CN116244745A - Management method, system and device of measurement and control device - Google Patents

Management method, system and device of measurement and control device Download PDF

Info

Publication number
CN116244745A
CN116244745A CN202310208235.9A CN202310208235A CN116244745A CN 116244745 A CN116244745 A CN 116244745A CN 202310208235 A CN202310208235 A CN 202310208235A CN 116244745 A CN116244745 A CN 116244745A
Authority
CN
China
Prior art keywords
measurement
file
management
management device
control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310208235.9A
Other languages
Chinese (zh)
Inventor
强卫
韩茂林
袁明军
张伟健
曲佐章
李超
胡开放
崔万州
贾利伟
徐奕信
赵子根
郭维
李钊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CYG Sunri Co Ltd
Original Assignee
CYG Sunri Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CYG Sunri Co Ltd filed Critical CYG Sunri Co Ltd
Priority to CN202310208235.9A priority Critical patent/CN116244745A/en
Publication of CN116244745A publication Critical patent/CN116244745A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/20Administration of product repair or maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/06Electricity, gas or water supply
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Abstract

The embodiment of the application provides a management method, a system and a device of a measurement and control device, which relate to the technical field of operation and maintenance, and the scheme comprises the following steps: and displaying a first management interface, wherein the first management interface is displayed with one or more functional controls, and different functional controls are used for realizing different management functions. And determining the identification of a target file when the operation aiming at the first functional control in the one or more functional controls is detected, wherein the target file is a file which is required to be read from or sent to the first observing and controlling device in the one or more observing and controlling devices by the management device. Under the condition that the management device is determined to have the authority for managing the target file according to the first authority configuration file, the first measurement and control device is managed according to the identification of the target file and the management function corresponding to the first function control.

Description

Management method, system and device of measurement and control device
Technical Field
The present disclosure relates to the field of operation and maintenance technologies, and in particular, to a method, a system, and an apparatus for managing a measurement and control device.
Background
In the automatic application of the power system, the measurement and control device is used as front-end secondary equipment for realizing the functions of measurement and control. Typically, a site will be configured with multiple measurement and control devices. According to the cluster measurement and control scheme, a plurality of measurement and control devices can be formed into a cluster, so that the number of devices is reduced. However, the cluster measurement and control scheme generally needs to rely on-site manual operation during daily operation and maintenance of the measurement and control device, and a large number of files, such as a communication configuration file, a five-prevention configuration file, a key system file, a parameter file, an application program file and the like, are stored in a single measurement and control device, and if the files are downloaded or backed up one by one, the operation is complicated. And the daily upgrading and maintenance of a single measurement and control device and information checking are performed, if the single measurement and control device is operated on site manually, the manual operation and maintenance cost is high.
Disclosure of Invention
The embodiment of the application provides a management method, a system and a device of a measurement and control device, and the scheme is used for solving the technical problem of how to reduce the manual operation and maintenance cost of the measurement and control device and improving the efficiency of operation, maintenance and management.
In a first aspect, an embodiment of the present application provides a method for managing a measurement and control device, where the method is applied to a management device, the management device is respectively in communication connection with one or more measurement and control devices, the management device has a first permission configuration file, where the first permission configuration file records a first identifier of at least one file related to each measurement and control device that is allowed to be managed by the management device, and an operation permission of the management device on each file, and the method includes: and displaying a first management interface, wherein the first management interface is displayed with one or more functional controls, and different functional controls are used for realizing different management functions. And determining the identification of a target file when the operation aiming at the first functional control in the one or more functional controls is detected, wherein the target file is a file which is required to be read from the first measurement and control device or sent to the first measurement and control device by the management device. And under the condition that the management device is determined to have the authority for managing the target file according to the first authority configuration file, managing the first measurement and control device according to the identification of the target file and the management function corresponding to the first function control.
The embodiment of the application provides a management method of a measurement and control device, which is applied to the management device, wherein the management device is respectively in communication connection with a plurality of measurement and control devices, the management device is provided with a first authority configuration file, the first authority configuration file records a first identifier of at least one file which is allowed to be managed by the management device and is related to each measurement and control device, and the operation authority of the management device on each file, so that according to the content in the first authority configuration file, the operation authorities of the management device on the files in the measurement and control devices can be clearly defined, and a user can conveniently and relatively manage target files; then, a first management interface is displayed, one or more functional controls are displayed on the first management interface, and different functional controls are used for realizing different management functions, so that man-machine interaction between a user and a management device can be realized, and the user can select a specific management function for a target file; then, when the operation aiming at a first functional control in one or more functional controls is detected, determining the identification of a target file, wherein the target file is a file which is required to be read from a first measurement and control device or is sent to the first measurement and control device by a management device, so that whether the management device has the authority for carrying out relevant management on the target file can be determined; under the condition that the management device is determined to have the authority for managing the target file according to the first authority configuration file, the first measurement and control device is managed according to the identification of the target file and the management function corresponding to the first function control, so that the technical problem of how to reduce the manual operation and maintenance cost of the measurement and control device is solved, and the efficiency of operation, maintenance and management is improved.
In one possible implementation manner of the present application, the first function control is a view function control or a backup function control, and manages the first measurement and control device according to the identifier of the target file and the management function corresponding to the first function control, including: and sending a first management instruction to the first measurement and control device through communication connection, wherein the first management instruction is used for instructing the first measurement and control device to provide the target file for the management device. And receiving the target file fed back from the first measurement and control device through the communication connection, and storing the target file.
In one possible implementation manner of the present application, the first function control is a view function control, and the corresponding target file is a file stored in the first measurement and control device and recorded with information related to the first measurement and control device, and after receiving the target file fed back from the first measurement and control device and storing the target file, the method further includes: and displaying the content related to the screening conditions in the target file on a display interface of the management device according to the screening conditions set by the user.
In one possible implementation manner of the application, the first function control is a backup function control, the management device further has a second configuration file, and the second configuration file records second identifiers of one or more first permission configuration files in the first measurement and control device and/or operation permissions associated with each second identifier. Before determining, according to the first permission configuration file, that the management device has permission to manage the target file, and managing the first measurement and control device according to the identifier of the target file and the management function corresponding to the first function control, the method provided in the embodiment of the present application further includes: and the management device determines the operation authority of the first authority configuration file associated with any second identifier, and the corresponding target file is the first authority configuration file associated with any second identifier. And if any second identifier is not included in the first authority configuration file, or if any second identifier is included in the first authority configuration file but the operation authority associated with any second identifier is not allowed to operate, the management device determines that the operation authority of the first authority configuration file associated with any second identifier is not allowed.
In one possible implementation manner of the present application, the first function control is a recovery function control or an upgrade function control, and the first measurement and control device is managed according to the identifier of the target file and the management function corresponding to the first function control, including: and sending the target file to the first measurement and control device through communication connection. And if the first function control is a recovery function control, the target file is a file to be recovered required by the first measurement and control device. The first function control is an upgrade function control, and the target file is an upgrade package of the first measurement and control device. And under the condition that the management device determines that the first measurement and control device successfully receives the target file, the management device sends a restarting instruction to the first measurement and control device, wherein the restarting instruction is used for indicating the first measurement and control device to restart.
In one possible implementation manner of the present application, the first rights configuration file is stored in an encrypted format in the management device, and the method further includes: and before updating the first authority configuration file, decrypting the first authority configuration file. Or the management device and any measurement and control device transmit files on the established communication connection through encryption. Correspondingly, the method provided by the embodiment of the application further comprises the following steps: and decrypting the received encrypted file fed back by any measurement and control device.
In one possible implementation manner of the present application, in a case that an operation for a first function control in one or more function controls is detected, the management device determines, according to a role of a user currently logged in to the management device, whether the user has authority to implement a management function corresponding to the first function control on the first measurement and control device. And under the condition that the user has the authority of implementing the management function corresponding to the first function control on the first measurement and control device, the management device executes the action of determining the identification of the target file.
In one possible implementation manner of the present application, each measurement and control device of the plurality of measurement and control devices carries a unique code corresponding to each measurement and control device, where the unique code is an identifier of each measurement and control device, before the step 310, the method provided by the embodiment of the present application further includes: the management device determines the first measurement and control device from the plurality of measurement and control devices according to the unique code corresponding to the first measurement and control device, and determines the communication connection established between the management device and the first measurement and control device.
In one possible implementation manner of the present application, the method provided by the embodiment of the present application further includes: before displaying the first management interface, the method further comprises: and if the first operation is detected, judging whether the management equipment has the authority to access the first management page, and correspondingly, if the management equipment has the authority to access the first management page, responding to the first operation by the management equipment, and displaying a first management interface by the management equipment. And under the condition that the management equipment does not have the authority to access the first management page, outputting prompt information to prompt that the currently logged-in user has no operation authority.
In a second aspect, an embodiment of the present application provides a management device of a measurement and control device, where the management device of the measurement and control device may implement a method in the first aspect or any possible implementation manner of the first aspect, and therefore may also implement beneficial effects in the first aspect or any possible implementation manner of the first aspect. The management device of the measurement and control device may be a management device, or may support a device for implementing the method in the first aspect or any possible implementation manner of the first aspect, for example, a chip or a control circuit applied in the management device. The management device of the measurement and control device can realize the method through software, hardware or corresponding software executed through hardware.
As an example, an embodiment of the present application provides a management device of a measurement and control device, where the management device of the measurement and control device is a management device or a chip applied in the management device, and the management device of the measurement and control device includes: the system comprises a display unit, a determining unit and a management unit, wherein the display unit is used for displaying a first management interface, the first management interface is displayed with one or more functional controls, and different functional controls are used for realizing different management functions. The determining unit is used for determining the identification of the target file when the operation of the first functional control in the one or more functional controls is detected, wherein the target file is a file which the management device needs to read from or send to the first measurement and control device. And the management unit is used for managing the first measurement and control device according to the identification of the target file and the management function corresponding to the first function control under the condition that the management device is determined to have the authority for managing the target file according to the first authority configuration file.
In one possible implementation manner of the present application, the management device of the measurement and control device further includes: the transmission unit is used for sending a first management instruction to the first measurement and control device through communication connection, the first management instruction is used for instructing the first measurement and control device to provide a target file for the management device, receiving the target file fed back from the first measurement and control device through communication connection, and storing the target file.
In one possible implementation manner of the present application, the display unit is further configured to display, on a display interface of the management device, content related to the filtering condition in the target file according to the filtering condition set by the user.
In a possible implementation manner of the present application, the determining unit is further configured to determine whether the management device has an operation right to the first right configuration file associated with any of the second identifiers.
In one possible implementation manner of the present application, the management device of the measurement and control device further includes: the encryption and decryption unit is used for decrypting the encrypted file fed back by any one of the received measurement and control devices.
In a third aspect, embodiments of the present application provide a computer readable storage medium having stored therein a computer program or instructions which, when run on a computer, cause the computer to perform a method of management of a measurement and control device as described in any one of the possible implementations of the first aspect to the first aspect.
In a fourth aspect, embodiments of the present application provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform a method of management of a measurement and control device as described in the first aspect or in various possible implementations of the first aspect.
In a fifth aspect, embodiments of the present application provide a chip comprising a processor and a communication interface, the communication interface and the processor being coupled, the processor being configured to execute a computer program or instructions to implement a method of management of a measurement and control device as described in the first aspect or in various possible implementations of the first aspect. The communication interface is used for communicating with other modules outside the chip.
In a sixth aspect, embodiments of the present application provide a management system for a measurement and control device, where the management system includes a management device and one or more measurement and control devices, where the management device is connected to the one or more measurement and control devices in a communication manner, and the management device is configured to perform a method for managing a measurement and control device as described in the first aspect or various possible implementations of the first aspect.
Drawings
FIG. 1 is a maintenance management system of a measurement and control device according to an embodiment of the present application;
Fig. 2 is a schematic structural diagram of a management device according to an embodiment of the present application;
FIG. 3 is a schematic flow chart of a method for managing a measurement and control device according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a management interface of a management device according to an embodiment of the present application;
FIG. 5 is a schematic flow chart of a backup file from a first measurement and control device by a management device according to an embodiment of the present application;
fig. 6 is a schematic flow chart of a management device according to an embodiment of the present application to recover a deleted system file in a first measurement and control device;
fig. 7 is a schematic flow chart of a management device viewing log files in a first measurement and control device according to an embodiment of the present application;
FIG. 8 is a schematic flow chart of an upgrade of an application program in a first measurement and control device by a management device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a management device of a measurement and control device according to an embodiment of the present application.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
In order to illustrate the technical solution of the present application, the following description is made by specific examples.
Before describing the embodiments of the present application, the following definitions are first applied to the relevant terms referred to in the present application:
(1) Intelligent electronic device capability description file (IED Capability Description, ICD): the basic data model and services provided by the IED are described and provided by the device manufacturer to the system integration manufacturer, but do not include a file of IED instance names and communication parameters.
(2) Process layer configuration (Configured Circuit Description, CCD) file: the virtual file comprises virtual files which automatically complete basic functions of information acquisition, measurement, control, protection, metering, detection and the like, and has information supporting real-time automatic control, intelligent regulation and online analysis decision-making of a power grid.
(3) Power dispatching data network (Electric Power Dispatching Data Network): the data transmission service realizes interconnection among dispatching centers at all levels and among the dispatching centers, related power plants and substations through a virtual special network, and realizes data transmission service with public power information, relay protection management information systems and the like in the system by utilizing a routing switching device to network on a special channel.
(4) Transport layer security (Transport Layer Security, TLS) protocol: a security protocol is established on a transmission layer, serves an application layer, and achieves the function of encrypting and then transmitting data of the application layer, so that confidentiality and integrity of the data are guaranteed.
(5) A widely used cryptographic hash function, the fifth generation Message-Digest Algorithm (MD 5), may generate a 128 bit (16 byte) hash value (hash value) to ensure that the information transfer is completely consistent.
In the automatic application of the power system, the measurement and control device is used as front-end secondary equipment for realizing the functions of measurement and control. Typically, a site will be configured with multiple measurement and control devices. According to the cluster measurement and control scheme, a plurality of measurement and control devices can be formed into a cluster, so that the number of devices is reduced. However, the cluster measurement and control scheme needs to rely on-site manual operation during daily operation and maintenance of the measurement and control device, and mainly has the following problems: first, the measurement and control device stores a large number of files, such as communication configuration files (e.g., ICD files, CCD files), five-prevention configuration files, key system files, parameter files, application files, and the like. In the prior art, because manual field operation is needed when files in the measurement and control device are restored and upgraded, remote maintenance and management of each file cannot be achieved. For example, when a target application program file in the measurement and control device needs to be updated, a user needs to go to the site to update the measurement and control device, so that the maintenance of the measurement and control device is inconvenient, and the manual operation and maintenance cost is high.
Secondly, because the information obtained by the 61850 client based on ICD modeling in the prior art is mainly line working condition information, the information reflecting the self condition of the measurement and control device, such as alarm information, log files and the like, cannot be obtained, so that inconvenience is brought to the daily operation and maintenance of the measurement and control device.
According to the scheme provided by the application, through the communication connection between the management device and the measurement and control device, remote related management, such as upgrading and recovering, can be performed on the measurement and control device according to the configured first authority configuration file, so that the technical problem of how to reduce the manual operation and maintenance cost of the measurement and control device is solved, and the efficiency of operation, maintenance and management is improved.
In order to illustrate the technical solutions described in the present application, the following description is made by specific examples.
As shown in fig. 1, fig. 1 is a schematic diagram of a maintenance management system of a measurement and control device according to an embodiment of the present application, where the system includes: a management device 100 and one or more measurement and control devices 200.
The management device 100 has a communication connection with one or more measurement and control devices 200, so that the management device 100 may send a management operation instruction (such as an upgrade operation instruction, a backup operation instruction, or a restart operation instruction) to any one of the measurement and control devices 200 through the communication connection. Of course, any of the measurement and control device 200 and the management device 100 may also transmit files to each other based on the communication connection, for example, the measurement and control device 200 may send the management device 100 files such as operation records, device status alarm information, and private log records of the measurement and control device 200 through the communication connection.
For example, the management device 100 and the one or more measurement and control devices 200 may establish a remote wireless communication connection in a power dispatch data network. Of course, the management device 100 may also have a wired communication connection with one or more measurement and control devices. The present application describes the establishment of a remote wireless communication connection between the management device 100 and each measurement and control device 200.
In order to further secure the data transmitted by both parties, the wireless communication connection established between the management device 100 and any measurement and control device 200 may be an encrypted communication connection. In this way, the management device 100 and any measurement and control device 200 transmit data (such as a target file described below) transmitted on an encrypted communication connection in an encrypted manner, thereby improving the security of data transmission.
For example, an encrypted communication connection may be established between the management device 100 and any measurement and control device 200 through TLS protocol. The wireless communication connection established between the management device 100 and the measurement and control device 200 through the TLS protocol may refer to the prior art, and the embodiments of the present application will not be described herein.
For example, in the case where the management device 100 establishes remote wireless communication with any measurement and control device, a user may remotely manage a communication configuration file (ICD, CCD), a five-prevention configuration file, a key system file, a parameter file, etc. in any measurement and control device 200 by means of the management device 100, so as to implement management functions such as backup, restore, check, upgrade, etc. on the measurement and control device.
As an example, the management device 100 may be an electronic device, such as a computer, a mobile phone, or the like. Of course, the management device 100 may be management software that is installed in the electronic device and is capable of managing the measurement and control device.
Optionally, the one or more measurement and control devices 200 may form a cluster measurement and control device (such as a server) according to a cluster measurement and control scheme. Through the cluster measurement and control devices, the management device 100 can establish communication connection with one or more measurement and control devices 200, and can remotely manage any one measurement and control device 200.
For example: one or more measurement and control devices 200 may be deployed at the same site, or may be deployed at different sites, and multiple measurement and control devices 200 in the same site may form a cluster measurement and control device.
As an example, the system as shown in fig. 1 may further include: and an application server. One or more user accounts, user passwords corresponding to the user accounts and user roles corresponding to the user accounts are stored in the application server. Wherein, different user roles correspond to different operation authorities.
As shown in fig. 2, fig. 2 shows a schematic structural diagram of a management device 100 according to an embodiment of the present application, where the management device 100 includes: the system comprises a display module, an identity verification module, an encryption and decryption module, a storage module, an information reading module and a communication module.
The display module is used for managing a display management interface of man-machine interaction between the device and a user, or can provide a display interface for viewing file contents, such as the contents of log files, for the user.
The identity verification module is used for verifying the identity roles of the users. Illustratively, the identity verification module divides the operational rights of different identity roles based on security considerations. For example, three different identity roles (administrator, auditor and operator) may be set, where the different identity roles have different operation rights, and typically the administrator has the largest operation rights. For example, an administrator has the right to set the operation authority of the management device to the target file in the measurement and control device, and limits the operation authority of other identity roles. It should be explained that each time a user needs to check the identity role of the user by the management device before logging into the management device. After the user logs in the management device, when the user selects any one of the functional controls on the first display interface of the management device, the identity verification module needs to verify whether the identity role has the operation authority corresponding to the functional control again, so that the unauthorized action is prevented.
The communication module can support the management device to establish communication connection with a plurality of measurement and control devices simultaneously. The communication connection may be a wireless communication connection or a wired communication connection. The communication module can also determine the first measurement and control device from the plurality of measurement and control devices according to the identity corresponding to the measurement and control device, and determine the communication connection established between the management device and the first measurement and control device. Each measurement and control device is illustratively provided with a corresponding unique code. The management device determines the first measurement and control device from the plurality of measurement and control devices according to the unique code corresponding to the first measurement and control device.
The encryption and decryption module is used for encrypting and decrypting files (such as log files, configuration files and the like) transmitted by the management device and any measurement and control device on the established communication connection, and the principle of encryption and decryption can adopt MD5. The file to be backed up, which is sent by the measurement and control device to the management device, is illustratively transmitted to the management device in an encrypted format. And the management device decrypts the encrypted file to be backed up when receiving the file to be backed up so as to obtain the file to be backed up. Therefore, the files can be prevented from being intercepted and cracked in the transmission process, so that the safety of data transmission is ensured.
The storage module is used for storing the target file acquired by the client from the measurement and control device, and also used for storing the first authority configuration file and the second configuration file, and simultaneously storing the file content analyzed by the information reading module when the user needs to view the log file.
Of course, as a possible implementation manner, the storage modules include a first storage module, a second storage module, and a third storage module. The first storage module is used for storing files acquired from any measurement and control device; the second storage module is used for storing the first permission configuration file and/or the second configuration file; the third storage module is used for storing the file data obtained by the information reading module, for example, according to the screening conditions set by the user, the related content of the log file which is required to be checked by the user is obtained by the information reading module. It is understood that the third storage module may be a temporary database for temporarily storing the file data obtained by the information reading module.
And the information reading module is used for reading, analyzing and summarizing the decrypted file information, acquiring the content related to the screening condition from the file (such as a log file) reflecting the condition information of the measurement and control device and the like according to the screening condition of the user, and analyzing the file into a format which can be read by the user. The target files (such as field alarm records, audit logs, field configuration parameters and the like) collected by the client end need to be decrypted first, and then the corresponding file contents are analyzed in a specific format through the information reading module. It should be explained that, after the target file collected by the client is decrypted, the content of the target file is a section of digital message (for example, binary format), and it is very inconvenient to directly read and analyze the actual meaning represented by the target file, so that the content of the digital message in the target file is analyzed into a format which can be read by a user through the information reading module.
As an example, as shown in fig. 2, the management device displays a first management interface by using a display module, determines, by taking an operation of checking a function control as an example, an identification of a log file to be checked when detecting an operation of a user on a first function control in one or more function controls, and determines whether the management device has a right to check the log file according to a first right configuration file in a second storage module in the storage module. In addition, the management device determines whether the management device logged in by the user has the backup operation authority through the identity verification module. And under the condition of having the operation authority, the management device sends a checking instruction to a first measurement and control device in one or more measurement and control devices through the communication module, and receives the log file fed back from the first measurement and control device. The management device decrypts the fed-back log file through the encryption and decryption module and stores the log file in a first storage module of the storage module. The management device can screen the content related to the screening condition set by the user from the target file according to the screening condition set by the user through the information reading module and store the content in the third storage module of the storage module. The management device may display content related to the screening condition on a display interface of the management device using the display module.
In the embodiment of the present application, the specific structure of the execution body of the management method of the measurement and control device is not particularly limited, as long as communication can be performed with the management method of the measurement and control device according to the embodiment of the present application by running a program in which the code of the management method of the measurement and control device of the embodiment of the present application is recorded. For example, the execution body of the management method of the measurement and control device provided in the embodiment of the present application may be a functional module in the management device that can call a program and execute the program, or may be an operation maintenance management device, such as a chip, applied to the management device. This application is not limited thereto.
The following embodiments describe an execution subject of a management method of a measurement and control device as a management device and a first measurement and control device of a plurality of measurement and control devices as an example.
As shown in fig. 3, fig. 3 is a schematic diagram showing a management method of a measurement and control device according to an embodiment of the present application, where the method is applied to a management device, and the management device is connected to one or more measurement and control devices by communication, and includes the following steps:
step 310, the management device displays a first management interface.
One or more functional controls are displayed on the first management interface, and different functional controls are used for realizing different management functions. It should be explained that the first management interface is an interface on management software displayed by the management device using the display module.
The function control can be a backup function control, a restore function control, a view function control, an upgrade function control and the like. The user selects the functional control with the target management function, and can perform corresponding management on the selected first measurement and control device. For example, as shown in (b) of fig. 4, after the user selects to manage the measurement and control apparatus 1, the management apparatus displays a first management interface, and the functional controls displayed on the first management interface include: backup operation, restore operation, view operation, and upgrade operation.
Step 320, the management device determines the identification of the target file when detecting the operation for the first function control in the one or more function controls.
The target file is a file which the management device needs to read from the first measurement and control device or send to the first measurement and control device.
It can be understood that, in the case that the first function control corresponding to the target file selected by the user is the backup function control or the view function control, the management device needs to read the target file from the first measurement and control device, that is, the target file is stored in the first measurement and control device. Correspondingly, when the first function control corresponding to the target file selected by the user is the recovery function control or the upgrade function control, the management device needs to send the target file to the first measurement and control device, that is, the target file is stored in the management device.
By way of example, the target file may be an important system file, a configuration file, an alarm record, an operation log, an audit log, a parameter file, and the like. For example, the management device performs a checking operation on the log file (such as an operation log, an audit log, an alarm record, etc.), performs a backup operation on the configuration file, performs a recovery operation on the important system file, etc.
As an example, a schematic diagram of a management interface of the management apparatus shown in fig. 4: fig. 4 (a) shows a process of selecting a first measurement and control device (for example, measurement and control device 1) from a plurality of measurement and control devices (measurement and control devices 1 to 8) provided for a user on a management interface and displayed by a management device. In the case where the user selects the measurement and control device 1 as the first measurement and control device, the management device displays a first management interface, as shown in (b) of fig. 4, on which the functional controls are displayed: backup operation, restore operation, view operation, and upgrade operation. For example, the user may select a function control of the viewing operation as the first function control. As shown in fig. 4 (c), when the user selects the functional control for viewing operation as the first functional control, a plurality of files (for example, files a to D on the first page of the management interface) are displayed on the management interface displayed by the management device, and the user selects a target file (for example, file a) on the measurement and control device 1 according to the actual needs, so as to perform corresponding viewing management.
Step 330, the management device manages the first measurement and control device according to the identifier of the target file and the management function corresponding to the first function control when the management device determines that the management device has the authority to manage the target file according to the first authority configuration file.
The management device is provided with a first authority configuration file, wherein the first authority configuration file records a first identification of at least one file which is allowed to be managed by the management device and is related to each measurement and control device, and/or the operation authority of the management device on each file. Wherein the first identification may be the name of the file. Of course, the file identifier may also be used by the management device to determine the storage location of the target file, where the storage location contains the name of the file. Illustratively, the storage location of the target file a may include the file name and the storage path of the target file a. For example, the file name of the target file a is: the path of the target file A in the first measurement and control device is formed by format_set.xml: /D/MEAS/format_set.
It can be understood that the management device may have different operation rights to different files in each measurement and control device, for example, the management device has a viewing right and an upgrading right to the file a in the measurement and control device 1, and has a backup right and a restoration right to the file C in the measurement and control device 2. The management device determines whether the target file has the operation authority corresponding to the first function control or not according to at least one first identifier stored in the first authority configuration file by determining the identifier of the target file. As an example, the content of the first rights profile as shown in table 1:
Table 1 content of first type of first rights configuration file
Figure BDA0004123601430000101
For example, the user selects the viewing authority as the first function control on the first management interface of the management device, and selects the file a in the measurement and control device 1 as the target file. The management device determines a first identifier a of the file A according to the content of the first authority configuration file so as to determine that the management device has the viewing authority for managing the file A. The management device can thus view the file a in the measurement and control device 1.
As an example, in the case that the first functional control is a backup control, after detecting an operation for the first functional control in one or more functional controls, a display interface corresponding to the backup control is displayed, where the display interface displays identifiers of files in the second configuration file in the first measurement and control device, then detecting an operation for selecting a target identifier on the display interface by a user, and taking a file corresponding to the operation for selecting the target identifier as an identifier of the target file.
As an example, in the case that the first function control is a recovery control, after detecting an operation for the first function control in the one or more function controls, a display interface corresponding to the recovery control is displayed, and identifiers of one or more files in the management device are displayed on the display interface.
As an example, in the case that the first function control is a view control, after detecting an operation for the first function control in the one or more function controls, a display interface corresponding to the view control is displayed, an identifier of one or more files in the first measurement and control device is displayed on the display interface, then, when detecting that a file corresponding to an operation for selecting a target identifier from the identifiers of one or more files on the display interface is used as an identifier of the target file, a file corresponding to the operation for selecting the target identifier is used as an identifier of the target file.
As an example, in the case that the first functional control is an upgrade control, after detecting an operation for the first functional control in the one or more functional controls, a display interface corresponding to the upgrade control is displayed, and the display interface is displayed with identifiers of one or more files to be checked, which are acquired from the first measurement and control device by the management device, then, when detecting that a file corresponding to an operation for selecting a target identifier from the identifiers of one or more files to be checked on the display interface by a user is used as an identifier of the target file, a file corresponding to the operation for selecting the target identifier is used as an identifier of the target file.
The embodiment of the application provides a management method of a measurement and control device, which is applied to the management device, wherein the management device is respectively in communication connection with a plurality of measurement and control devices, the management device is provided with a first authority configuration file, the first authority configuration file records a first identifier of at least one file which is allowed to be managed by the management device and is related to each measurement and control device, and the operation authority of the management device on each file, so that according to the content in the first authority configuration file, the operation authorities of the management device on the files in the measurement and control devices can be clearly defined, and a user can conveniently and relatively manage target files; then, a first management interface is displayed, one or more functional controls are displayed on the first management interface, and different functional controls are used for realizing different management functions, so that man-machine interaction between a user and a management device can be realized, and the user can select a specific management function for a target file; then, when the operation aiming at a first functional control in one or more functional controls is detected, determining the identification of a target file, wherein the target file is a file which is required to be read from a first measurement and control device or is sent to the first measurement and control device by a management device, so that whether the management device has the authority for carrying out relevant management on the target file can be determined; under the condition that the management device is determined to have the authority for managing the target file according to the first authority configuration file, the first measurement and control device is managed according to the identification of the target file and the management function corresponding to the first function control, so that the technical problem of how to reduce the manual operation and maintenance cost of the measurement and control device is solved, and the efficiency of operation, maintenance and management is improved.
In one possible embodiment of the present application, the first function control is a view function control or a backup function control, and the step 330 includes the following steps:
the management device sends a first management instruction to a first measurement and control device in the one or more measurement and control devices through communication connection. The management device receives the target file fed back from the first measurement and control device and stores the target file.
The first management instruction is used for instructing the first measurement and control device to provide the target file for the management device. The first management instruction may also include first management information, where the first management information is used to instruct the first measurement and control device to provide the target file to the management device.
It can be appreciated that, in the case that the first function control is a view function control or a backup function control, the management device needs to obtain the target file from the first measurement and control device.
In one possible embodiment of the present application, the first function control is a view function control, and the corresponding target file is a file stored in the first measurement and control device and recorded with information related to the first measurement and control device, and after the management device receives the target file fed back from the first measurement and control device and stores the target file, the method provided in the embodiment of the present application further includes: the management device displays the content related to the screening condition in the target file on a display interface of the management device according to the screening condition set by the user.
It is understood that, in general, the file recorded with the information related to the first measurement and control device is a log file stored in the first measurement and control device, such as an operation log, an audit log, and the like.
The screening condition is used for the management device to display the content size of the target file for the user. It can be appreciated that the user can view the entire content of the target file or can view a portion of the content of the target file according to the filtering conditions. For example, the object file includes: the processor model of the first measurement and control device, the communication type, the type and the numerical value of the measured value, the time of log record and the like. In the case that the user only needs to check the type and the value of the measured value of the target file, the user can set and screen out the content of the type and the value of the measured value of the target file, and then the content of the type and the value of the measured value in the target file is displayed on the display interface of the management device, and other contents in the target file are not displayed.
Because the management device needs to perform batch backup on the plurality of target files when the first functional control is the backup functional control and the number of target files corresponding to the backup operation is multiple, in one possible embodiment of the present application, the first functional control is the backup functional control, the management device further has a second configuration file, and the second configuration file records the second identifier of one or more first permission configuration files and/or the operation permission associated with each second identifier in the first measurement and control device, and before step 330, the embodiment of the present application further includes the following two cases:
In case 1, any second identifier in the second configuration file is included in the first permission configuration file, or any second identifier in the second configuration file is included in the first permission configuration file, and the operation permission associated with any second identifier is allowed operation, the management device determines that the management device has the operation permission to the first permission configuration file associated with any second identifier.
Correspondingly, the target file is the first authority configuration file associated with any second identifier.
It is understood that the second identifier may include: the name of the file associated with the second identifier, and the storage path of the file in the measurement and control device. For example, taking the second identifier as a file name, the file name may be format_set. The file storage path of the file associated with the second identifier is: /D/MEAS/format_set.
It is understood that the management device may determine which file needs to be backed up from the measurement and control device according to each second identifier recorded in the second configuration file. And according to the second identifiers recorded in the second configuration files, the management device sequentially judges whether each second identifier contains the second identifier in the first permission configuration file, so as to determine whether the management device has backup permission for the file associated with the second identifier.
It will be appreciated that in the event that the management device satisfies any of the above conditions, the management device may determine whether or not there is a backup authority for the file.
Wherein, condition 1 is: any second identifier in the second configuration file is included in the first authority configuration file. Condition 2 is: any second identifier in the second configuration file is included in the first authority configuration file, and the operation authority associated with any second identifier is allowed operation.
As an example, as shown in table 2, the content of the second first permission configuration file, where the first permission configuration file in condition 1 includes four types of operation permissions, such as a backup permission, a restore permission, a view permission, and an upgrade permission, where each operation permission stores a file identifier that allows the management device to perform the corresponding operation permission.
The contents of the second first rights configuration file shown in Table 2
Backup rights Restoring rights Viewing rights Upgrade authority
Sign a Sign a Sign a Sign a
Sign c Sign c Sign b Sign d
Sign d Sign d Sign c
Sign d
For example, in case that the user needs to backup the file associated with the identifier a, the management device finds the identifier a in the backup rights of the first rights configuration file, thereby determining that the management device determines to have the backup rights to the file associated with the identifier a. In the case where the user needs to back up the file having the identifier b associated therewith, the management device does not find the identifier b in the backup authority of the first authority configuration file, thereby determining that the management device determines that the file having the identifier b associated therewith does not have the backup authority.
As an example, the content of the first type of first rights configuration file shown in table 1, the first rights configuration file storing therein an identification of each file, and the operation rights of the management device to each file.
For example, in the case that the user needs to backup the file associated with the identifier a, the management device finds the identifier a (i.e. the first identifier a) in the backup rights of the first rights configuration file, and determines that the operation rights of the identifier a include the backup rights, so that the management device determines that the management device has the backup rights on the file associated with the identifier a. In the case that the user needs to backup the file associated with the identifier b, the management device finds the identifier b (i.e. the second identifier a) in the backup authority of the first authority configuration file, but the operation authority of the identifier a does not include the backup authority, so that the management device determines that the file associated with the identifier a does not have the backup authority.
In case 2, any second identifier is not included in the first permission configuration file, or any second identifier is included in the first permission configuration file, but the operation permission associated with any second identifier is not allowed to operate, the management device determines that the operation permission of the first permission configuration file associated with any second identifier is not allowed.
The manner of how the management device determines that the backup authority of the file to be backed up is not available can refer to the above embodiment, and will not be described herein.
In one possible embodiment of the present application, the first function control is a resume function control or an upgrade function control, and step 330 includes the following steps: the management device sends the target file to the first measurement and control device through communication connection. And under the condition that the management device determines that the first measurement and control device successfully receives the target file, the management device sends a restarting instruction to the first measurement and control device.
The restart instruction may be configured to instruct the first measurement and control device to restart. The restart instruction may also carry indication information, where the indication information is used to instruct the first measurement and control device to restart.
And if the first functional control is a recovery functional control, the target file is a file to be recovered required by the first measurement and control device. If the first function control is an upgrade function control, the target file is an upgrade package of the first measurement and control device correspondingly.
Optionally, the manner in which the management device determines that the first measurement and control device successfully receives the target file may be to receive feedback information from the first measurement and control device, where the feedback information is used to indicate that the first measurement and control device has received the target file. Of course, the management device may also determine that the first measurement and control device stores the target file in the first measurement and control device when the second preset time period elapses from the time of sending the target file. The second preset duration may be a default value set by the management device, or may be a manually set value, which is not limited in this embodiment of the present application.
In one possible embodiment of the present application, the first rights configuration file is stored in an encrypted format in the management device, and the method provided in the embodiment of the present application further includes: and before the management device updates the first authority configuration file, decrypting the first authority configuration file. Or the management device and any measurement and control device transmit files on the established communication connection through encryption; correspondingly, the method provided by the embodiment of the application further comprises the following steps: the management device decrypts the encrypted file fed back by any one of the received measurement and control devices.
It can be understood that the management device may perform encryption and decryption operations on the files transmitted on the established communication connection according to the MD5 principle, and according to the TLS protocol, the management device may send the encrypted files (such as files to be restored or upgrade packages) to the first measurement and control device, or may obtain the encrypted files (such as log files or files to be backed up) from the first measurement and control device. For a method how the management device encrypts and decrypts the file according to the MD5 principle and how the encrypted file is transmitted according to the TLS protocol, reference may be made to the prior art, and a detailed description thereof will be omitted herein.
In one possible embodiment of the present application, the management device determines, when detecting an operation for a first function control of the one or more function controls, whether the user has authority to implement a management function corresponding to the first function control on the first measurement and control device according to a role of the user currently logged in to the management device. And the management device executes the action of determining the identification of the target file under the condition that the user has the authority of implementing the management function corresponding to the first function control on the first measurement and control device.
It can be understood that, because the login management device may be different users, each user has a login account and a login password, and each user has an identity role, each identity role has an operation authority, and the operation authorities corresponding to the different identity roles are different. Optionally, specific authorities of the same type of roles also have differences, so that in order to determine a management range of the measurement and control device, which each user can select on the management device, as a possible implementation manner, based on rights segmentation, a login account number and a login password, at least one identity role, and a management range of the measurement and control device corresponding to the identity role can be allocated to each user.
As an example, the management device may have at least one identity role stored therein, such as three identity roles: administrators, auditors, and operators. The operation authorities corresponding to different identity roles in the management device are different.
For example, for an administrator, the administrator is authorized to set the operation authority of the management device to any file in the measurement and control device, and the operation authority of other role identities can be modified; for an auditor, the auditor can acquire and check an audit log of the measurement and control device, but the auditor does not have modification permission on any file in the measurement and control device; for an operator, the operator can acquire and check any log file in the measurement and control device, or log files except for audit logs, and can also recover the deleted important system files in the measurement and control device, or can upgrade the application programs in the measurement and control device. Of course, the operation authority of each identity role can be adjusted according to the actual application scene. This can improve the security of the management device.
As a possible implementation manner, each measurement and control device in the plurality of measurement and control devices carries a unique code corresponding to each measurement and control device, where the unique code is an identifier of each measurement and control device, before the step 310, the method provided in the embodiment of the present application further includes: the management device determines the first measurement and control device from the plurality of measurement and control devices according to the unique code corresponding to the first measurement and control device, and determines the communication connection established between the management device and the first measurement and control device.
As shown in fig. 5, fig. 5 illustrates a process of backing up files from the first measurement and control device by the management device, which is a specific implementation step of a method for running, maintaining and managing according to an embodiment of the present application:
in step 501, the management device configures WLST files to obtain a first WLST file, and configures Backups file.
The first WLST file includes an identifier of one or more files, where the one or more files are files stored in the measurement and control device and allowed to be backed up by the management device. Alternatively, the first WLST file includes an identification of one or more files, and the management device's rights to backup each file (e.g., allowing or not allowing backup).
The backup file is used for recording one or more second identifiers (such as names) and file storage paths of files associated with the second identifiers in the measurement and control device to which the second identifiers belong, for example: taking the second identifier as an example of a file name, the file name may be format_set. The file storage path of the file associated with the second identifier is: /D/MEAS/format_set.
It will be appreciated that the management device may determine which file needs to be backed up from the metering device based on the respective second identifiers recorded in the backup file.
It should be explained that the backup file may be the second file in the above embodiment. The first WLST file may be contained in the first authority configuration file in the above-described embodiment.
It will be appreciated that step 501 described above is an optional step.
Step 502, the management device establishes communication connection with the first measurement and control device.
The specific implementation of step 502 may refer to the description in the above embodiment, and will not be repeated here.
The execution sequence of the step 501 and the step 502 is not separate, that is, the management device may first establish a communication connection, and then configure the first WLST file and the backup file.
Step 503, the management device displays a first display interface corresponding to the backup function control. The first display interface comprises controls which are backed up one by one and controls which are backed up in batches. Fig. 4 (c) is a first display interface presented by the user after selecting the control of the measurement and control apparatus 1 and the control of the backup operation.
In step 5041, in the case that the batch backup control is triggered, the management device detects, according to one or more second identifiers recorded by the backup file, whether the first WLST file has authority to backup the file associated with the one or more second identifiers.
For example, if the management device detects that the first WLST file has the second identifier recorded therein, the management device indicates that the management device has the authority to backup the file associated with the second identifier, or the first WLST file has the second identifier recorded therein, and the operation authority associated with the second identifier in the first WLST file is the authority to allow backup, and indicates that the management device has the authority to backup the file associated with the second identifier.
Step 5042, if the management device does not have the authority to backup the file associated with any second identifier, the management device executes step 5041 to record the next second identifier according to the backup file. The management device then determines whether it has backup rights to the file associated with the next second identifier.
In step 5043, if the management device has authority to backup the file associated with any second identifier (for example, the target second identifier), the management device sends a backup instruction to the first measurement and control device through the established communication connection.
The backup instruction comprises a target second identifier and/or a storage path associated with the target second identifier.
In step 5044, the first measurement and control device determines, when receiving the backup instruction, the target file identified by the target second identifier according to the target second identifier sent by the management device, and performs encryption encoding on the target file.
Optionally, the first measurement and control device may further add a first electronic signature to the encrypted target file.
Illustratively, the first electronic signature is used to determine the provider of the target file, and/or whether the target file is modified.
The electronic signature is an electronic code, and through the electronic tag, a receiving end (for example, a management device for receiving the first electronic signature) can determine a sending end (for example, a first measurement and control device for adding the first electronic signature) and is subsequently used for checking whether a file with the first electronic signature is modified or not so as to ensure the security of data in the encrypted target file.
In step 5045, the first measurement and control device transmits the encrypted target file to the management device according to the TLS protocol through the established communication connection.
Optionally, after step 5045, the first measurement and control device may also record a backup log. The backup log is used for indicating that the file to be backed up is sent to the management device. Optionally, after the file to be backed up is sent to the management device, the first measurement and control device may record the backup log after receiving the response of the management device indicating successful reception.
Step 5046, after receiving the encrypted target file, the management device decrypts the encrypted target file, and stores the decrypted target file in the management device.
It should be explained that the above-mentioned step of backing up one target file of the plurality of target files in the case of batch backup is performed by the management apparatus. The management device may repeat the above steps 5041 to 5046 to implement the batch backup.
Of course, in the case where the user selects the batch backup, the management apparatus may send a notification of successful backup to the user after the execution of steps 503 to 5046. In the case where the user needs to backup the next file, the user reselects the file to be backed up in the second display interface (as in (d) of fig. 4). It will be appreciated that in the case where the identification of the backed up file does not satisfy the first condition or the second condition in the first WLST file, the user needs to reselect the file to be backed up in the second display interface.
Alternatively, whether the user selects one-key backup or one-by-one backup, the management device may display the backup progress and the backup remaining time information on the display interface during the process of performing the backup operation by the management device.
Optionally, under the condition that the management device completes the batch backup, the management device may further display a prompt message of successful backup on the display interface.
As shown in fig. 6, fig. 6 illustrates a process of restoring a deleted system file in a first measurement and control device by a management device, which is a specific implementation step of a method for running, maintaining and managing according to an embodiment of the present application:
step 601, the management device configures the WLST file to obtain a second WLST file.
Wherein the second WLST file is used for recording identification information of one or more files stored in the management device, storage paths of the files in the management device, and restoration authority (such as allowing restoration or not allowing restoration) of each file by the management device. It is understood that the one or more files are files that may be backed up from the metering device in advance for the management device, such as system files of the metering device.
It should be explained that the second WLST file may be included in the first authority configuration file in the above embodiment.
It is understood that step 601 is an optional step.
Step 602, step 502, is not described herein.
In step 603, the management device displays a file restoration interface, where the file restoration interface displays one or more identifiers of files to be restored.
In step 604, if the management device detects that the user performs the operation of selecting the first file to be restored from the one or more files to be restored, the management device detects whether the identifier of the first file to be restored satisfies the first condition or the second condition in the second WLST file. The first condition is that the identification of the first file to be restored is recorded in the second WLST file; the second condition is that the management device has the restoration authority for the first file to be restored under the condition that the identification of the first file to be restored is recorded in the second WLST file.
In step 6051, if the identification of the first file to be restored does not satisfy the first condition and the second condition, the management device prompts the user that the restoration fails, and jumps to step 604.
In step 6052, the management device performs encryption encoding on the first file to be restored to obtain the file to be transmitted when the identifier of the first file to be restored meets the first condition or the second condition.
Optionally, the management device may further add a second electronic signature to the encrypted first file to be restored, so as to obtain a file to be transmitted. Wherein the second electronic signature is added by the management device.
Step 606, the management device sends the file to be transmitted to the first measurement and control device through the established communication connection.
In step 607, the first measurement and control device verifies the second electronic signature of the file to be transmitted when receiving the file to be transmitted.
It should be explained that, for conventional configuration files such as communication configuration files, the first measurement and control device may not perform verification of the electronic signature, so as to ensure that the configuration files modified due to actual needs can be recovered normally.
In step 6081, the first measurement and control device sends the verification failure information to the management device when the second electronic signature fails.
Optionally, after step 6081, the first measurement and control device may further record a first recovery log. The first recovery log is used for indicating that the first measurement and control device cannot receive the file to be transmitted.
It should be explained that the reason for the failure of the second electronic signature verification may be that the file to be transmitted is not an original system file backed up in advance from the first measurement and control device, or that the management device may also modify the system file after backing up the system file.
It should be explained that, based on the security consideration, the first measurement and control device may actively ignore other transmission packets of the file to be transmitted when receiving the first transmission packet of the file to be transmitted and checking the second electronic tag fails.
In step 6082, under the condition that the electronic signature verification is successful, the first measurement and control device decrypts the file to be transmitted to obtain the first file to be recovered, and stores the first file to be recovered in the first measurement and control device.
Optionally, the method provided by the embodiment of the present application may further include step 609 and/or step 610 after step 6082:
step 609, the first measurement and control device sends feedback information of successful recovery to the management device.
Optionally, after step 609, the first measurement and control device may further record a second recovery log, where the second recovery log is used to indicate that the first file to be recovered is already stored in the first measurement and control device.
Step 610, the management device sends a restart instruction to the first measurement and control device, where the restart instruction is used to restart the first measurement and control device.
Optionally, the management device executes step 610 if it is determined that the first measurement and control device successfully receives the file to be transmitted and the first file to be restored is already stored. For example, the management device determines that the first measurement and control device successfully receives the file to be transmitted and stores the first file to be restored in step 609. Or the management device determines that the first measurement and control device successfully receives the file to be transmitted and stores the first file to be restored after a first preset time period passes from the moment of transmitting the file to be transmitted. The first preset duration may be a default value set by the management device, or may be a manually set value, which is not limited in this embodiment of the present application.
In step 611, when the first measurement and control device receives the restart instruction, the first measurement and control device is restarted, and the first file to be restored is reloaded.
As shown in fig. 7, fig. 7 illustrates a process of the management device viewing the log file in the first measurement and control device, which is a specific implementation step of a method for running maintenance management provided in the embodiment of the present application:
step 701, the management device configures a WLST file to obtain a third WLST file.
The third WLST file includes at least one or more identifiers (e.g., names) of log files that the management device is allowed to view and a storage path of the log files in the first measurement and control device. For example, the third WLST file may include an identification of the log file a, a storage path of the log file a in the first observing and controlling device, an identification of the log file B, and a storage path of the log file B in the first observing and controlling device.
Or the third WLST file has recorded therein an identification of one or more log files and a viewing authority (such as permission or non-permission of viewing) of the management device for each log file. For example, the third WLST file may include an identification of the log file a, a storage path of the log file a in the first measurement and control device, and a viewing authority of the management device for the log file a, an identification of the log file B, a storage path of the log file B in the first measurement and control device, and a viewing authority (permission to view) of the management device for the log file B.
Step 701 and step 501 are not described in detail herein. It is to be understood that step 701 described above is an optional step.
Step 702, step 502, is not described herein.
Step 703, the management device displays a log viewing interface, the log viewing interface including an identification of one or more log files.
Step 704, the management device detects that the user selects an operation for the target log file in the one or more log files in the log viewing interface, and then detects whether the identification of the target log file meets the first condition or the second condition in the third WLST file. Wherein the first condition is that the identification of the target log file has a record in the third WLST file; the second condition is that the management device has a viewing authority for the target log file when the identifier of the target log file is recorded in the third WLST file.
It will be appreciated that the number of target log files may be one or more.
Step 7051, in the case where the identification of the target log file does not satisfy the first condition and the second condition, the management device outputs a prompt message to prompt the user to check failure.
Step 7052, the management device sends a viewing instruction to the first measurement and control device through the established communication connection when the identification of the target file meets the first condition or the second condition.
The viewing instruction comprises identification of the target log file and/or a storage path of the target log file.
The view instruction in step 7052 is used to indicate that the management apparatus requests to view the target log file. The optional view instruction may include an identification of the target log file and/or a storage path of the target log file. Because a plurality of log files may be stored in the first measurement and control device, the first measurement and control device may determine which target log file the management device requests to view and the specific location of the target log file in the first measurement and control device according to the identification of the target log file and/or the storage path of the target log file.
Step 706, in response to the checking instruction, the first measurement and control device encrypts and codes the target log file.
Optionally, the first measurement and control device may further add a first electronic signature to the encrypted target log file. The first electronic signature is added by the first measurement and control device so as to ensure the safety of data in the encrypted target log file.
Step 707, the first measurement and control device transmits the encrypted target log file to the management device according to the TLS protocol through the established communication connection.
Optionally, after step 707, the first measurement and control apparatus may also record a view log. The view log is used to indicate that the target log file has been sent to the management device. Optionally, after the target log file is sent to the management device, the first measurement and control device may record the view log after receiving a response indicating that the management device successfully receives the response.
Step 708, the management device stores the received target log file.
As one example, the management device may store the received target log file in the storage module of fig. 2. For example, the target log file may be stored in a second storage module in the storage module, where the second storage module is used to store the encrypted file received from the metering device.
Step 709, in a case where the management device responds to the user selecting to view the content in the first location in the target log file on the display interface, the management device decrypts the target log file and displays the content in the first location on the display interface.
As an example, the management device may perform preprocessing analysis on the content of the decrypted target log file through the information reading module in fig. 2, obtain the content in the first location, and store the content in the third storage module of the storage module. The third storage module may be, for example, a temporary database. In the case where the user needs to view the content in the first location in the target log file, the management apparatus displays the content in the first location stored in the third storage module using the display module.
As shown in fig. 8, fig. 8 illustrates a process of upgrading an application program in a first measurement and control device by using a management device as an example, and specifically illustrates steps of a method for running, maintaining and managing provided in an embodiment of the present application:
step 801, the management device configures a WLST file to obtain a fourth WLST file.
The fourth WLST file is used for recording identification information of one or more application programs stored in the management device, storage paths of the application programs in the management device, and upgrading authority (such as upgrading permission or non-upgrading permission) of the management device to each application program.
Step 801, step 501, is not described herein. It is to be understood that step 801 described above is an optional step.
Step 802, step 502, is not described herein.
Step 803, the management device responds to the operation of the user to select the target application program to be upgraded.
Step 804, the management device sends an upgrade instruction to the first measurement and control device.
The upgrade instruction includes identification information of the target application program and/or a storage path of the target application program.
Step 805, the first measurement and control device enters a state to be upgraded when receiving the upgrade instruction, and performs local backup on the original package of the target application program.
Step 806, the first measurement and control device sends feedback information for confirming the upgrade to the management device. The feedback information for confirming upgrading is used for indicating that the first measurement and control device is ready for upgrading operation.
It will be appreciated that step 806 is an optional step, i.e. the first measurement and control device may omit sending feedback information to the management device confirming the upgrade.
Step 807, the management device detects whether the identification of the target application satisfies the first condition or the second condition in the fourth WLST file. Wherein the first condition is that the identification of the target application program has a record in the fourth WLST file; if the second condition is that the identifier of the target application is recorded in the fourth WLST file, the management apparatus has an upgrade right for the target application.
In step 8081, the management device prompts the user that the upgrade has failed if the identification of the target application program does not satisfy the first condition and the second condition.
In step 8082, the management device sends an upgrade package of the target application program to be upgraded to the first measurement and control device through the established communication connection under the condition that the identification of the target application program does not meet the first condition and the second condition.
Step 809, the first measurement and control device stores the upgrade package into the first measurement and control device and replies confirmation information to the management device when receiving the upgrade package, wherein the confirmation information is used for indicating that the upgrade package of the target application program has been received.
Step 810, the management device sends a restart command to the first measurement and control device, where the restart command is used to restart the first measurement and control device.
Optionally, the management device performs step 810 if it is determined that the first measurement and control device stores the upgrade package in the first measurement and control device. For example, the management device determines to store the upgrade package in the first measurement and control device through step 809. Or the management device determines to store the upgrade package into the first measurement and control device after a second preset time period passes from the moment of sending the upgrade package. The second preset duration may be a default value set by the management device, or may be a manually set value, which is not limited in this embodiment of the present application.
And 811, restarting the first measurement and control device after receiving the restarting command, and reloading an upgrade package of the target application program to upgrade the target application program.
Step 8121, the first measurement and control device deletes the original package of the target application program backed up locally under the condition that the first measurement and control device is successfully upgraded.
In step 8122, the first measurement and control device runs the original package of the target application program under the condition that the target file cannot be loaded.
The foregoing description of the solution of the embodiment of the present application has been mainly presented from the perspective of interaction between network elements. It will be appreciated that each device, such as a management device or the like, includes corresponding structures and/or software modules for performing the functions described above. Those of skill in the art will readily appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The embodiment of the present application may perform division of functional units according to the above-described method by using the write management apparatus, for example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The integrated units may be implemented in hardware or in software functional units. It should be noted that, in the embodiment of the present application, the division of the units is schematic, which is merely a logic function division, and other division manners may be implemented in actual practice.
The method of the embodiment of the present application is described above with reference to fig. 1 to 8, and the apparatus for performing the method provided by the embodiment of the present application is described below. It will be understood by those skilled in the art that the methods and apparatuses may be combined and cited, and the management apparatus provided in the embodiments of the present application may perform the steps performed by the management apparatus in the method for managing the measurement and control apparatus.
In the case of using an integrated unit, fig. 9 shows a management device of the measurement and control device according to the above embodiment, which may be a management device or a device applied to the management device, such as a chip or a processing circuit, and the management device of the measurement and control device may include: a display unit 910, a determination unit 920, and a management unit 930.
In an alternative implementation, the management device of the measurement and control device may further include a storage unit for storing program codes and data of the management device of the measurement and control device.
The management device of the measurement and control device is a management device or a chip applied to the management device, for example. The display unit 910 is configured to display a first management interface, where the first management interface displays one or more functional controls, and different functional controls are used to implement different management functions. The determining unit 920 is configured to determine, when an operation for a first function control of the one or more function controls is detected, an identifier of a target file, where the target file is a file that needs to be read from or sent to the first measurement and control device by the management device. And the management unit 930 is configured to manage the first measurement and control device according to the identifier of the target file and the management function corresponding to the first function control, if it is determined that the management device has the authority to manage the target file according to the first authority configuration file.
In one possible implementation manner of the present application, the management device of the measurement and control device may further include: a transmission unit and an encryption and decryption unit.
In one possible implementation manner of the present application, the transmission unit is configured to send a first management instruction to the first measurement and control device through a communication connection, where the first management instruction is configured to instruct the first measurement and control device to provide the target file to the management device, receive the target file fed back from the first measurement and control device through the communication connection, and store the target file.
In one possible implementation manner of the present application, the display unit is further configured to display, on a display interface of the management device, content related to the filtering condition in the target file according to the filtering condition set by the user.
In a possible implementation manner of the present application, the determining unit is further configured to determine whether the management device has an operation right to the first right configuration file associated with any of the second identifiers.
In one possible implementation manner of the present application, the management device of the measurement and control device further includes: the encryption and decryption unit is used for decrypting the encrypted file fed back by any one of the received measurement and control devices.
The processing unit may be a processor or controller, and may be, for example, a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. A processor may also be a combination that performs a computational function, such as a combination comprising one or more microprocessors, a combination of a digital signal processor and a microprocessor, and so forth. The memory module may be a memory.
Alternatively, the computer-executable instructions in the embodiments of the present application may be referred to as application program codes, which are not specifically limited in the embodiments of the present application.
In one aspect, a computer readable storage medium is provided having instructions stored therein that, when executed, perform the functions as performed by the management device in fig. 3.
In one aspect, a computer program product is provided comprising instructions that when executed perform the functions as performed by the management device of fig. 3.
In one aspect, embodiments of the present application provide a chip for use in a management device, the chip including at least one processor and a communication interface coupled to the at least one processor for executing instructions to perform functions as performed by the management device in fig. 3.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer programs or instructions. When the computer program or instructions are loaded and executed on a computer, the processes or functions described in the embodiments of the present application are performed in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, a network device, a user device, or other programmable apparatus. The computer program or instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer program or instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired or wireless means. The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that integrates one or more available media. The usable medium may be a magnetic medium, e.g., floppy disk, hard disk, tape; optical media, such as digital video discs (digital video disc, DVD); but also semiconductor media such as solid state disks (solid state drive, SSD).
Although the present application has been described herein in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a review of the figures, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Although the present application has been described in connection with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made without departing from the spirit and scope of the application. Accordingly, the specification and drawings are merely exemplary illustrations of the present application as defined in the appended claims and are considered to cover any and all modifications, variations, combinations, or equivalents that fall within the scope of the present application. It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to include such modifications and variations as well.

Claims (10)

1. A method for managing a measurement and control device, applied to a management device, where the management device is respectively in communication with one or more measurement and control devices, the management device has a first authority configuration file, where the first authority configuration file records a first identifier of at least one file related to each measurement and control device that allows the management device to manage and/or an operation authority of the management device on each file, the method includes:
displaying a first management interface, wherein the first management interface is displayed with one or more functional controls, and different functional controls are used for realizing different management functions;
determining an identification of a target file when detecting an operation aiming at a first functional control in one or more functional controls, wherein the target file is a file which is required to be read from or sent to a first measurement and control device in one or more measurement and control devices by the management device;
and under the condition that the management device has the authority for managing the target file according to the first authority configuration file, managing the first measurement and control device according to the identification of the target file and the management function corresponding to the first function control.
2. The method of claim 1, wherein the first functionality control is a view functionality control or a backup functionality control,
the managing the first measurement and control device according to the identifier of the target file and the management function corresponding to the first function control includes:
a first management instruction is sent to the first measurement and control device through the communication connection, and the first management instruction is used for instructing the first measurement and control device to provide the target file for the management device;
and receiving the target file fed back from the first measurement and control device through the communication connection, and storing the target file.
3. The method of claim 2, wherein the first functionality control is the view functionality control, and the target file is a file stored in the first measurement and control device and recorded with information related to the first measurement and control device,
after receiving the target file fed back from the first measurement and control device and storing the target file, the method further comprises:
and displaying the content related to the screening conditions in the target file on a display interface of the management device according to the screening conditions set by the user.
4. The method according to claim 1 or 2, wherein the first functionality control is a backup functionality control, and the management device further has a second configuration file, and a second identifier of one or more first permission configuration files in the first measurement and control device and/or an operation permission associated with each second identifier are recorded in the second configuration file;
under the condition that the management device has the authority for managing the target file according to the first authority configuration file, before the first measurement and control device is managed according to the identification of the target file and the management function corresponding to the first function control, the method further comprises:
the first permission configuration file comprises any one of the second identifiers in the second configuration file, or the first permission configuration file comprises any one of the second identifiers in the second configuration file, and the operation permission associated with any one of the second identifiers is allowed operation, the management device determines that the operation permission of the first permission configuration file associated with any one of the second identifiers is available, and the target file is the first permission configuration file associated with any one of the second identifiers correspondingly;
And if any second identifier is not included in the first authority configuration file, or if any second identifier is included in the first authority configuration file but the operation authority associated with any second identifier is not allowed to operate, the management device determines that the operation authority of the first authority configuration file associated with any second identifier is not allowed.
5. The method of claim 1, wherein the first functionality control is a restore functionality control or an upgrade functionality control,
managing the first measurement and control device according to the identification of the target file and the management function corresponding to the first function control comprises:
the target file is sent to the first measurement and control device through the communication connection;
the first function control is the recovery function control, and the target file is a file to be recovered required by the first measurement and control device;
the first function control is the upgrading function control, and the target file is an upgrading packet of the first measurement and control device;
and under the condition that the management device determines that the first measurement and control device successfully receives the target file, the management device sends a restarting instruction to the first measurement and control device, wherein the restarting instruction is used for indicating the first measurement and control device to restart.
6. A method according to any one of claims 1 to 3, wherein the first rights configuration file is stored in the management device in an encrypted format, the method further comprising: before updating the first authority configuration file, decrypting the first authority configuration file; or alternatively, the process may be performed,
the management device and any file transmitted by the measurement and control device on the established communication connection are encrypted; in a corresponding manner,
the method further comprises the steps of: and decrypting the received encrypted file fed back by any measurement and control device.
7. A method according to any one of claims 1 to 3, wherein the method further comprises: under the condition that the operation of a first function control in one or more function controls is detected, the management device determines whether a user has permission to implement a management function corresponding to the first function control on the first measurement and control device according to the role of the user currently logged in the management device;
and under the condition that the user has the authority of implementing the management function corresponding to the first function control on the first measurement and control device, the management device executes the action of determining the identification of the target file.
8. A management device of a measurement and control device, wherein the management device is in communication connection with one or more measurement and control devices, the management device is provided with a first authority configuration file, the first authority configuration file records a first identifier of at least one file which is allowed to be managed by the management device and is related to each measurement and control device and/or operation authority of the management device on each file, and the management device comprises:
the display unit is used for displaying a first management interface, one or more functional controls are displayed on the first management interface, and different functional controls are used for realizing different management functions;
the determining unit is used for determining the identification of a target file when detecting the operation of a first functional control in one or more functional controls, wherein the target file is a file which the management device needs to read from or send to the first measurement and control device;
and the management unit is used for managing the first measurement and control device according to the identification of the target file and the management function corresponding to the first function control under the condition that the management device is determined to have the authority for managing the target file according to the first authority configuration file.
9. A management device comprising a communication interface, a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method according to any one of claims 1 to 7 when executing the computer program.
10. The maintenance management system of a measurement and control device, characterized by comprising: a management device and one or more measurement and control devices, the management device having a communication connection with one or more of the measurement and control devices, the management device being adapted to implement the method of any one of claims 1 to 7.
CN202310208235.9A 2023-02-24 2023-02-24 Management method, system and device of measurement and control device Pending CN116244745A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310208235.9A CN116244745A (en) 2023-02-24 2023-02-24 Management method, system and device of measurement and control device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310208235.9A CN116244745A (en) 2023-02-24 2023-02-24 Management method, system and device of measurement and control device

Publications (1)

Publication Number Publication Date
CN116244745A true CN116244745A (en) 2023-06-09

Family

ID=86634734

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310208235.9A Pending CN116244745A (en) 2023-02-24 2023-02-24 Management method, system and device of measurement and control device

Country Status (1)

Country Link
CN (1) CN116244745A (en)

Similar Documents

Publication Publication Date Title
CN110691064B (en) Safety access protection and detection system for field operation terminal
CN107094155B (en) Data security storage method and device based on alliance block chain
CN111082940B (en) Internet of things equipment control method and device, computing equipment and storage medium
US7302570B2 (en) Apparatus, system, and method for authorized remote access to a target system
CN110719203B (en) Operation control method, device and equipment of intelligent household equipment and storage medium
CN107483495B (en) Big data cluster host management method, management system and server
US20100306374A1 (en) Centralized network control
US8707444B2 (en) Systems and methods for implementing application control security
CN105103488A (en) Policy enforcement with associated data
CN105656860A (en) Safety management and control method, apparatus and system for Android system
US20130081112A1 (en) Global Terminal Management Using 2-Factor Authentication
US8726374B2 (en) Tampering monitoring system, control device, and tampering control method
CN108289074B (en) User account login method and device
KR102356474B1 (en) Systems that support smart work
WO2018088985A1 (en) Information and telecommunication monitoring system, method of data monitoring and processing, and computer-readable data carrier
CN111614686A (en) Key management method, controller and system
WO2016013925A1 (en) System and method for secure tracking of internet of things based goods in supply chain system
CN113365277A (en) Wireless network safety protection system
CN113922975A (en) Security control method, server, terminal, system and storage medium
CN116244745A (en) Management method, system and device of measurement and control device
CN112422527B (en) Threat assessment system, method and device for substation power monitoring system
CN110278127B (en) Agent deployment method and system based on secure transmission protocol
CN113608907A (en) Database auditing method, device, equipment, system and storage medium
CN111614620A (en) Database access control method, system and storage medium
CN114884963B (en) Digital certificate management method and management device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination