computing | |
| CN112486666A (en) | Model-driven reference architecture method and platform | |
| Bello et al. | Zero-touch Service Management for 6G verticals: Smart Traffic Management Case Study | |
| CN118941235A (en) | A digital platform architecture for ship power systems | |
| Pradhan et al. | Towards a generic computation model for smart city platforms | |
| Han et al. | Research on Edge Computing-oriented Resource-aware Access and Intelligent Gateway Technology for Power Transmission, Transformation and Distribution | |
| Gobinath et al. | Integration of cloud and edge computing in distributed renewable energy systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20220520 | |
| RJ01 | Rejection of invention patent application after publication |