CN106130775A - The centralized management system of VPN device and method - Google Patents

The centralized management system of VPN device and method Download PDF

Info

Publication number
CN106130775A
CN106130775A CN201610550761.3A CN201610550761A CN106130775A CN 106130775 A CN106130775 A CN 106130775A CN 201610550761 A CN201610550761 A CN 201610550761A CN 106130775 A CN106130775 A CN 106130775A
Authority
CN
China
Prior art keywords
configuration file
vpn device
check code
vpn
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610550761.3A
Other languages
Chinese (zh)
Other versions
CN106130775B (en
Inventor
朱志博
雷兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Ctrip Business Co Ltd
Original Assignee
Shanghai Ctrip Business Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Ctrip Business Co Ltd filed Critical Shanghai Ctrip Business Co Ltd
Priority to CN201610550761.3A priority Critical patent/CN106130775B/en
Publication of CN106130775A publication Critical patent/CN106130775A/en
Application granted granted Critical
Publication of CN106130775B publication Critical patent/CN106130775B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of centralized management system and the method for VPN device, centralized management system includes: identification code signal generating unit, generates the unique identifier of VPN device, sets up key;Transmission unit, transmits unique identifier, key and configuration file to configuration file memory element;Check code signal generating unit, obtains unique identifier and key after starting VPN device, generates check code;Configuration file request unit, sends request instruction;Verification unit, calculate that check code comparing calculates is the most identical with the check code that comprises in request instruction, is if so, downloaded in VPN device by configuration file, if it is not, return error message;Computing unit, calculates the MD5 value of the configuration file downloaded, and compares that calculate the most identical with currently used configuration file MD5 value, if it is not, download new configuration file for VPN device.VPN device is managed concentratedly by the present invention, reduces the complexity of plant maintenance.

Description

The centralized management system of VPN device and method
Technical field
The present invention relates to a kind of technical field of network security, particularly relate to a kind of VPN device centralized management system and Method.
Background technology
Along with the development of network, in order to ensure the safety of data, the communication between branch company and head office or substation point And between IDC (Internet data center), often use the mode of VPN (VPN (virtual private network)) to carry out communication.Master in prior art To be attached with center-side by the configuration of the VPN device of far-end of manually modifying, but the nothing if far-end breaks down When method remotely manages, now can only manually arrive in device context and be managed, for large-scale VPN terminal unit, pipe Reason cost is the highest.
Summary of the invention
The technical problem to be solved in the present invention is to overcome joining of the VPN device of manual amendment's far-end in prior art Put, cause far-end when breaking down, to cannot be carried out the defect remotely managed, it is provided that the centralized management system of a kind of VPN device and side Method.
The present invention solves above-mentioned technical problem by following technical proposals:
The invention provides the centralized management system of a kind of VPN device, its feature is, including:
Identification code signal generating unit, for generating the unique identifier of VPN device, and sets up the key of VPN device;
Transmission unit, for depositing the unique identifier of VPN device, key and configuration file transmission to a configuration file Storage unit stores, and key is imported in VPN device;
Check code signal generating unit, for after starting VPN device, obtains unique identifier and key from VPN device, and Check code is generated according to the unique identifier obtained and key;
Configuration file request unit, for sending the request of request download configuration file to described configuration file memory element Instruction, described request instruction comprises unique identifier and the check code of VPN device;
Verification unit, calculates check code for the unique identifier according to VPN device and key, and compares the school calculated Test the check code comprised in code and described request instruction the most identical, if identical, then configuration file is deposited from described configuration file Storage unit is downloaded in VPN device, if differing, then returns error message;
Computing unit, for calculating MD5 (Message Digest Algorithm 5) value of the configuration file of download, and compares calculating The MD5 value of the configuration file that the MD5 value that goes out is currently used with VPN device is the most identical, and is under VPN device when being judged as NO Carry new configuration file.
It is preferred that described computing unit is additionally operable to when being judged as YES, loads the configuration file of described download and start VPN Tunnel.
It is preferred that described centralized management system also includes:
Whether monitoring unit, there is exception for regularly detection vpn tunneling, and at detection vpn tunneling, occur abnormal exceeding During one time period, call described check code signal generating unit and restart VPN device.
It is preferred that described centralized management system also includes:
Detector unit, is used for detecting whether configuration file is revised, and is deposited by amended configuration file when being detected as being In storage extremely described configuration file memory element, restart VPN device and amended configuration file is stored from described configuration file Unit is downloaded in VPN device.
It is preferred that the check code that described check code signal generating unit generates is MD5 check code.
It is an object of the invention to additionally provide a kind of centralized management method of VPN device, its feature is, in its utilization The centralized management system stated realizes, and comprises the following steps:
S1, generate the unique identifier of VPN device, and set up the key of VPN device;
S2, the transmission of the unique identifier of VPN device, key and configuration file is deposited to configuration file memory element Storage, and key is imported in VPN device;
S3, starting after VPN device, from VPN device, obtain unique identifier and key, and according to the unique knowledge obtained Other code and key generate check code;
S4, to described configuration file memory element send request download configuration file request instruction, described request instruction Comprise unique identifier and the check code of VPN device;
S5, calculate check code according to the unique identifier of VPN device and key, and compare the check code calculated with described The check code comprised in request instruction is the most identical, if identical, is then downloaded from described configuration file memory element by configuration file To VPN device, then perform step S6;If differing, then return error message, then terminate flow process;
S6, calculate the MD5 value of configuration file downloaded, and compare join currently used with VPN device of the MD5 value calculated The MD5 value putting file is the most identical, and is that VPN device downloads new configuration file when being judged as NO.
It is preferred that step S6In also when being judged as YES, load the configuration file of described download and start vpn tunneling.
It is preferred that described centralized management system also includes that monitoring unit, described monitoring method also include:
Whether monitoring unit timing detection vpn tunneling there is exception, and occurs abnormal more than the time at detection vpn tunneling Duan Shi, calls described check code signal generating unit and restarts VPN device.
It is preferred that described centralized management system also includes that detector unit, described centralized management method also include:
Whether detector unit detection configuration file is revised, and stores amended configuration file to institute when being detected as being State in configuration file memory element, restart VPN device and by amended configuration file from described configuration file memory element It is loaded onto in VPN device.
It is preferred that step S3The check code of middle generation is MD5 check code.
The most progressive effect of the present invention is: VPN terminal unit is managed concentratedly by the present invention, all of configuration literary composition Part can be concentrated and operate, and VPN device autonomous in the case of vpn tunneling is unfounded can download new configuration literary composition Part, reduces the complexity that VPN device is safeguarded, simplifies maintenance work, enhance the stability of VPN device, and the present invention The problem that the workload of VPN device high-volume amendment configuration file is huge can be solved, improve work efficiency.
Accompanying drawing explanation
Fig. 1 is the module diagram of the centralized management system of the VPN device of presently preferred embodiments of the present invention.
Fig. 2 is the flow chart of the centralized management method of the VPN device of presently preferred embodiments of the present invention.
Detailed description of the invention
Further illustrate the present invention below by the mode of embodiment, but the most therefore limit the present invention to described reality Execute among example scope.
As it is shown in figure 1, the centralized management system of the VPN device of the present invention include identification code signal generating unit 1, transmission unit 2, Check code signal generating unit 3, configuration file request unit 4, verification unit 5, computing unit 6 and configuration file memory element 7, this The centralized management system of the VPN device of invention can utilize above-mentioned unit that multiple VPN device are carried out centralized and unified management.
Wherein, described identification code signal generating unit 1 can generate unique identifier (UID) according to the hardware information of VPN device, and Set up the key of VPN device;
Described transmission unit 2 is then civilian to described configuration by the transmission of the unique identifier of VPN device, key and configuration file Part memory element 7 stores, and key is imported in VPN device;
Described check code signal generating unit 3 can start VPN device, from VPN device acquisition unique identifier and key, and according to Unique identifier and key to obtaining calculate to generate check code;
Described configuration file request unit 4 is then joined to described according to the unique identifier of VPN device and the check code of generation Putting file storage unit 7 and send configuration file acquisition request, specifically, described configuration file request unit 4 can be to described configuration File storage unit 7 sends the request instruction of request download configuration file, and described request instruction comprises unique identification of VPN device Code and check code;
Described verification unit 5 can calculate check code according to the unique identifier of VPN device and key, and (specially MD5 verifies Code), and it is the most identical to compare the check code comprised in the check code that calculates and described request instruction, if identical, then explanation is asked Ask instruction legal, the most just configuration file is downloaded in VPN device from described configuration file memory element 7, if differing, Then return error message;
Described computing unit 6 can calculate the MD5 value of the configuration file of download, and compares the MD5 value and VPN device calculated The MD5 value of currently used configuration file is the most identical, and when being judged as NO, then downloads new configuration file for VPN device, When being judged as YES, then load the configuration file of described download and start vpn tunneling.
In the present invention, it is preferred to, the management system of described VPN device also includes monitoring unit 8, described monitoring unit 8 In VPN device running, whether timing detection vpn tunneling there is exception, and occurs abnormal more than one at detection vpn tunneling During time period (the concrete time can be configured according to actual needs), call described check code signal generating unit 3 and restart VPN device, Described check code signal generating unit 3 then reacquires unique identifier and key after VPN device is restarted, and regenerates verification Code.
Preferably, in the present invention, the centralized management system of described VPN device also includes detector unit 9, and described detection is single Unit 9 can detect whether configuration file is revised, and when amendment being detected, stores amended new configuration file to described In configuration file memory element 7, then restart VPN device and by amended configuration file from described configuration file memory element 7 are downloaded in VPN device, it is achieved that load up-to-date configuration file for VPN device.
In the present invention, VPN device actively can obtain the configuration literary composition belonging to described VPN device to configuration file memory element Part, is updated and loads;Configuration file memory element group to store the configuration file of each VPN device, and provides configuration The download of file, configuration file memory element can open in public network;The centralized management system of described VPN device is mainly used in Staff adds new VPN device, and safeguards that the interface of corresponding configuration file, new configuration file and facility information will It is sent in configuration file memory element store.
Present invention achieves and the configuration of all VPN device is managed concentratedly, it is not necessary to be connected to each VPN device to joining Put and modify, reduce the complexity of maintenance, and when the configuration of VPN device occurs amendment, VPN device can weigh automatically Newly downloaded up-to-date configuration file is also updated, and eliminates and logs in the operation that corresponding VPN device is modified, significantly provides Work efficiency and maintenance cost, and be conducive to multiple VPN device are carried out large-scale batch modification configuration, simplify The maintenance work of VPN device.
As in figure 2 it is shown, the centralized management method of the VPN device of the present invention utilizes the centralized management system of above-mentioned VPN device System realizes, and comprises the following steps:
Step 101, the unique identifier of generation VPN device, and set up the key of VPN device;
Step 102, by the unique identifier of VPN device, key and configuration file transmit to configuration file memory element Store, and key is imported in VPN device;
Step 103, starting after VPN device, from VPN device, obtaining unique identifier and key, and according to obtaining Unique identifier and key generate check code;
Step 104, to described configuration file memory element send request download configuration file request instruction, described request Instruction comprises unique identifier and the check code of VPN device;
Step 105, calculate check code according to the unique identifier of VPN device and key, and compare the check code calculated The most identical with the check code comprised in described request instruction, if identical, then configuration file is single from the storage of described configuration file Unit is downloaded in VPN device, then performs step 106;If differing, then return error message, then terminate flow process;
Step 106, calculate the MD5 value of configuration file downloaded, and compare the MD5 value calculated and currently make with VPN device The MD5 value of configuration file the most identical, if it is not, then download new configuration file for VPN device;The most then load described Download configuration file and start vpn tunneling;
Whether step 107, timing detection vpn tunneling there is exception, and occur abnormal more than the time at detection vpn tunneling Duan Shi, calls described check code signal generating unit and restarts VPN device, be then back to step 103.
In the centralized management method of the VPN device of the present invention, also include: whether utilize detector unit detection configuration file Amendment, and when amendment being detected, amended new configuration file is stored to configuration file memory element, then restarts Amended configuration file is also downloaded to VPN device by VPN device from configuration file memory element, it is achieved that for VPN device Load up-to-date configuration file.
Although the foregoing describing the detailed description of the invention of the present invention, it will be appreciated by those of skill in the art that these Being merely illustrative of, protection scope of the present invention is defined by the appended claims.Those skilled in the art is not carrying on the back On the premise of the principle and essence of the present invention, these embodiments can be made various changes or modifications, but these change Protection scope of the present invention is each fallen within amendment.

Claims (10)

1. the centralized management system of a VPN device, it is characterised in that including:
Identification code signal generating unit, for generating the unique identifier of VPN device, and sets up the key of VPN device;
Transmission unit, for single to a configuration file storage by the unique identifier of VPN device, key and configuration file transmission Unit stores, and key is imported in VPN device;
Check code signal generating unit, is used for after starting VPN device, acquisition unique identifier and key from VPN device, and according to The unique identifier obtained and key generate check code;
Configuration file request unit, refers to for sending the request of request download configuration file to described configuration file memory element Order, described request instruction comprises unique identifier and the check code of VPN device;
Verification unit, calculates check code for the unique identifier according to VPN device and key, and compares the check code calculated The most identical with the check code comprised in described request instruction, if identical, then configuration file is single from the storage of described configuration file Unit is downloaded in VPN device, if differing, then returns error message;
Computing unit, for calculating the MD5 value of configuration file of download, and compares the MD5 value calculated and currently makes with VPN device The MD5 value of configuration file the most identical, and be that VPN device downloads new configuration file when being judged as NO.
2. centralized management system as claimed in claim 1, it is characterised in that described computing unit is additionally operable to be judged as YES Time, load the configuration file of described download and start vpn tunneling.
3. centralized management system as claimed in claim 2, it is characterised in that described centralized management system also includes:
Whether monitoring unit, there is exception for regularly detection vpn tunneling, and at detection vpn tunneling, occur abnormal exceeding for the moment Between section time, call described check code signal generating unit and restart VPN device.
4. centralized management system as claimed in claim 1, it is characterised in that described centralized management system also includes:
Detector unit, is used for detecting whether configuration file is revised, and when being detected as being, amended configuration file is stored to In described configuration file memory element, restart VPN device and by amended configuration file from described configuration file memory element It is downloaded in VPN device.
5. the centralized management system as described in any one in claim 1-4, it is characterised in that described check code signal generating unit The check code generated is MD5 check code.
6. the centralized management method of a VPN device, it is characterised in that system is managed in its utilization as claimed in claim 1 concentratedly System realizes, and comprises the following steps:
S1, generate the unique identifier of VPN device, and set up the key of VPN device;
S2, the transmission of the unique identifier of VPN device, key and configuration file is stored to configuration file memory element, and Key is imported in VPN device;
S3, starting after VPN device, from VPN device, obtain unique identifier and key, and according to the unique identifier obtained Check code is generated with key;
S4, to described configuration file memory element send request download configuration file request instruction, described request instruction comprises The unique identifier of VPN device and check code;
S5, calculate check code according to the unique identifier of VPN device and key, and compare the check code and described request calculated The check code comprised in instruction is the most identical, if identical, then from described configuration file memory element, configuration file is downloaded to VPN In equipment, then perform step S6;If differing, then return error message, then terminate flow process;
S6, calculate the MD5 value of configuration file downloaded, and it is civilian to compare the MD5 value the calculated configuration currently used with VPN device The MD5 value of part is the most identical, and is that VPN device downloads new configuration file when being judged as NO.
Manage method the most as claimed in claim 6 concentratedly, it is characterised in that step S6In also when being judged as YES, load described Download configuration file and start vpn tunneling.
Manage method the most as claimed in claim 7 concentratedly, it is characterised in that described centralized management system also includes that monitoring is single Unit, described monitoring method also includes:
Whether monitoring unit timing detection vpn tunneling there is exception, and occurs abnormal more than a time period at detection vpn tunneling Time, call described check code signal generating unit and restart VPN device.
Manage method the most as claimed in claim 6 concentratedly, it is characterised in that described centralized management system also includes that detection is single Unit, described centralized management method also includes:
Whether detector unit detection configuration file is revised, and is stored by amended configuration file when being detected as being and join to described Put in file storage unit, restart VPN device and amended configuration file is downloaded to from described configuration file memory element In VPN device.
10. the centralized management method as described in any one in claim 6-9, it is characterised in that step S3The verification of middle generation Code is MD5 check code.
CN201610550761.3A 2016-07-13 2016-07-13 The centralized management system and method for VPN device Active CN106130775B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610550761.3A CN106130775B (en) 2016-07-13 2016-07-13 The centralized management system and method for VPN device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610550761.3A CN106130775B (en) 2016-07-13 2016-07-13 The centralized management system and method for VPN device

Publications (2)

Publication Number Publication Date
CN106130775A true CN106130775A (en) 2016-11-16
CN106130775B CN106130775B (en) 2019-08-20

Family

ID=57283771

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610550761.3A Active CN106130775B (en) 2016-07-13 2016-07-13 The centralized management system and method for VPN device

Country Status (1)

Country Link
CN (1) CN106130775B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447907A (en) * 2008-10-31 2009-06-03 北京东方中讯联合认证技术有限公司 VPN secure access method and system thereof
CN102064966A (en) * 2010-12-29 2011-05-18 北京世纪互联工程技术服务有限公司 Configuration method, server, equipment and system
EP2434696A1 (en) * 2010-09-24 2012-03-28 Research in Motion Limited System and method for enabling vpn tunnel status checking
CN103281334A (en) * 2013-06-17 2013-09-04 福建伊时代信息科技股份有限公司 Terminal processing method, terminal and server
CN103281694A (en) * 2013-06-20 2013-09-04 福建伊时代信息科技股份有限公司 Configuration file distributing method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447907A (en) * 2008-10-31 2009-06-03 北京东方中讯联合认证技术有限公司 VPN secure access method and system thereof
EP2434696A1 (en) * 2010-09-24 2012-03-28 Research in Motion Limited System and method for enabling vpn tunnel status checking
CN102064966A (en) * 2010-12-29 2011-05-18 北京世纪互联工程技术服务有限公司 Configuration method, server, equipment and system
CN103281334A (en) * 2013-06-17 2013-09-04 福建伊时代信息科技股份有限公司 Terminal processing method, terminal and server
CN103281694A (en) * 2013-06-20 2013-09-04 福建伊时代信息科技股份有限公司 Configuration file distributing method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
钱煜明: "BYOD企业移动设备管理技术", 《中兴通讯技术》 *

Also Published As

Publication number Publication date
CN106130775B (en) 2019-08-20

Similar Documents

Publication Publication Date Title
CN103678354A (en) Local relation type database node scheduling method and device based on cloud computing platform
CN109992571B (en) Online closed-loop checking system and checking method for configuration file of intelligent substation
CN110138876B (en) Task deployment method, device, equipment and platform
CN105224362A (en) Host computer carries out the method and system of program upgrade to slave computer
CN103390882B (en) A kind of Oversea power grid protection constant value modification method
CN106919668A (en) Charging pile localization method and system
CN103399787B (en) A kind of MapReduce operation streaming dispatching method and dispatching patcher calculating platform based on Hadoop cloud
CN113485220A (en) Cloud cooperation method and system for simplifying field network diagnosis of operation and maintenance personnel
CN103024015B (en) A kind of based on the method for transmitting file in the cross-platform browser end verification md5 value of Flex
CN109782724A (en) The control method and terminal device of anti-misoperation locking
CN114401207B (en) Communication abnormal terminal equipment positioning method and device and electronic equipment
CN109274734B (en) Service process calling method and device based on Internet of things cloud platform
CN106067886A (en) Security strategy update method and system
CN106786533B (en) The acquisition methods and device of electric dispatching plan data
CN106534307B (en) Cloud environment elastic load equalization methods based on load balancing dynamic configuration plug-in unit
CN108170488B (en) Method and device for upgrading plug-in
CN106130775A (en) The centralized management system of VPN device and method
CN109495499B (en) Encryption algorithm-based communication protocol bidirectional verification automatic test tool and method
CN107015622A (en) A kind of spark clusters automatic cut-off protection shield and the method for incoming call self-starting
CN107070730B (en) CTDB starting method and device
CN105323289A (en) Distributed data synchronization method
CN105227353A (en) A kind of MYSQL cluster implementation method and system
CN104915291A (en) Terminal restart verification method and system
CN107590647A (en) The servo supervisory systems of ship-handling system
CN115269262A (en) Step hydropower data backup method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant