JP2010178089A - Remote management system, remote management apparatus and connection device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To maintain high security in a remote management system wherein a plurality of facility apparatus groups are connected with a remote management apparatus through a communication carrier. <P>SOLUTION: The remote management system is provided with: a conversion table storage part for storing an address conversion table for making an apparatus identifier and an address for communication correspond to each other; a permission list storage part for storing a communication permission list indicating whether to permit communication of a plurality of apparatuses with each other; a communication request reception part for receiving a communication request using the apparatus identifier; an address conversion part for referring to the address conversion table and the communication permission list and determining a communication destination address of the communication request when it is the permitted one in the communication permission list; and a communication part for starting the communication based on the communication request received in the communication request reception part using the communication destination address determined in the address conversion part. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a remote management system, a remote management device, and a connection device for managing a plurality of facility devices, and in particular, transmits and receives data via an IP network, and remotely controls a plurality of facility devices such as an air conditioner. The present invention relates to a remote management system, a remote management device, and a connection device thereof.

  Equipment equipment such as air conditioners and lighting fixtures installed in buildings and the like are increasingly managed by equipment equipment management devices that collect information on their operating status. Such an equipment management device is arranged in the same building as each equipment, collects the current operating status of each equipment at regular time intervals, and installs each equipment based on an operator's instruction or a predetermined algorithm. The control is executed. Each facility device and the facility device management apparatus that manages these facility devices can be easily subjected to various maintenance processes by monitoring the operation status at a constant cycle by a remote management device connected via a network.

  A remote management device is installed in a management center or service center, connected to a plurality of equipment and equipment management devices via a network, and related to the operating status of each equipment device transmitted via the equipment management device. Monitor and control information. When each facility device has a network connection function, the facility device management apparatus can be omitted and the remote management device and the facility device can be connected via a network.

  In this way, when configuring a remote management system in which multiple equipment devices or equipment management devices are connected to a remote management device via a network, information on the operational status of each equipment device is sent as a daily report to the remote management device. However, if there is a firmware update, each facility device can be downloaded from the remote management device.

  In the case of the remote management system as described above, a network provided by a predetermined communication carrier can be used as a network for connecting the remote management device and each equipment device or equipment device management device. Some networks provided by communication carriers have a private address set for each device connected to the network. In such a case, it becomes possible to perform communication between each apparatus using a remote management apparatus connected to the remote management system and each facility device or a private address set by a communication carrier for each facility device management apparatus.

  The remote management device side and the equipment device side each have a connection system, and these connection systems each store a private address of a communication destination set by a communication carrier, and can communicate by designating this private address. It becomes possible.

  If you have multiple equipment groups grouped in the remote management system, set up a virtual dedicated path for each equipment group in the communication carrier to maintain security between each equipment group, It has been proposed that an identification code set for each virtual dedicated path is added to an address for transmission.

  For example, in the technique described in Patent Document 1, a virtual dedicated path is set for each private network between a remote connection unit serving as an entrance to an IP network and a network termination unit connected to a plurality of private networks. Yes. An identification code is added to the network address on the remote connection means side, and the identification code added to the address is discriminated in the connection control means connected to the remote connection means by the virtual dedicated path and distributed to the virtual dedicated path. ing.

  In such a case, a connection control is performed in which an identification code set for each virtual dedicated path is added to the network address and transmitted, distributed to the virtual dedicated path based on the identification code, and transmitted after deleting the identification code from the network address. Configuration of the means is required.

  In addition, it is assumed that a plurality of grouped equipment devices are network-connected to the remote management system via different communication carriers. When private addresses are set for devices to which different communication carriers are connected, it is assumed that the addresses overlap even though they are equipment or equipment management devices that belong to the same remote management system. Is done. The private address used by each communication carrier is an IP address used in an Internet protocol such as IPv4 (or IPv6), which is partly because the range that can be used as a private address is limited.

  In such a case, when communication is performed from the remote management device to each facility device, there is a possibility that normal communication cannot be performed due to duplication of addresses. It may be possible to add an identification code to the address in the connection system on the remote management device side, and to provide a connection control means that distributes the transmission destination based on this identification code. There is a problem such as an increase.

  Furthermore, a communication carrier that connects between a remote management device and a plurality of facility devices or facility device management devices may dynamically change a private address assigned to each device. For example, if there is a communication request, it can be assumed that the IP address of the communication source and the communication destination is set each time within the range of private addresses that can be used, and the correspondence between each device and the private address is not saved after the communication is completed. In such a case, the connection system on the remote management device side may not be able to communicate with an appropriate destination even if the destination address is stored.

  In order to solve the problems of the prior art as described above, an address conversion table indicating a correspondence relationship between a device identifier used on the remote management system and a private address set by each communication carrier is provided for the remote device and each It may be configured to store the data on the equipment device side and update each address conversion table when the private address set by the communication carrier changes.

  In such a case, when a plurality of grouped equipment devices are connected on the same remote management system, they belong to one equipment device group by sharing the address conversion table. Communication from the equipment or equipment management device to the equipment or equipment belonging to another equipment equipment group becomes possible. For example, when a plurality of equipment groups with different contractors are managed in one remote management system, it is possible to communicate between equipment equipment or equipment management devices belonging to different equipment groups. There is a security problem.

  The present invention is set in each device in a case where a plurality of equipment groups are connected to a remote management device via different communication carriers or in a communication carrier in which a remote management device and a plurality of equipment devices or equipment management devices are connected Even if the private address to be changed dynamically, a remote management system that can reliably communicate with a simple configuration and maintain high security without disturbing communication The purpose is to provide.

  In the remote management system according to the present invention, a plurality of devices and a remote management device that remotely manages the plurality of devices are connected via a network, and the remote management device and the network and between the plurality of devices and the network are connected. In this remote management system, each connection device is inserted into the remote management system. Among these, the connection device includes a device identifier for identifying the remote management device and the plurality of devices, and a communication address set by the communication carrier providing the network to the remote management device and the plurality of devices. A conversion table storage unit that stores an associated address conversion table for each communication carrier, a permission list storage unit that stores a communication permission list indicating whether or not communication between the plurality of devices is permitted, the remote management device, and the A communication request receiving unit that receives a communication request using the device identifier from any of a plurality of devices, and referring to the address conversion table and the communication permission list based on the communication request received by the communication request receiving unit. The communication address in the corresponding communication carrier in the address conversion table is the communication permission list. When the communication request is received, the address conversion unit that determines the communication destination address of the communication request and the communication request reception unit using the communication destination address determined by the address conversion unit. A communication unit that starts communication based on the communication request.

  The connection device according to the present invention is a remote management system in which a plurality of devices and a remote management device that remotely manages the plurality of devices are connected via a network, the remote management device and the network, and the plurality of devices. And a connection device inserted between the networks. The connection device includes an address converter that associates a device identifier for identifying the remote management device and the plurality of devices with a communication address set in the remote management device and the plurality of devices by a communication carrier that provides the network. A conversion table storage unit that stores a table for each communication carrier, a permission list storage unit that stores a communication permission list indicating whether or not communication between the plurality of devices is permitted, the remote management device, and the plurality of devices A communication request receiving unit that receives a communication request using the device identifier from any of the above, referring to the address conversion table and the communication permission list based on the communication request received by the communication request receiving unit, and the address The communication address in the corresponding communication carrier in the conversion table is granted in the communication permission list. The communication request received by the communication request receiving unit using the address conversion unit that determines the communication destination address of the communication request and the communication destination address determined by the address conversion unit. A communication unit that starts communication based on the communication unit.

  According to the present invention, when there is an overlap in private addresses used by a plurality of communication carriers, it is possible to perform appropriate communication even when the private address set in each device is dynamically changed, and high security is achieved. Can be maintained.

1 is a schematic configuration diagram of a first embodiment of the present invention. The functional block diagram of a connection apparatus. Explanatory drawing which shows an example of an address conversion table. Explanatory drawing which shows the other example of an address conversion table. Explanatory drawing which shows an example of a permission list. The flowchart of 1st Embodiment. The functional block diagram of the connection apparatus of 2nd Embodiment. The flowchart of 2nd Embodiment. 1 is a configuration diagram of Embodiment 1. FIG. FIG. 3 is a functional block diagram of the remote management device according to the first embodiment. FIG. 3 is a functional block diagram of a local controller according to the first embodiment. FIG. FIG. 6 is a configuration diagram of Example 3. FIG. FIG. 10 is an explanatory diagram illustrating an example of an address conversion table used in the fourth embodiment. FIG. 10 is an explanatory diagram illustrating an example of an address conversion table used in the fourth embodiment. Explanatory drawing which shows an example of the permission list | wrist used for Example 4. FIG.

  Hereinafter, a remote management system according to an embodiment of the present invention will be described with reference to the drawings.

<< First Embodiment >>
FIG. 1 is an explanatory diagram showing a schematic configuration of a remote management system according to the first embodiment of the present invention.

  In FIG. 1, equipment devices 16-1 to 16-m, 17-1 to 17-n such as air conditioners and lighting fixtures installed in one or more buildings are connected via communication carriers 12 and 13. 1 shows a system for remote management by a remote management device 10. Although what is illustrated assumes the case where two installation equipment groups are managed, it is not limited to this, It can comprise so that 1 or several installation equipment groups may be managed remotely.

  The remote management device 10 receives information on the operation status from each equipment device as a daily report, transmits control information and firmware update information for each equipment device, and downloads necessary firmware to each equipment device.

  The remote management device 10 is connected to the communication carriers 12 and 13 via the connection device 11.

  The connection device 11 includes a communication destination address conversion table. When a communication request from the remote management device 10 is generated, the connection device 11 refers to the address conversion table and converts it into a corresponding communication destination address. Select the appropriate route and start communication.

  Communication carriers 12 and 13 provide different communication paths corresponding to each equipment group of equipment equipment 16-1 to 16-m, 17-1 to 17-n, and each connected device By setting a private address, a network capable of communication using the Internet protocol is provided.

  The communication carrier 12 is connected to the equipment devices 16-1 to 16-m via the connection device 14. The communication carrier 13 is connected to the equipment devices 17-1 to 17-n via the connection device 15.

  Similar to the connection device 11 installed on the remote management device 10 side, the connection devices 14 and 15 have an address conversion table of the communication destination, and refer to the address conversion table when a communication request from the equipment side occurs. Thus, by converting to a corresponding communication destination address, a route corresponding to the communication destination is selected and communication is started.

  Equipment devices 16-1 to 16-m and 17-1 to 17-n include equipment such as air conditioners and lighting equipment. In the case of air conditioners, the control unit on the indoor unit side or the outdoor unit side It is possible to adopt a configuration in which both control units are connected to the connection devices 14 and 15, and both are connected to the connection devices 14 and 15 so that the indoor unit and the outdoor unit can be individually controlled. Is also possible.

<Connecting device>
In the remote management system as described above, a unique device identifier is assigned to each of the remote management device 10, the equipment 16-1 to 16-m, and 17-1 to 17-n. When communicating with a device, a communication request is generated using the device identifier of the communication destination.

  In addition, in the communication carriers 12 and 13, a private address is assigned to each device that provides the network, and a network based on the IP protocol is provided using the private address.

  In connection devices 11, 14, and 15, the correspondence between the device identifier used in the remote management system and the private address used by the communication carrier is held as an address conversion table. If there is a communication request from the device, address conversion is performed. The communication destination address is determined with reference to the table, and communication is started based on the communication destination address.

  The configuration of such connection devices 11, 14, and 15 will be described with reference to the block diagram shown in FIG. Here, the connection device 11 is shown as a representative, but the connection devices 14 and 15 can have the same configuration.

  The connection device 11 includes a control unit 21 that controls each unit including a CPU, ROM, RAM, etc., a conversion table storage unit 22 that stores an address conversion table, a permission list storage unit 23 that stores a communication permission list, and a device A communication request receiving unit 24 for receiving the communication request, an address converting unit 25, and a communication unit 26.

  The conversion table storage unit 22 is a unique device identifier assigned to each device such as the remote management device 10, the equipment 16-1 to 16-m, 17-1 to 17-n in the remote management system, An address conversion table for associating private addresses set to devices to which the communication carriers 12 and 13 are connected is stored.

  An example of the address conversion table is shown in FIG.

  As shown in FIG. 3, the address conversion table 31 includes items of a device identifier column 32 and an address column 33.

  The address conversion table 31 is created for each communication carrier, and stores a correspondence between a device identifier of a device connected to each communication carrier and a private address set for the device. The device identifier column 32 stores a unique device identifier for specifying each device used in the remote management system. The address column 33 stores a private address set by the communication carrier for the device. The illustrated example shows a case where the private address set by the communication carrier is “192.168.1.1” for the device assigned the device identifier “1001000100000001”. In this example, the case where the private address set by the communication carrier is an IPv4 compliant address is shown.

  In this way, when creating an address conversion table for each communication carrier and storing it in the conversion table storage unit 22, in order to identify which communication carrier each device is connected to, a device identifier It is also possible to prepare a table showing the correspondence between communication carriers and communication carriers.

  Another example of the address conversion table is shown in FIG. The address conversion table 41 shown in FIG. 4 includes a device identifier column 42, a communication carrier column 43, and an address column 44. The device identifier column 42 stores a unique device identifier for specifying each device used in the remote management system. The communication carrier column 43 stores a communication carrier identifier for specifying a communication carrier to which the device is connected. The address field 43 stores a private address set by the communication carrier for the device. This example also shows a case where the private address set by the communication carrier is “192.168.1.1” for the device assigned the device identifier “1001000100000001”. In this example, as described above, a case where the private address set for each device by the communication carrier is an address based on IPv4 is shown.

  The permission list storage unit 23 stores a communication permission list indicating whether or not communication between a plurality of devices is permitted. The communication permission list can be configured by a table that associates a device identifier set to another device with a flag indicating whether or not to permit communication with the corresponding device. It is also possible to prepare two communication permission lists: a device identifier permission list that permits communication and a device identifier rejection list that does not permit communication. Further, it is also possible to generate only one device identifier list and set a flag indicating whether the device identifier list is a permission list or a denial list for permitting communication. .

  FIG. 5 is an explanatory diagram showing an example of the permission list.

  The permission list 51 is created for each of the connection devices 11, 14, and 15, and the device identifier column 52 and the device identifier column for storing device identifiers of communication destinations whose communication is permitted or rejected via each connection device 11, 14, 15 A flag column 53 is provided for storing a flag indicating whether communication is permitted or rejected for a device corresponding to 52.

  In the device identification column 52, device identifiers set in the remote management device 10, the equipment 16-1 to 16-m, and 17-1 to 17-n are stored. For example, when the customer ID of the contractor of this remote management system is 8 bits and the device ID belonging to the contractor is configured with 8 bits, the customer ID is used as the device identifier used in this remote management system. A device identifier of a total of 16 bits with the device ID as the lower 8 bits can be configured as the 8 bits.

  The flag column 53 stores a flag indicating whether communication is permitted or rejected for a device corresponding to each device identifier stored in the device identifier column 52. In the illustrated example, “1” is set for the device identifier of the device that permits communication, and “0” is set for the device identifier of the device that refuses communication.

  The device identifier stored in the device identifier column 52 can be configured to cover all devices connected to the remote management system. In addition, when configuring equipment groups for each customer, the customer ID set in the first 8 bits of the device identifier is specified, and the remaining lower bits are collectively specified as a wild card. it can. FIG. 5 shows an example in which communication is permitted for a device identifier belonging to one customer ID “10010001” and communication is refused for a device identifier belonging to another customer ID “10100001”.

  Such a permission list 51 is created for each of the connection devices 11, 14, and 15 and is managed by the remote management device 10. The remote management device 10 transmits a permission list 51 to the connection devices 11, 14, and 15 in response to a request from the connection devices 11, 14, and 15 or when necessary when a change occurs. The connection devices 11, 14, and 15 store the permission list 51 transmitted from the remote management device 10 in the permission list storage unit 23.

  The communication request receiving unit 24 receives a communication request to a facility device transmitted from the remote management device 10 (facility devices 16-1 to 16-m, 17-1 to 17-n), and includes a device identifier. A notification to the effect that there has been a communication request for the communication destination specified in is sent to the control unit 11.

  The address conversion unit 25 stores the address conversion table 31 (41) stored in the conversion table storage unit 22 and the permission list storage unit 23 based on the device identifier specified by the communication request received by the communication request reception unit 24. Referring to the permitted list 51, it is determined whether the communication address in the corresponding communication carrier in the address conversion table 31 (41) is permitted in the communication permission list, and the communication destination of the communication request Determine as an address. The address conversion unit 25 refers to the permission list 51 based on the device identifier specified as the communication destination in the communication request, and determines whether or not the device identifier is permitted to communicate. When the address conversion unit 25 determines that the corresponding device identifier is permitted to be communicated, the address conversion unit 25 refers to the address conversion table 31 (41) stored in the conversion table storage unit 22 and performs the corresponding communication. The private address set in the device corresponding to the device identifier by the carrier is specified as the communication destination address of the communication request. The address conversion unit 24 changes the device identifier designated as the communication destination address during the communication request to the private address of the corresponding communication carrier, and sets it as a new communication destination address.

  The communication unit 26 starts communication between corresponding devices based on the communication destination address converted by the address conversion unit 25.

<Communication processing>
Processing in the connection device 11 when there is a communication request from the remote management device 10 will be described based on the flowchart shown in FIG.

  When the remote management device 10 communicates with any of the equipment devices 16-1 to 16-m, 17-1 to 17-n connected via the communication carriers 12 and 13, the corresponding device identifier is transmitted to Send the communication request specified as. In the connection device 11, the communication request receiving unit 23 receives the communication request transmitted from the remote management device 10 (step S61).

  When the communication request receiving unit 24 receives a communication request from the remote management device 10, the control unit 21 refers to the permission list 51 stored in the permission list storage unit 23 and is the communication destination specified in the communication request. It is determined whether or not the device identifier is a permitted communication destination (step S62).

  When the control unit 21 determines that the device identifier specified in the communication request is a communication destination permitted to communicate, the control unit 21 refers to the address conversion table (31, 41) stored in the conversion table storage unit 22. (Step S63), the device identifier specified in the communication request is searched to identify the communication carrier to which the corresponding device is connected and the communication destination address set in the device by the communication carrier (Step S63). S64).

  The control unit 21 changes the device identifier in the communication request transmitted from the remote management device 10 to the corresponding communication destination address, and starts communication processing via the corresponding communication carrier (step S65).

  In step S62, when the control unit 21 determines that the device identifier that is the communication destination specified in the communication request is not a permitted communication destination, the control unit 21 generates a notification that the communication is rejected, and the communication The request is transmitted to the remote management apparatus 10 that has transmitted the request (step S66).

  According to 1st Embodiment of this invention comprised in this way, when several installation equipment groups are connected via several communication carriers, each communication carrier sets with respect to each installation apparatus. Even when private addresses to be overlapped, since the address conversion table is provided for each communication carrier, communication to an appropriate communication destination is possible.

  Here, the connection device 11 connected to the remote management device 10 has been described, but the connection devices 14 and 15 connected to the equipment side can also have the same configuration. For example, when performing communication to a remote management device based on a communication request from each facility device, the connection devices 14 and 15 are allowed to use a permission list and an address conversion table based on the device identifier specified in the communication request. The communication destination address is determined, and communication is started based on the communication destination address. If the connection device 14 or 15 determines that the device identifier specified in the communication request is a communication destination that is denied communication in the permission list 51, the connection device 14 and 15 responds to the equipment that has transmitted the communication request. A communication rejection notice is transmitted and communication with the corresponding communication destination is not executed.

  As described above, according to the first embodiment of the present invention, each of the connection devices 11, 14, and 15 shares the address conversion table, so that duplicate address settings can be made in the devices connected to the different communication carriers 12 and 13. However, although communication is possible, communication is possible between equipment 16-1 to 16-m and equipment 17-1 to 17-n belonging to different groups, which is a security problem. May occur. However, the connection devices 11, 14, and 15 are configured to refer to the permission list stored in the permission list storage unit 23 based on the communication request, and not to communicate with communication destinations that are not permitted to communicate. Is done. Therefore, even when a plurality of equipment groups belonging to different customers are connected in the same remote management system, mutual communication is prohibited and security can be maintained high. The remote management device 10 manages an independent permission list for each of the connection devices 11, 14, and 15, and updates the permission list 51 stored in the connection devices 11, 14, and 15 as necessary. Can be configured.

<< Second Embodiment >>
A remote management system according to a second embodiment of the present invention will be described.

  The general configuration of the remote management system according to the second embodiment is the same as that shown in FIG. 1 as in the first embodiment. Among these, the configuration of the connection device 11 will be described below.

  The connection device 11 used in the second embodiment has a configuration as shown in FIG.

  The connection device 11 includes a control unit 21 that controls each unit including a CPU, ROM, RAM, etc., a conversion table storage unit 22 that stores an address conversion table, a permission list storage unit 23 that stores a communication permission list, and a device A communication request receiving unit 24 for receiving the communication request, an address converting unit 25, a communication unit 26, an address updating unit 71, and an address change notifying unit 72.

  The conversion table storage unit 22 is a unique device identifier assigned to each device such as the remote management device 10, the equipment 16-1 to 16-m, 17-1 to 17-n in the remote management system, An address conversion table for associating private addresses set to devices to which the communication carriers 12 and 13 are connected is stored.

  As the address conversion table stored in the conversion table storage unit 22, the one shown in FIG. 3 or 4 can be used.

  The permission list storage unit 23 stores a communication permission list indicating whether or not communication between a plurality of devices is permitted. The communication permission list can be configured as described above. For example, the communication permission list can be configured as shown in FIG.

  The communication request receiving unit 24 receives a communication request to a facility device transmitted from the remote management device 10 (facility devices 16-1 to 16-m, 17-1 to 17-n), and includes a device identifier. A notification to the effect that there is a communication request for the communication destination specified in is sent to the control unit 21.

  The address conversion unit 25 stores the address conversion table 31 (41) stored in the conversion table storage unit 22 and the permission list storage unit 23 based on the device identifier specified by the communication request received by the communication request reception unit 24. Referring to the permitted list 51, it is determined whether the communication address in the corresponding communication carrier in the address conversion table 31 (41) is permitted in the communication permission list, and the communication destination of the communication request Determine as an address. The address conversion unit 25 refers to the permission list 51 based on the device identifier specified as the communication destination in the communication request, and determines whether or not the device identifier is permitted to communicate. When the address conversion unit 25 determines that the corresponding device identifier is permitted to be communicated, the address conversion unit 25 refers to the address conversion table 31 (41) stored in the conversion table storage unit 22 and performs the corresponding communication. The private address set in the device corresponding to the device identifier by the carrier is specified as the communication destination address of the communication request. The address conversion unit 24 changes the device identifier designated as the communication destination address during the communication request to the private address of the corresponding communication carrier, and sets it as a new communication destination address.

  The communication unit 26 starts communication between corresponding devices based on the communication destination address converted by the address conversion unit 25.

  The address update unit 71 converts the address conversion stored in the conversion table storage unit 22 based on the communication address change notification transmitted from the communication carrier or the changed communication address transmitted from another connection device. Update the table. For example, when the communication carrier dynamically changes the private address set for each device, an address change notification is transmitted together with the changed private address from the connected communication carrier. Based on the address change notification transmitted from the communication carrier, the address update unit 71 updates the address conversion table stored in the conversion table storage unit 22. In another device (equipment or remote management device), when the connected communication carrier changes the private address set in the device, together with the private address changed from that device An address change notification is sent. The address update unit 71 updates the address conversion table stored in the conversion table storage unit 22 on the basis of the address change notification transmitted from such other connection device.

  Based on the address change notification transmitted from the communication carrier, the address change notification unit 72 transmits the address change notification to the other connected devices together with the changed private address.

  In the above description, the configuration of the connection device 11 connected to the remote management device 10 has been described. However, the connection devices 14 and 15 connected to the facility equipment side can also have the same configuration.

<Address update processing>
The address update processing in the second embodiment of the present invention will be described based on the flowchart shown in FIG.

  When the communication unit 25 receives the address change notification from the other connection devices 14 and 15 or the address change notification from the connected communication carrier (step S81), the connection device 11 receives the address change notification from the other connection device. The control unit 21 determines whether or not it is from 14, 15 (step S82).

  When the control unit 21 determines that the address change notification is transmitted from the other connection devices 14 and 15, the address update unit 71 updates the address conversion table stored in the conversion table storage unit 22. (Step S83).

  The control unit 21 determines whether or not the address change notification is transmitted from the communication carriers 12 and 13 (step S84).

  When the control unit 21 determines that the address change notification is transmitted from the communication carriers 12 and 13, the address change notification unit 72 generates an address change notification for the other connection devices 14 and 15, and generates another connection. The data is transmitted to the devices 14 and 15 (step S85). Thereafter, the control unit 21 executes another process (step S86) and ends the process.

  The address update process has been described as a process executed by the connection device 11 connected to the remote management device 10, but the connection devices 14 and 15 on the equipment side can also be configured to execute the same process.

  When there is a communication request from each connected device, the communication carriers 12 and 13 may dynamically change the private address set in each device each time. In such a case, there is a possibility that communication according to a communication request from a device to which the connection devices 11, 14, and 15 are connected cannot be performed.

  According to the second embodiment of the present invention, even if the communication carriers 12 and 13 dynamically change the private address in this way, the contents of the address conversion table stored in the conversion table storage unit 22 are Since it is updated each time, an appropriate communication destination address can be selected according to a communication request from each device, and normal communication is possible.

<Permission list update process>
The remote management device 10 collectively holds a permission list 51 set for each of the connection devices 10, 14, 15 and performs maintenance processing as necessary. The remote management device 10 transmits the permission list 51 set for each of the connection devices 10, 14, and 15 and the authentication data for maintenance. In each of the connection devices 10, 14, and 15, the permission list 51 transmitted from the remote management device 10 is stored in the permission list storage unit 23, and the authentication data for maintenance is stored in a predetermined storage area. When there is a maintenance notification from the remote management device 10, each connection device 10, 14, 15 performs update processing of the authorization list 51 transmitted from the remote management device 10 after performing authentication processing with the authentication data for maintenance. Receive and update this.

<Other network configurations>
In the embodiment as described above, the case where the equipment group is connected via a plurality of communication carriers is shown. However, the configuration is such that a plurality of equipment groups are connected via the same communication carrier. However, it is possible to maintain high security by configuring the connection devices 14 and 15 on each facility device side to reject communication with facility devices belonging to other facility device groups based on the permission list 51. Become.

  In the remote management system according to the present invention, a configuration in which the connection device 11 is built in the remote management device 10 and a configuration in which the connection devices 14 and 15 are built in the local controller that supervises the equipment are shown as a first embodiment.

  FIG. 9 is a configuration diagram of the remote management system according to the first embodiment.

  The remote management system according to the first embodiment includes a remote management device 10, firewalls 91 and 92, modem routers 93 and 94, modems 85 and 86, local controllers 87 and 88, and equipment devices 16-1 to 16-m, 17-1. It consists of ~ 17-n.

  The remote management device 10 receives information related to the operation status from each equipment device as a daily report, transmits control information and firmware update information for each equipment device, and downloads necessary firmware to each equipment device. And the configuration of the connection device 11 is included therein.

  The remote management device 10 can be configured by a general computer system such as a personal computer or a workstation, and includes a control unit 101, a communication interface 102, an input / output interface 103, etc., as shown in FIG. Yes. The control unit 101 includes a CPU for controlling each unit of the computer system, a ROM for storing various parameters, BIOS, and the like, a RAM that is a temporary storage unit necessary for various calculations, and the like. The communication interface 102 is an interface for providing data input / output with other devices. The input / output interface 103 receives an instruction signal input by an operator via a keyboard, a mouse, or the like, and provides an interface for displaying various information on a display or the like.

  The remote management device 10 further stores various parameters of the connected equipment devices 16-1 to 16-m, 17-1 to 17-n and data such as daily reports sent to the database 106, as necessary. The equipment management unit 104 that provides editing processing to the user, the equipment equipment 16-1 to 16-m, 17-1 to 17-n based on the current operating status and instructions from the operator, the instruction signal to each equipment equipment A device control unit 105 that generates and transmits to a corresponding facility device is provided. The device management unit 104 and the device control unit 105 can function as a remote management server by starting a predetermined application on the remote management device 10 configured by a computer system.

  In addition, the remote management device 10 stores the permission list 51 set for each of the connection devices 11, 14, and 15 in the database 106, and performs maintenance of the permission list as necessary.

  The connection device 11 of the first embodiment or the second embodiment described above can be configured in the remote management device 10. In this case, the control unit 21 of the connection device 11 can be the same as the control unit 101 of the remote management device 10.

  The firewalls 91 and 92 are connected to the communication carriers 12 and 13 to be connected through the modem routers 93 and 94, respectively. The firewalls 91 and 92 prevent unauthorized access from the outside by filtering packets, and can also have a single hardware configuration, and can also be configured in the remote management apparatus 10 or the modem router 93. , 94 can be configured by software.

  The modem routers 93 and 94 are provided for each of the communication carriers 12 and 13, respectively, and establish a communication path via the communication carriers 12 and 13. The modem routers 93 and 94 are connected to the local network in which the remote management device 10 is installed, It has a routing function to interconnect between networks provided by 12,13.

  On the equipment devices 16-1 to 16-m and 17-1 to 17-n sides, local controllers 97 and 98 are provided which perform control for each device group.

  The local controllers 97 and 98 are provided for each set of predetermined equipment such as each building and each client, and control each equipment. For example, the local controller 97 is installed in a local area network to which the equipment devices 16-1 to 16-m are connected, and data on the operating status of each equipment device 16-1 to 16-m is transmitted at a predetermined interval. It collects and manages the operational status data of each connected equipment. Similarly, the local controller 98 is installed in the local area network to which the equipment devices 17-1 to 17-n are connected, and data regarding the operating status of each equipment device 17-1 to 17-n is stored in a predetermined manner. It collects data at intervals and manages the operational status data of each connected equipment.

  The local controllers 97 and 98 are connected to the communication carriers 12 and 13 via the modems 95 and 96, respectively, and can communicate with the remote management device 10. As a result, the local controllers 97 and 98 can be configured to transmit the collected operation status data of each facility device to the remote management device 10 at a predetermined interval. For example, the local controllers 97 and 98 can be transmitted as daily report data once a day. Can be configured.

  The local controllers 97 and 98 can be configured to include the connection devices 14 and 15 respectively, and the configuration in this case is shown in FIG.

  The local controller 97 (98) includes a control unit 111 including a CPU for controlling each unit, a ROM for storing various parameters, a RAM for providing a storage unit necessary for calculation, and the modem 95 (96) on the communication carrier side. The first communication unit 112 connected to the equipment, the second communication unit 113 connected to the LAN on the equipment device 16-1 to 16-m (17-1 to 17-n) side, and the operating status collected from each equipment device A storage unit 114 for storing data is provided.

  The local controller 97 (98) includes the connection device 14 (15) as shown in the first embodiment or the second embodiment. In this case, the control unit 21 of the connection device 14 (15) can be configured in common with the control unit 111 of the local controller 97 (98).

  Such a local controller 97 (98) is provided with a management application for equipment, for example, equipment 16-1 to 16-m (17-1 to 17-17) via the second communication unit 113 at intervals of 30 minutes. -n) is configured to collect operational status data for each facility device. The operational status data collected by the local controller 97 (98) includes the values of the sensors attached to the indoor unit and the outdoor unit and the power supply of the outdoor unit and the indoor unit when the equipment is an air conditioner. This includes on / off recordings.

  The control unit 111 creates management data to be transmitted to the remote management device 10 based on the collected operation status data every time it collects the operation status data of the equipment at intervals of 30 minutes, and stores it in the storage unit 114 To do. The management data created by the control unit 111 is calculated based on sensor values such as the maximum and minimum values of each sensor attached to the indoor unit and the outdoor unit, and the degree of supercooling and superheat in the refrigeration cycle. The maximum and minimum parameter values are also included.

  The local controller 97 (98), for example, creates daily report data that summarizes the operation status data of each facility device for one day at a predetermined time once a day, and transmits the daily report data to the remote management device 10.

  When the local controller 97 (98) sends daily report data to the remote management device 10, it generates a communication request packet with the device identifier of the remote management device 10 added to the header and sends it to the connection device 14 (15). To do. In the connection device 14 (15), the control unit 21 assigns the address conversion table 31 (41) stored in the conversion table storage unit 22 based on the device identifier assigned to the packet, and the permission list stored in the permission list storage unit 23. 51, the corresponding communication address is specified, and a packet with the communication address added to the header is transmitted via the first communication unit 112.

  Further, the local controller 97 (98) instructs to control each of the equipment devices 16-1 to 16-m (17-1 to 17-n) based on the control information transmitted from the remote management device 10. A signal is produced | generated and each equipment 16-1-16-m (17-1-17-n) is controlled.

  The connection device 14 (15) thus configured can be configured as application software installed in the local controller 97 (98).

  The modems 95 and 96 can be configured to be included in the local controllers 97 and 98, respectively. For example, the first communication unit 112 in FIG. 11 can be configured to include a modem function.

  It is also possible to insert the connection devices 14 and 15 as a single hardware configuration between the modems 95 and 96 and the local controllers 97 and 98, respectively.

  In the remote management system according to the present invention, a configuration in which the connection device 11 is built in a firewall for controlling communication with the outside is shown as a second embodiment.

  FIG. 12 is a configuration diagram of a remote management system according to the second embodiment. Hereinafter, description overlapping with that of the first embodiment will be omitted, and description will be made focusing on the features of the second embodiment.

  The remote management system according to the second embodiment includes a remote management device 10, a firewall 91, modem routers 93 and 94, modems 95 and 96, local controllers 97 and 98, equipment devices 16-1 to 16-m, 17-1 to 17 Consists of -n.

  The remote management device 10 according to the second embodiment is different from the remote management device 10 according to the first embodiment in that the configuration of the connection device 11 is not included.

  The firewall 91 is connected to each of the communication carriers 12 and 13 to be connected via modem routers 93 and 94, respectively. The firewall 91 prevents unauthorized access from the outside by performing packet filtering, and is configured by a single hardware here.

  The firewall 91 has the configuration of the connection device 11. The connection device 11 included in the firewall 91 may have the configuration of the connection device 11 of the first embodiment shown in FIG. 2 or the configuration of the connection device 11 of the second embodiment shown in FIG.

  The configurations of the modem routers 93 and 94, the local controllers 97 and 98, and the modems 95 and 96 are the same as those of the first embodiment, and detailed description thereof is omitted here.

  In the case of the configuration of the second embodiment, it is not necessary to install individual firewalls for the communication carriers 12 and 13, and a single firewall can support a plurality of communication carriers.

  Such a firewall 91 can be incorporated in the remote management device 10 together with the connection device 11. In this case, application software installed in the remote management device 10 together with the firewall 91 and the connection device 11 is also possible. It is also possible to configure.

  When the communication carrier 12 (13) dynamically changes the private address, the address change on the equipment side (local controllers 97, 98) is performed from the connection device 14 (15) on the local controller 97 (98) side by the remote management device. 10 is sent as an address change notification. When the connection device 11 on the remote management device 10 side receives the address change notification from the connection device 14 (15) on the local controller 97 (98) side, it updates the corresponding address conversion table in the conversion table storage unit 22, When a communication request is generated from the remote management device 10, communication to a normal communication destination is possible.

  Further, when the private address set in the remote management device 10 is changed, if the number of local controllers connected to this system is relatively small, the connection device 11 to the connection device 14 on the equipment side, An address change notification can be transmitted to 15 by multicast and a private address set on the remote management device 10 side can be notified.

  If the number of equipment or local controllers 97 and 98 connected to this remote management system is very large, the amount of packets for sending address change notifications will increase and it will take a long time for communication. The If the local controller 97 (98) makes a communication request to the remote management device 10 while transmitting the address change notification, normal communication may not be possible. As a method for solving such inconvenience, the configuration of the third embodiment will be described below.

  FIG. 13 is a configuration diagram for explaining the configuration of the third embodiment.

  In the remote management system according to the third embodiment, the equipment devices 16-1 to 16-m are connected to the communication carrier 12 via the modem 95 and the local controller 97.

  The remote management device includes two servers, a master and a slave, which are referred to as a remote management device master 131 and a remote management device backup 132, respectively. The remote management device master 131 is connected to the communication carrier 12 via a firewall 91 and a modem router 93 that incorporate the connection device 11. Further, the remote management device backup 132 is connected to the communication carrier 12 via a firewall 133 and a modem router 135 incorporating the connection device 134.

  When the local controller 97 makes a communication request to the remote management apparatus master 131, if normal communication is not possible, a setting is made so that a communication request to the remote management apparatus backup 132 is made.

  In addition, when the private address set in the remote management device master 131 is changed, an address change notification indicating that the address has been changed is sent to the connection device 134 on the remote management device backup 132 side together with the changed private address. Send.

  If there is a communication from the local controller 97 to the remote management device master 131 and the remote management device master 131 has an address change and communication is impossible, the local controller 97 sets the communication address on the remote management device backup 132 side. Communicate with it. In response to the communication request from the local controller 97, the connection device 134 on the remote management device backup 132 side transmits the changed private address of the remote management device master 131 to the connection device 14 of the local controller 97. Further, the connection device 134 on the remote management device backup 132 side transmits the communication request received from the local controller 97 to the connection device 11 of the remote management device master 131.

  The connection device 14 of the local controller 97 that has received the changed private address on the remote management device master 131 side from the connection device 134 on the remote management device backup 132 side updates the address conversion table in the conversion table storage unit 22, and thereafter Communication is performed using the changed communication address.

  When the connection device 134 on the remote management device backup 132 side receives a communication request from the connection device 14 of the local controller 97, if there is no change in the private address on the remote management device master 131 side, the remote management device master 131 Therefore, the communication request is transmitted to the remote monitoring device backup 132, and communication on the backup side is started.

  Also, when a communication request from the remote management device master 131 to the local controller 97 occurs first, a notification that the communication address of the remote management device master 131 has been changed is sent to the local controller 87 side. 14 and then start communication.

  When multiple local controllers are connected to one connection device on the equipment side, and the communication carrier sets a private address for each local controller, specify each equipment connected to each local controller. I can't. In such a case, by adding a part of the device identifier to the packet transmitted to the communication carrier and transmitting the packet, the remote management device can directly communicate with each facility device.

  FIG. 14 is a configuration diagram for explaining the fourth embodiment.

  In the remote management system according to the fourth embodiment, the remote management device 10 is connected to the communication carrier 12 via the first connection device 11, the firewall 91, and the modem router 93. The second connection device 14 on the facility equipment side is connected to the communication carrier 12 via the modem 95. The second connection device 14 is connected to local controllers 97 and 98 that control the equipment devices 16-1 to 16-m and 17-1 to 17-n, respectively.

  In this remote management system, it is assumed that a private address complying with IPv4 is set as the device identifier set for each facility device, and the device identifier (for each of the local controllers 97 and 98 connected to the second connection device 14 is shown). 150.35.10.0) and (150.35.20.0) shall be set. Further, it is assumed that the communication carrier 12 sets private addresses “192.168.1.1” and “192.168.1.2” in the local controllers 97 and 98 connected to the second connection device 14, respectively. FIG. 15 shows an example of an address conversion table managed in the first connection device 11 in this case.

  As shown in FIG. 15, the address conversion table 151 includes items of a device identifier column 152 and a private address column 153.

  The address conversion table 151 is created for each communication carrier, and stores the correspondence between the device identifier of the device connected to each communication carrier and the private address set in the device. It is the same. In particular, the device identifier field 152 stores a device identifier representing the equipment connected to the second connection device 14, and when an IPv4-compliant private address is set as the device identifier, An address portion common to a predetermined equipment group can be used as a representative identifier. For example, as shown in the figure, “150.35.10” is stored in the device identifier column 152 as a representative identifier for the equipment device group having the same upper 24 bits.

  The private address column 153 stores private addresses set by the communication carrier 12 for the local controllers 97 and 98. In the illustrated example, the private address set by the communication carrier is '192.168.1.1' for the local controller 97 representing the equipment group to which the device identifier '150.35.10.x' is assigned. Is shown. This example also shows a case where the private address set by the communication carrier is an address compliant with IPv4.

  As a result, the communication request whose destination address is specified by the device identifier “150.35.10.x” by the remote management device 10 is transmitted to the first connection device 11 by the communication carrier 12 to which the corresponding equipment is connected. It is transmitted as a communication request converted with the set private address '192.168.1.1' as the communication destination address, and the first connection device 11 uses the sub-identifier among the device identifiers specified as the transmission destination of the communication request. The communication request packet is inserted as a header, and the communication request packet is transmitted to the converted communication destination address.

  The second connection device 14 includes an address conversion table that represents the correspondence between the private address set by the communication carrier and the device identifier set for each facility device.

  FIG. 16 is an explanatory diagram illustrating an example of an address conversion table managed by the second connection device 14.

  As shown in FIG. 16, the address conversion table 161 managed by the second connection device 14 includes a private address column 162, a sub-identifier column 163, and a device identifier column 164.

  The private address column 162 stores a private address set by the communication carrier 12 for the equipment connected directly to the network provided by the communication carrier 12. The sub-identifier column 163 stores sub-identifiers set on the remote management apparatus 10 side for equipment that is not directly connected to the network provided by the communication carrier 12. In the device identifier column 164, device identifiers set for each facility device by the remote management device 10 are stored.

  The second connection device 14 specifies the device identifier of the equipment from the sub-identifier attached to the communication request transmitted via the communication carrier 12, and converts the communication destination address of the communication request packet into the specified device identifier. And send it to the relevant equipment. For example, in the example of FIG. 16, the communication request transmitted to the private address '192.168.1.1' set by the communication carrier 12 is one of the equipment devices having the device identifier '150.35.10.x'. It is possible to specify that the communication request is transmitted to the device identifier '150.35.10.1' from the sub-identifier '1' attached in the communication request packet. it can.

  In the second connection device 14, the communication carrier 12 is provided with an address conversion table of private addresses set for the local controllers 97 and 98 representing each facility device group and device identifiers set for each facility device. Thus, communication is possible when a communication request is made from any one of the equipment groups to any equipment in the other equipment group. Such a configuration may cause a security problem when the contractors of each equipment group are different. For this reason, the second connection device 14 includes a permission list for determining whether or not to permit communication between the communication source and the communication destination.

  FIG. 17 is an explanatory diagram of an example of a permission list.

  The permission list 171 is a table indicating whether or not communication between facility devices is permitted, and includes a communication source identifier field 172 for storing a communication source device identifier, and a communication destination identifier for storing a communication destination device identifier. A column 173 and a flag column 174 for storing a flag indicating whether to permit or reject communication between equipment devices are provided.

  The communication source identification field 172 stores the device identifiers set in the equipment devices 16-1 to 16-m and 17-1 to 17-n set by the remote management device 10. For example, when the upper 24 bits of the device identifiers of the equipment devices 16-1 to 16-m connected to the local controller 97 are “150.35.10”, the communication source identifier field 172 contains “150.35.10”. .x "is stored.

  Similarly, in the communication destination identification column 173, the device identifiers set in the equipment devices 16-1 to 16-m and 17-1 to 17-n set by the remote management device 10 are stored. For example, when the upper 24 bits of the device identifiers of the equipment devices 17-1 to 17-m connected to the local controller 98 are “150.35.20”, “150.35.20” is displayed in the communication destination identifier field 172. .x "is stored.

  The flag column 174 stores a flag indicating whether communication is permitted or rejected for the combination of the device identifier stored in the communication source identifier column 172 and the device identifier stored in the communication destination identifier column 173. . In the example shown in the figure, “1” is set for the combination of equipment that permits communication, and “0” is set for the combination of equipment of the device that refuses communication. .

  In the case where it is possible to collectively specify the facility device as the communication destination and the facility device as the communication source for each facility device group, it is possible to adopt a configuration like the permission list 171 described above. When setting whether to permit communication between individual facility devices, a combination of each device identifier as a communication source identifier and a communication destination identifier can be configured as a permission list.

  Such a permission list 171 is created for each connection device and is managed by the remote management device 10. The remote management device 10 can be configured to transmit the permission list 171 to the connection device in response to a request from the connection device or as necessary when a change occurs.

  In the above-described embodiment, the address conversion table and the permission list are configured to be managed on the remote management device 10 side and transmitted to each connection device as necessary. When the number of local controllers connected to this remote management system becomes very large, each of the equipment devices 16-1 to 16-m, 17-1 to 17-n has a communication function and the remote management device 10 In the case of directly performing the data communication, a communication destination address is given to a very large number of apparatuses. In such a case, if the address conversion table or the permission list is transmitted to all the devices having the communication function, there is a possibility that the network band is monopolized. Therefore, a common address conversion table and a permission list are transmitted for each of a plurality of connection devices or devices having a plurality of communication functions, and stored in a predetermined connection device, or stored in a predetermined storage unit, The address translation table and the permission list can be referred to based on access from each device.

  The remote management device 10 manages a permission list as to whether or not to permit all communication with each device connected in the remote management system as a transmission source and transmission destination, and one or a plurality of connection devices A common permission list is transmitted to a predetermined connection device or a predetermined storage unit.

In the remote management system, the following communication can be considered as permitted communication.
・ Remote management device from all equipment.
-All equipment from maintenance terminals operated by maintenance personnel.
-The management terminal of the building manager from each equipment.
-Equipment used by tenants to equipment used by tenant management terminals and affiliated tenants.
-Equipment used from the equipment remote control in each room.
・ Reject other than the above permitted communications.

  In a building where there are a plurality of different chain stores or where there are a plurality of building managers, it is possible to assume a case where each facility device is managed by a common connection device. Even in such a case, it is necessary to determine whether or not to permit communication based on the permission list in order to maintain the security between the facility devices.

  Of the permission list managed on the remote management device 10 side, only the permission list common to a plurality of connection devices or equipment is transmitted to and stored in a predetermined connection device or predetermined storage means. It is possible to reduce the resource of each facility.

  It is possible to configure not only the permission list but also the address conversion table in a similar manner so that only the address conversion table of the related device identifier is transmitted to a predetermined connection device or a predetermined storage means.

  It is also conceivable to construct a conversion table in which the address conversion table and the permission list are integrated. In this case, communication between the device stored in the communication source identifier column, the communication destination identifier column, the private address column corresponding to the communication destination identifier, and the device stored in the communication source identifier column is performed. It can be composed of a flag field for storing whether or not to permit.

  The present invention can be applied to a remote management system that remotely manages equipment such as air conditioners and lighting equipment, and is particularly suitable when a plurality of equipment groups are connected to the same remote management system. Data communication and high security can be maintained.

DESCRIPTION OF SYMBOLS 10 Remote management apparatus 11 Connection apparatus 12, 13 Communication carrier 14, 15 Connection apparatus 16-1 to 16-m, 17-1 to 17-n Equipment

JP 2001-345843 A

Claims (3)

Remote devices in which a plurality of devices and a remote management device that remotely manages the plurality of devices are connected via a network, and connection devices are inserted between the remote management device and the network, and between the plurality of devices and the network, respectively. A management system,
The connecting device is
An address conversion table for associating the device identifier for identifying the remote management device and the plurality of devices with a communication address set in the remote management device and the plurality of devices by a communication carrier providing the network; A conversion table storage for storing each carrier;
A permission list storage unit that stores a communication permission list indicating whether or not to permit communication between the plurality of devices;
A communication request receiver that receives a communication request using the device identifier from any of the remote management device and the plurality of devices;
Based on the communication request received by the communication request receiving unit, the address conversion table and the communication permission list are referred to, and the communication address in the corresponding communication carrier in the address conversion table is permitted in the communication permission list. An address conversion unit that determines this as a communication destination address of the communication request,
A communication unit that starts communication based on a communication request received by the communication request reception unit, using a communication destination address determined by the address conversion unit;
A remote management system comprising:   A control signal which is provided with a local controller connected to the plurality of devices for each one or a plurality of groups, the local controller being connected to the network via the connection device and transmitted from the remote management device; The remote management system according to claim 1, wherein a plurality of devices in a corresponding group are controlled based on the information. In a remote management system in which a plurality of devices and a remote management device that remotely manages the plurality of devices are connected via a network, the remote management device is inserted between the remote management device and the network, and between the plurality of devices and the network, respectively. A connecting device,
An address conversion table for associating the device identifier for identifying the remote management device and the plurality of devices with a communication address set in the remote management device and the plurality of devices by a communication carrier providing the network; A conversion table storage for storing each carrier;
A permission list storage unit that stores a communication permission list indicating whether or not to permit communication between the plurality of devices;
A communication request receiver that receives a communication request using the device identifier from any of the remote management device and the plurality of devices;
Based on the communication request received by the communication request receiving unit, the address conversion table and the communication permission list are referred to, and the communication address in the corresponding communication carrier in the address conversion table is permitted in the communication permission list. An address conversion unit that determines this as a communication destination address of the communication request,
A communication unit that starts communication based on a communication request received by the communication request reception unit, using a communication destination address determined by the address conversion unit;
A connection device comprising:

Images