CN106130775A - The centralized management system of VPN device and method - Google Patents
The centralized management system of VPN device and method Download PDFInfo
- Publication number
- CN106130775A CN106130775A CN201610550761.3A CN201610550761A CN106130775A CN 106130775 A CN106130775 A CN 106130775A CN 201610550761 A CN201610550761 A CN 201610550761A CN 106130775 A CN106130775 A CN 106130775A
- Authority
- CN
- China
- Prior art keywords
- configuration file
- vpn device
- check code
- vpn
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of centralized management system and the method for VPN device, centralized management system includes: identification code signal generating unit, generates the unique identifier of VPN device, sets up key;Transmission unit, transmits unique identifier, key and configuration file to configuration file memory element;Check code signal generating unit, obtains unique identifier and key after starting VPN device, generates check code;Configuration file request unit, sends request instruction;Verification unit, calculate that check code comparing calculates is the most identical with the check code that comprises in request instruction, is if so, downloaded in VPN device by configuration file, if it is not, return error message;Computing unit, calculates the MD5 value of the configuration file downloaded, and compares that calculate the most identical with currently used configuration file MD5 value, if it is not, download new configuration file for VPN device.VPN device is managed concentratedly by the present invention, reduces the complexity of plant maintenance.
Description
Technical field
The present invention relates to a kind of technical field of network security, particularly relate to a kind of VPN device centralized management system and
Method.
Background technology
Along with the development of network, in order to ensure the safety of data, the communication between branch company and head office or substation point
And between IDC (Internet data center), often use the mode of VPN (VPN (virtual private network)) to carry out communication.Master in prior art
To be attached with center-side by the configuration of the VPN device of far-end of manually modifying, but the nothing if far-end breaks down
When method remotely manages, now can only manually arrive in device context and be managed, for large-scale VPN terminal unit, pipe
Reason cost is the highest.
Summary of the invention
The technical problem to be solved in the present invention is to overcome joining of the VPN device of manual amendment's far-end in prior art
Put, cause far-end when breaking down, to cannot be carried out the defect remotely managed, it is provided that the centralized management system of a kind of VPN device and side
Method.
The present invention solves above-mentioned technical problem by following technical proposals:
The invention provides the centralized management system of a kind of VPN device, its feature is, including:
Identification code signal generating unit, for generating the unique identifier of VPN device, and sets up the key of VPN device;
Transmission unit, for depositing the unique identifier of VPN device, key and configuration file transmission to a configuration file
Storage unit stores, and key is imported in VPN device;
Check code signal generating unit, for after starting VPN device, obtains unique identifier and key from VPN device, and
Check code is generated according to the unique identifier obtained and key;
Configuration file request unit, for sending the request of request download configuration file to described configuration file memory element
Instruction, described request instruction comprises unique identifier and the check code of VPN device;
Verification unit, calculates check code for the unique identifier according to VPN device and key, and compares the school calculated
Test the check code comprised in code and described request instruction the most identical, if identical, then configuration file is deposited from described configuration file
Storage unit is downloaded in VPN device, if differing, then returns error message;
Computing unit, for calculating MD5 (Message Digest Algorithm 5) value of the configuration file of download, and compares calculating
The MD5 value of the configuration file that the MD5 value that goes out is currently used with VPN device is the most identical, and is under VPN device when being judged as NO
Carry new configuration file.
It is preferred that described computing unit is additionally operable to when being judged as YES, loads the configuration file of described download and start VPN
Tunnel.
It is preferred that described centralized management system also includes:
Whether monitoring unit, there is exception for regularly detection vpn tunneling, and at detection vpn tunneling, occur abnormal exceeding
During one time period, call described check code signal generating unit and restart VPN device.
It is preferred that described centralized management system also includes:
Detector unit, is used for detecting whether configuration file is revised, and is deposited by amended configuration file when being detected as being
In storage extremely described configuration file memory element, restart VPN device and amended configuration file is stored from described configuration file
Unit is downloaded in VPN device.
It is preferred that the check code that described check code signal generating unit generates is MD5 check code.
It is an object of the invention to additionally provide a kind of centralized management method of VPN device, its feature is, in its utilization
The centralized management system stated realizes, and comprises the following steps:
S1, generate the unique identifier of VPN device, and set up the key of VPN device;
S2, the transmission of the unique identifier of VPN device, key and configuration file is deposited to configuration file memory element
Storage, and key is imported in VPN device;
S3, starting after VPN device, from VPN device, obtain unique identifier and key, and according to the unique knowledge obtained
Other code and key generate check code;
S4, to described configuration file memory element send request download configuration file request instruction, described request instruction
Comprise unique identifier and the check code of VPN device;
S5, calculate check code according to the unique identifier of VPN device and key, and compare the check code calculated with described
The check code comprised in request instruction is the most identical, if identical, is then downloaded from described configuration file memory element by configuration file
To VPN device, then perform step S6;If differing, then return error message, then terminate flow process;
S6, calculate the MD5 value of configuration file downloaded, and compare join currently used with VPN device of the MD5 value calculated
The MD5 value putting file is the most identical, and is that VPN device downloads new configuration file when being judged as NO.
It is preferred that step S6In also when being judged as YES, load the configuration file of described download and start vpn tunneling.
It is preferred that described centralized management system also includes that monitoring unit, described monitoring method also include:
Whether monitoring unit timing detection vpn tunneling there is exception, and occurs abnormal more than the time at detection vpn tunneling
Duan Shi, calls described check code signal generating unit and restarts VPN device.
It is preferred that described centralized management system also includes that detector unit, described centralized management method also include:
Whether detector unit detection configuration file is revised, and stores amended configuration file to institute when being detected as being
State in configuration file memory element, restart VPN device and by amended configuration file from described configuration file memory element
It is loaded onto in VPN device.
It is preferred that step S3The check code of middle generation is MD5 check code.
The most progressive effect of the present invention is: VPN terminal unit is managed concentratedly by the present invention, all of configuration literary composition
Part can be concentrated and operate, and VPN device autonomous in the case of vpn tunneling is unfounded can download new configuration literary composition
Part, reduces the complexity that VPN device is safeguarded, simplifies maintenance work, enhance the stability of VPN device, and the present invention
The problem that the workload of VPN device high-volume amendment configuration file is huge can be solved, improve work efficiency.
Accompanying drawing explanation
Fig. 1 is the module diagram of the centralized management system of the VPN device of presently preferred embodiments of the present invention.
Fig. 2 is the flow chart of the centralized management method of the VPN device of presently preferred embodiments of the present invention.
Detailed description of the invention
Further illustrate the present invention below by the mode of embodiment, but the most therefore limit the present invention to described reality
Execute among example scope.
As it is shown in figure 1, the centralized management system of the VPN device of the present invention include identification code signal generating unit 1, transmission unit 2,
Check code signal generating unit 3, configuration file request unit 4, verification unit 5, computing unit 6 and configuration file memory element 7, this
The centralized management system of the VPN device of invention can utilize above-mentioned unit that multiple VPN device are carried out centralized and unified management.
Wherein, described identification code signal generating unit 1 can generate unique identifier (UID) according to the hardware information of VPN device, and
Set up the key of VPN device;
Described transmission unit 2 is then civilian to described configuration by the transmission of the unique identifier of VPN device, key and configuration file
Part memory element 7 stores, and key is imported in VPN device;
Described check code signal generating unit 3 can start VPN device, from VPN device acquisition unique identifier and key, and according to
Unique identifier and key to obtaining calculate to generate check code;
Described configuration file request unit 4 is then joined to described according to the unique identifier of VPN device and the check code of generation
Putting file storage unit 7 and send configuration file acquisition request, specifically, described configuration file request unit 4 can be to described configuration
File storage unit 7 sends the request instruction of request download configuration file, and described request instruction comprises unique identification of VPN device
Code and check code;
Described verification unit 5 can calculate check code according to the unique identifier of VPN device and key, and (specially MD5 verifies
Code), and it is the most identical to compare the check code comprised in the check code that calculates and described request instruction, if identical, then explanation is asked
Ask instruction legal, the most just configuration file is downloaded in VPN device from described configuration file memory element 7, if differing,
Then return error message;
Described computing unit 6 can calculate the MD5 value of the configuration file of download, and compares the MD5 value and VPN device calculated
The MD5 value of currently used configuration file is the most identical, and when being judged as NO, then downloads new configuration file for VPN device,
When being judged as YES, then load the configuration file of described download and start vpn tunneling.
In the present invention, it is preferred to, the management system of described VPN device also includes monitoring unit 8, described monitoring unit 8
In VPN device running, whether timing detection vpn tunneling there is exception, and occurs abnormal more than one at detection vpn tunneling
During time period (the concrete time can be configured according to actual needs), call described check code signal generating unit 3 and restart VPN device,
Described check code signal generating unit 3 then reacquires unique identifier and key after VPN device is restarted, and regenerates verification
Code.
Preferably, in the present invention, the centralized management system of described VPN device also includes detector unit 9, and described detection is single
Unit 9 can detect whether configuration file is revised, and when amendment being detected, stores amended new configuration file to described
In configuration file memory element 7, then restart VPN device and by amended configuration file from described configuration file memory element
7 are downloaded in VPN device, it is achieved that load up-to-date configuration file for VPN device.
In the present invention, VPN device actively can obtain the configuration literary composition belonging to described VPN device to configuration file memory element
Part, is updated and loads;Configuration file memory element group to store the configuration file of each VPN device, and provides configuration
The download of file, configuration file memory element can open in public network;The centralized management system of described VPN device is mainly used in
Staff adds new VPN device, and safeguards that the interface of corresponding configuration file, new configuration file and facility information will
It is sent in configuration file memory element store.
Present invention achieves and the configuration of all VPN device is managed concentratedly, it is not necessary to be connected to each VPN device to joining
Put and modify, reduce the complexity of maintenance, and when the configuration of VPN device occurs amendment, VPN device can weigh automatically
Newly downloaded up-to-date configuration file is also updated, and eliminates and logs in the operation that corresponding VPN device is modified, significantly provides
Work efficiency and maintenance cost, and be conducive to multiple VPN device are carried out large-scale batch modification configuration, simplify
The maintenance work of VPN device.
As in figure 2 it is shown, the centralized management method of the VPN device of the present invention utilizes the centralized management system of above-mentioned VPN device
System realizes, and comprises the following steps:
Step 101, the unique identifier of generation VPN device, and set up the key of VPN device;
Step 102, by the unique identifier of VPN device, key and configuration file transmit to configuration file memory element
Store, and key is imported in VPN device;
Step 103, starting after VPN device, from VPN device, obtaining unique identifier and key, and according to obtaining
Unique identifier and key generate check code;
Step 104, to described configuration file memory element send request download configuration file request instruction, described request
Instruction comprises unique identifier and the check code of VPN device;
Step 105, calculate check code according to the unique identifier of VPN device and key, and compare the check code calculated
The most identical with the check code comprised in described request instruction, if identical, then configuration file is single from the storage of described configuration file
Unit is downloaded in VPN device, then performs step 106;If differing, then return error message, then terminate flow process;
Step 106, calculate the MD5 value of configuration file downloaded, and compare the MD5 value calculated and currently make with VPN device
The MD5 value of configuration file the most identical, if it is not, then download new configuration file for VPN device;The most then load described
Download configuration file and start vpn tunneling;
Whether step 107, timing detection vpn tunneling there is exception, and occur abnormal more than the time at detection vpn tunneling
Duan Shi, calls described check code signal generating unit and restarts VPN device, be then back to step 103.
In the centralized management method of the VPN device of the present invention, also include: whether utilize detector unit detection configuration file
Amendment, and when amendment being detected, amended new configuration file is stored to configuration file memory element, then restarts
Amended configuration file is also downloaded to VPN device by VPN device from configuration file memory element, it is achieved that for VPN device
Load up-to-date configuration file.
Although the foregoing describing the detailed description of the invention of the present invention, it will be appreciated by those of skill in the art that these
Being merely illustrative of, protection scope of the present invention is defined by the appended claims.Those skilled in the art is not carrying on the back
On the premise of the principle and essence of the present invention, these embodiments can be made various changes or modifications, but these change
Protection scope of the present invention is each fallen within amendment.
Claims (10)
1. the centralized management system of a VPN device, it is characterised in that including:
Identification code signal generating unit, for generating the unique identifier of VPN device, and sets up the key of VPN device;
Transmission unit, for single to a configuration file storage by the unique identifier of VPN device, key and configuration file transmission
Unit stores, and key is imported in VPN device;
Check code signal generating unit, is used for after starting VPN device, acquisition unique identifier and key from VPN device, and according to
The unique identifier obtained and key generate check code;
Configuration file request unit, refers to for sending the request of request download configuration file to described configuration file memory element
Order, described request instruction comprises unique identifier and the check code of VPN device;
Verification unit, calculates check code for the unique identifier according to VPN device and key, and compares the check code calculated
The most identical with the check code comprised in described request instruction, if identical, then configuration file is single from the storage of described configuration file
Unit is downloaded in VPN device, if differing, then returns error message;
Computing unit, for calculating the MD5 value of configuration file of download, and compares the MD5 value calculated and currently makes with VPN device
The MD5 value of configuration file the most identical, and be that VPN device downloads new configuration file when being judged as NO.
2. centralized management system as claimed in claim 1, it is characterised in that described computing unit is additionally operable to be judged as YES
Time, load the configuration file of described download and start vpn tunneling.
3. centralized management system as claimed in claim 2, it is characterised in that described centralized management system also includes:
Whether monitoring unit, there is exception for regularly detection vpn tunneling, and at detection vpn tunneling, occur abnormal exceeding for the moment
Between section time, call described check code signal generating unit and restart VPN device.
4. centralized management system as claimed in claim 1, it is characterised in that described centralized management system also includes:
Detector unit, is used for detecting whether configuration file is revised, and when being detected as being, amended configuration file is stored to
In described configuration file memory element, restart VPN device and by amended configuration file from described configuration file memory element
It is downloaded in VPN device.
5. the centralized management system as described in any one in claim 1-4, it is characterised in that described check code signal generating unit
The check code generated is MD5 check code.
6. the centralized management method of a VPN device, it is characterised in that system is managed in its utilization as claimed in claim 1 concentratedly
System realizes, and comprises the following steps:
S1, generate the unique identifier of VPN device, and set up the key of VPN device;
S2, the transmission of the unique identifier of VPN device, key and configuration file is stored to configuration file memory element, and
Key is imported in VPN device;
S3, starting after VPN device, from VPN device, obtain unique identifier and key, and according to the unique identifier obtained
Check code is generated with key;
S4, to described configuration file memory element send request download configuration file request instruction, described request instruction comprises
The unique identifier of VPN device and check code;
S5, calculate check code according to the unique identifier of VPN device and key, and compare the check code and described request calculated
The check code comprised in instruction is the most identical, if identical, then from described configuration file memory element, configuration file is downloaded to VPN
In equipment, then perform step S6;If differing, then return error message, then terminate flow process;
S6, calculate the MD5 value of configuration file downloaded, and it is civilian to compare the MD5 value the calculated configuration currently used with VPN device
The MD5 value of part is the most identical, and is that VPN device downloads new configuration file when being judged as NO.
Manage method the most as claimed in claim 6 concentratedly, it is characterised in that step S6In also when being judged as YES, load described
Download configuration file and start vpn tunneling.
Manage method the most as claimed in claim 7 concentratedly, it is characterised in that described centralized management system also includes that monitoring is single
Unit, described monitoring method also includes:
Whether monitoring unit timing detection vpn tunneling there is exception, and occurs abnormal more than a time period at detection vpn tunneling
Time, call described check code signal generating unit and restart VPN device.
Manage method the most as claimed in claim 6 concentratedly, it is characterised in that described centralized management system also includes that detection is single
Unit, described centralized management method also includes:
Whether detector unit detection configuration file is revised, and is stored by amended configuration file when being detected as being and join to described
Put in file storage unit, restart VPN device and amended configuration file is downloaded to from described configuration file memory element
In VPN device.
10. the centralized management method as described in any one in claim 6-9, it is characterised in that step S3The verification of middle generation
Code is MD5 check code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610550761.3A CN106130775B (en) | 2016-07-13 | 2016-07-13 | The centralized management system and method for VPN device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610550761.3A CN106130775B (en) | 2016-07-13 | 2016-07-13 | The centralized management system and method for VPN device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106130775A true CN106130775A (en) | 2016-11-16 |
CN106130775B CN106130775B (en) | 2019-08-20 |
Family
ID=57283771
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610550761.3A Active CN106130775B (en) | 2016-07-13 | 2016-07-13 | The centralized management system and method for VPN device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106130775B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101447907A (en) * | 2008-10-31 | 2009-06-03 | 北京东方中讯联合认证技术有限公司 | VPN secure access method and system thereof |
CN102064966A (en) * | 2010-12-29 | 2011-05-18 | 北京世纪互联工程技术服务有限公司 | Configuration method, server, equipment and system |
EP2434696A1 (en) * | 2010-09-24 | 2012-03-28 | Research in Motion Limited | System and method for enabling vpn tunnel status checking |
CN103281334A (en) * | 2013-06-17 | 2013-09-04 | 福建伊时代信息科技股份有限公司 | Terminal processing method, terminal and server |
CN103281694A (en) * | 2013-06-20 | 2013-09-04 | 福建伊时代信息科技股份有限公司 | Configuration file distributing method and device |
-
2016
- 2016-07-13 CN CN201610550761.3A patent/CN106130775B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101447907A (en) * | 2008-10-31 | 2009-06-03 | 北京东方中讯联合认证技术有限公司 | VPN secure access method and system thereof |
EP2434696A1 (en) * | 2010-09-24 | 2012-03-28 | Research in Motion Limited | System and method for enabling vpn tunnel status checking |
CN102064966A (en) * | 2010-12-29 | 2011-05-18 | 北京世纪互联工程技术服务有限公司 | Configuration method, server, equipment and system |
CN103281334A (en) * | 2013-06-17 | 2013-09-04 | 福建伊时代信息科技股份有限公司 | Terminal processing method, terminal and server |
CN103281694A (en) * | 2013-06-20 | 2013-09-04 | 福建伊时代信息科技股份有限公司 | Configuration file distributing method and device |
Non-Patent Citations (1)
Title |
---|
钱煜明: "BYOD企业移动设备管理技术", 《中兴通讯技术》 * |
Also Published As
Publication number | Publication date |
---|---|
CN106130775B (en) | 2019-08-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103678354A (en) | Local relation type database node scheduling method and device based on cloud computing platform | |
CN109992571B (en) | Online closed-loop checking system and checking method for configuration file of intelligent substation | |
CN110138876B (en) | Task deployment method, device, equipment and platform | |
CN105224362A (en) | Host computer carries out the method and system of program upgrade to slave computer | |
CN103390882B (en) | A kind of Oversea power grid protection constant value modification method | |
CN106919668A (en) | Charging pile localization method and system | |
CN103399787B (en) | A kind of MapReduce operation streaming dispatching method and dispatching patcher calculating platform based on Hadoop cloud | |
CN113485220A (en) | Cloud cooperation method and system for simplifying field network diagnosis of operation and maintenance personnel | |
CN103024015B (en) | A kind of based on the method for transmitting file in the cross-platform browser end verification md5 value of Flex | |
CN109782724A (en) | The control method and terminal device of anti-misoperation locking | |
CN114401207B (en) | Communication abnormal terminal equipment positioning method and device and electronic equipment | |
CN109274734B (en) | Service process calling method and device based on Internet of things cloud platform | |
CN106067886A (en) | Security strategy update method and system | |
CN106786533B (en) | The acquisition methods and device of electric dispatching plan data | |
CN106534307B (en) | Cloud environment elastic load equalization methods based on load balancing dynamic configuration plug-in unit | |
CN108170488B (en) | Method and device for upgrading plug-in | |
CN106130775A (en) | The centralized management system of VPN device and method | |
CN109495499B (en) | Encryption algorithm-based communication protocol bidirectional verification automatic test tool and method | |
CN107015622A (en) | A kind of spark clusters automatic cut-off protection shield and the method for incoming call self-starting | |
CN107070730B (en) | CTDB starting method and device | |
CN105323289A (en) | Distributed data synchronization method | |
CN105227353A (en) | A kind of MYSQL cluster implementation method and system | |
CN104915291A (en) | Terminal restart verification method and system | |
CN107590647A (en) | The servo supervisory systems of ship-handling system | |
CN115269262A (en) | Step hydropower data backup method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |