JP2017229100A - Apparatus information collection system and apparatus information collection method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an apparatus information collection system and an apparatus information collection method, capable of reducing security risks and easily managing an information apparatus.SOLUTION: A collection server 1 comprises: a timing management unit 12 which manages timing of collecting information of an information apparatus connected to a first local communication device 4; an instruction unit 13 which transmits connection instruction information for instructing connection between a center communication device 3 and a first local communication device 4 by a VPN to the center communication device at the timing instructed by the timing management unit 12; and a collection unit 14 which collects information indicating a state of the information apparatus connected to the first local communication device 4 via the center communication device 3. The center communication device 3 includes a center communication unit 33 which connects the center communication device 3 and the first local communication device 4 by the VPN on the basis of first center setting information used for VPN connection when receiving the connection instruction information. The first local communication device 4 includes a local communication unit 43 which relays data transmitted and received between a plurality of information apparatuses 5 communicably connected with each other and the center communication device 3.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a device information collection system and a device information collection method.

  2. Description of the Related Art Conventionally, SNMP (Simple Network Management Protocol) is used as a method for managing information devices such as network devices, servers, and terminals connected to a local network of an office such as a company. By using SNMP, for example, status monitoring, resource monitoring, performance monitoring, and traffic monitoring of information devices such as network devices, servers, and terminals can be performed (see, for example, Non-Patent Document 1 and Non-Patent Document 2). .

SNMP is [Search February 17, 2014], Internet <http://www.webnms.jp/solutions/snmp.html> SNMP to automate monitoring (1), [Search February 17, 2014], Internet <http://www.atmarkit.co.jp/ait/articles/0302/19/news001.html>

  Conventionally, these information devices have been managed by a local network administrator. However, since there are various management items for information equipment, managing the information equipment has been a burden on the administrator. As a method for solving this problem, a method of entrusting management of information equipment to an outside contractor can be considered. In this case, for example, it is conceivable that a communication device capable of VPN connection is installed in the network of an external supplier and the local network, and an SNMP command is transmitted to various information devices in the local network via the VPN.

  However, various setting operations need to be performed in order to enable the VPN connection of the communication apparatus installed in the local network. When the administrator of the local network performs various setting operations, it is a burden on the administrator, and when various setting operations are performed by an outside contractor, it is necessary to go to the site and perform the setting, which increases the installation cost. There was a problem.

  In addition, the VPN connection between the network of the external supplier and the local network only needs to be established when acquiring information related to information devices on the local network, and the VPN connection continues to be established at other times. Was a security risk for companies.

  The present invention has been made in view of these points, and provides a device information collection system and a device information collection method capable of reducing security risks and easily managing information devices. Objective.

  A device information collection system according to a first aspect of the present invention is a device information collection system comprising a center communication device, a first local communication device, and a collection server connected to each other via a network. 1 local communication apparatus has a local communication part which relays the data transmitted / received between the some information apparatus connected so that communication was possible, and the said center communication apparatus, The said collection server is a said 1st local communication apparatus A timing management unit that manages the timing of collecting information of information devices connected to the network, and instructs the center communication device to make a VPN connection with the first local communication device at the timing indicated by the timing management unit. Connected to the first local communication device via the instruction unit for transmitting connection instruction information to be transmitted and the center communication device. A collection unit that collects information indicating a state of the information device, and the center communication device stores first center setting information used when the center communication device makes a VPN connection to the first local communication device. And a center communication unit that, when receiving the connection instruction information, performs a VPN connection with the first local communication device based on the first center setting information stored in the center storage unit.

  The device information collection system further includes a VPN management server, and the VPN management server transmits a setting information storage unit that stores the first center setting information and the first center setting information to the center communication device. The center storage unit may store the first center setting information received from the VPN management server.

  The network management system further includes a second local communication device connected to the network, and the instruction unit of the collection server sends the center communication device to the second local communication device at a predetermined timing to the VPN. A connection change instruction to be connected is transmitted, and the setting information transmission unit of the VPN management server transmits second center setting information used for VPN connection with the second local communication device to the center communication device. The center storage unit stores the second center setting information received from the VPN management server, and the center communication unit establishes a VPN connection with the first local communication device when the connection change instruction is received. If so, the VPN connection may be disconnected and the second local communication device may be connected to the VPN.

  The VPN management server further includes an identification information storage unit that stores identification information of the first local communication device, and the setting information storage unit is configured such that the first local communication device makes a VPN connection to the center communication device. First setting information used in the process is further stored, and when the setting information transmission unit receives the identification information from the first local communication device, the setting information transmission unit transmits the first local setting information to the first local communication device. May be.

  Further, the setting information storage unit stores unique information unique to the first local communication device and the first local setting information in association with each other, and the setting information transmission unit receives the first local communication device from the first local communication device. After receiving the identification information and the unique information, the first local setting information associated with the unique information may be transmitted to the first local communication device.

  The collecting unit may start collecting information indicating a state of the information device after a predetermined time has elapsed since the instruction unit transmitted the connection instruction information to the center communication device. .

  The center communication device further includes an acquisition unit that requests the address of the first local communication device from the dynamic DNS and acquires the address of the first local communication device, and the center communication unit acquires the acquired A VPN connection may be established with the first local communication device based on the address of the first local communication device.

  The device information collection method according to the second aspect of the present invention includes a center communication device, a first local communication device, and a collection server connected to each other via a network, wherein the collection server includes the first communication device. In a device information collection method for collecting information on information devices connected to a local communication device, a procedure for determining timing for collecting information on information devices connected to the first local communication device, and at the timing, The collection server transmits a connection instruction information for instructing the center communication device to establish a VPN connection with the first local communication device, and the center communication device responds to the instruction with the first local communication device. Based on the first center setting information used for VPN connection with the communication device, the procedure for VPN connection with the first local communication device, Server, after the procedure for the VPN connection, and a procedure for collecting information indicating a state of the information device connected to the first local communication unit.

  According to the present invention, it is possible to reduce security risks and to easily manage information devices.

1 is a schematic diagram of a device information collection system according to a first embodiment. 2 is a functional configuration diagram of a collection server, a VPN management server, a center communication device, and a first local communication device according to the first embodiment. FIG. It is a sequence diagram which shows the flow of a process until 1st local setting information is memorize | stored in the 1st local communication apparatus which concerns on 1st Embodiment. It is a sequence diagram which shows the flow of a process until the collection server which concerns on 1st Embodiment receives and memorize | stores status information from several information equipment. It is a schematic diagram of the apparatus information collection system which concerns on 2nd Embodiment. It is a sequence diagram which shows the flow of a process until the collection server which concerns on 2nd Embodiment receives and memorize | stores status information from several information equipment. It is a functional block diagram of the collection server which concerns on 3rd Embodiment, a VPN management server, a center communication apparatus, and a 1st local communication apparatus. It is a sequence diagram which shows the flow of a process until the collection server which concerns on 3rd Embodiment receives and memorize | stores status information from several information equipment.

Hereinafter, embodiments of the present invention will be described.
<First Embodiment>
[Outline of Device Information Collection System S]
FIG. 1 is a schematic diagram of a device information collection system S according to the first embodiment.
The device information collection system S includes a collection server 1, a VPN management server 2, a center communication device 3, a first local communication device 4, and a plurality of information devices 5, for example, in an office such as a company It is used for managing a plurality of information devices such as installed computers, printers, and scanners.

  The collection server 1, the VPN management server 2, and the center communication device 3 are installed, for example, in a control center that centrally manages information related to VPN connections, and are connected via a local network such as a LAN provided in the control center. So that they can communicate with each other.

  The first local communication device 4 is a router, for example, and is installed in an office (first office) such as a company. The first local communication device 4 is communicably connected to the VPN management server 2 and the center communication device 3 via a network N such as the Internet. The first local communication device 4 is communicably connected to a plurality of information devices 5 installed in the first office via a local network.

In the device information collection system S, the center communication device 3 stores in advance first center setting information used when making a VPN connection to the first local communication device 4.
First, the collection server 1 transmits, to the center communication device 3, connection instruction information that instructs the center communication device 3 and the first local communication device 4 to make a VPN connection at a predetermined timing.

  When the center communication device 3 receives the connection instruction information, the center communication device 3 makes a VPN connection with the first local communication device 4. Thereafter, the collection server 1 sends SNMP to a plurality of information devices 5 connected to the first local communication device 4 via the VPN in a state where the center communication device 3 and the first local communication device 4 are VPN-connected. A command is transmitted, and status information that is information indicating the status of the information device 5 is collected from the plurality of information devices 5.

  Next, functions of the collection server 1, the VPN management server 2, the center communication device 3, and the first local communication device 4 will be described. FIG. 2 is a functional configuration diagram of the collection server 1, the VPN management server 2, the center communication device 3, and the first local communication device 4 according to the first embodiment. In FIG. 2, description will be made with the network N omitted. In the first embodiment, it is assumed that a fixed IP address is assigned to each of the center communication device 3 and the first local communication device 4.

[Configuration example of collection server 1]
First, the functional configuration of the collection server 1 will be described. The collection server 1 is a computer and includes a CPU, a storage unit, a communication interface, and the like. The collection server 1 includes a storage unit 11, a timing management unit 12, an instruction unit 13, and a collection unit 14.

  The storage unit 11 stores schedule information that defines a schedule for the collection server 1 to collect state information of a plurality of information devices 5 connected to the first local communication device 4. In addition, the storage unit 11 stores state information received by the collection server 1 from the plurality of information devices 5.

  The timing management unit 12 manages the timing of collecting state information from a plurality of information devices 5 connected to the first local communication device 4. Specifically, the timing management unit 12 refers to the schedule information stored in the storage unit 11 and collects status information from a plurality of information devices 5 whose current date and time are connected to the first local communication device 4. It is determined whether or not it is time to perform.

  The instruction unit 13 instructs the center communication device 3 to establish a VPN connection with the first local communication device 4 at the timing indicated by the timing management unit 12. Specifically, the instructing unit 13 determines that the timing management unit 12 determines that the current date and time is the timing (instructing timing) to collect information of the plurality of information devices 5, and the center communication device 3 Connection instruction information for instructing the VPN connection between the center communication device 3 and the first local communication device 4 is transmitted.

  The collection unit 14 transmits an SNMP command to the information device 5 via the center communication device 3 and the first local communication device 4, and thereby the states of the plurality of information devices 5 connected to the first local communication device 4 Collect information. Here, the collection unit 14 transmits an SNMP command to the plurality of information devices 5 after a predetermined time has elapsed since the instruction unit 13 transmitted the connection instruction information to the center communication device 3, and collects the state information. Start. The predetermined time is longer than the time from when the VPN connection between the center communication device 3 and the first local communication device 4 is started until the VPN connection is established. In this way, the collection unit 14 securely collects the state information of the plurality of information devices 5 in a state where the VPN connection between the center communication device 3 and the first local communication device 4 is established. Can do.

  In response to the reception of the SNMP command, the plurality of information devices 5 transmits a response command (Get Response command) as a response to the received command. The collection unit 14 collects response commands received from the plurality of information devices 5 as state information and stores them in the storage unit 11.

[Configuration example of VPN management server 2]
Next, the functional configuration of the VPN management server 2 will be described. The VPN management server 2 is a computer and includes a CPU, a storage unit, a communication interface, and the like. The VPN management server 2 includes a setting information registration unit 21, a setting information storage unit 22, an identification information storage unit 23, and a setting information transmission unit 24.

The setting information registration unit 21 accepts registration of setting information via an input unit (not shown) provided in the VPN management server 2.
Specifically, the setting information registration unit 21 includes the first center setting information used when the center communication device 3 makes a VPN connection to the first local communication device 4, and the first local communication device 4 is connected to the center communication device 3. Registration of first local setting information used for VPN connection is accepted.

  Specifically, the setting information registration unit 21 sets, for example, identification information (for example, a setting name) for identifying each of a plurality of setting information, and an IP address of a VPN connection destination communication device as the setting information setting items. Alternatively, the communication device that performs the name and VPN connection accepts input of an authentication key for authenticating each other. In addition, the setting information registration unit 21 receives an encryption algorithm for encrypting data and an authentication algorithm setting for obtaining a hash value of the data.

  The setting information storage unit 22 stores the first center setting information and the first local setting information received by the setting information registration unit 21. Specifically, the setting information storage unit 22 associates the center communication device 3 and the first local communication with the identification information (for example, the IP address of the communication device) of the center communication device 3 and the first local communication device 4. Each device 4 stores downloadable first center setting information and first local setting information.

  The setting information storage unit 22 stores the MAC address of the communication device as unique information unique to the communication device (the center communication device 3 and the first local communication device 4) and the setting information in association with each other. For example, the setting information storage unit 22 stores the MAC address of the first local communication device 4 and the first local setting information in association with each other.

  Further, the identification information storage unit 23 stores a login ID and a MAC address unique to the communication device in association with each other as the identification information of the communication device. For example, the identification information storage unit 23 stores the login ID and the MAC address of the first local communication device 4 in association with each other as the identification information of the first local communication device 4.

  The setting information transmission unit 24 transmits the first local setting information stored in the setting information storage unit 22 to the first local communication device 4. Specifically, when the setting information transmission unit 24 receives the login ID and the MAC address from the first local communication device 4, is the received login ID and the MAC address stored in association in the identification information storage unit 23? An authentication process, which is a process for determining whether or not, is performed. The setting information transmission unit 24 determines that the authentication is successful when the received login ID and the MAC address are stored in association with each other. Then, the setting information transmission unit 24 transmits the first local setting information associated with the received MAC address in the setting information storage unit 22 to the first local communication device 4.

  In addition, the setting information transmission unit 24 transmits the first center setting information stored in the setting information storage unit 22 to the center communication device 3. Specifically, when accessed from the center communication device 3, the setting information transmission unit 24 transmits the first center setting information to the center communication device 3.

  In addition, when the setting information registration unit 21 registers the setting information, the setting information transmission unit 24 notifies the communication device corresponding to the setting information that the setting information has been changed. Send.

[Configuration Example of Center Communication Device 3]
Next, the functional configuration of the center communication device 3 will be described. The center communication device 3 includes a CPU, a storage unit, a communication interface, and the like. The center communication device 3 includes a center storage unit 31, a center storage control unit 32, and a center communication unit 33.

  The center storage control unit 32 accesses the VPN management server 2 to receive the first center setting information when the center communication device 3 is activated or when the change notification information is received from the center communication unit 33, and receives the first center setting information received. The center setting information is stored in the center storage unit 31. Thereby, the center memory | storage part 31 memorize | stores the received 1st center setting information.

  When the center communication unit 33 receives the connection instruction information from the collection server 1, the center communication unit 33 establishes a VPN connection with the first local communication device 4 based on the first center setting information stored in the center storage unit 31. Specifically, when the first center setting information received from the VPN management server 2 is stored in the center storage unit 31, the center communication unit 33 makes a VPN connection request to the first local communication device 4. For example, the VPN connection request includes an authentication key set in the first center setting information, and authentication based on the authentication key is performed in the first local communication device 4. When the authentication is successful in the first local communication device 4, the center communication unit 33 can access the information device 5 via the first local communication device 4.

[Configuration Example of First Local Communication Device 4]
Next, the functional configuration of the first local communication device 4 will be described. The first local communication device 4 includes a CPU, a storage unit, a communication interface, and the like. The first local communication device 4 includes a local storage unit 41, a local storage control unit 42, and a local communication unit 43.

The local storage unit 41 stores the first local setting information received from the VPN management server 2.
The local storage control unit 42 stores the first local setting information received from the VPN management server 2 in the local storage unit 41 after the first local communication device 4 is installed in the first office.

  Specifically, for example, the local storage control unit 42 receives a login ID from a terminal or the like that is communicably connected in a state where the first local communication device 4 is installed in the first office. The local storage control unit 42 transmits the login ID to the VPN management server 2 and transmits the MAC address of the first local communication device 4. Subsequently, the local storage control unit 42 receives the first local setting information from the VPN management server 2 after succeeding in the authentication of the first local communication device 4 in the VPN management server 2. Subsequently, the local storage control unit 42 stores the received first local setting information in the local storage unit 41.

  The local communication unit 43 receives a VPN connection request from the center communication device 3. This VPN connection request includes the authentication key set in the first center setting information, and the local communication unit 43 is based on the authentication key and the authentication key set in the first local setting information. To authenticate. When the authentication is successful, the local communication unit 43 permits access from the center communication device 3 to the plurality of information devices 5. In addition, the local communication unit 43 makes a VPN connection request to the center communication device 3. The center communication unit 33 of the center communication device 3 performs authentication in response to accepting the VPN connection request from the first local communication device 4, and when the authentication is successful, the first local communication device 4 transfers to the center communication device 3. Allow access. Thereafter, the local communication unit 43 relays data transmitted / received between the plurality of information devices 5 and the center communication device 3.

[sequence]
Next, the flow of processing in the device information collection system S according to the first embodiment will be described. FIG. 3 is a sequence diagram showing the flow of processing until the first local setting information is stored in the first local communication device 4 according to the first embodiment.

  First, the setting information registration unit 21 of the VPN management server 2 accepts registration of first local setting information used when the first local communication device 4 makes a VPN connection to the center communication device 3 (S10).

  Subsequently, the local storage control unit 42 of the first local communication device 4 transmits the login ID and the MAC address to the VPN management server 2. When the setting information transmission unit 24 of the VPN management server 2 receives the login ID and the MAC address from the first local communication device 4, whether or not the login information and the MAC address are stored in association with each other in the identification information storage unit 23. An authentication process is performed to determine (S20).

The setting information transmission unit 24 stores the received login ID and the MAC address in association with each other, and determines that the authentication has succeeded (if the determination in S30 is YES), the first local setting information is set to the first local setting information. Transmit to the local communication device 4.
Subsequently, the local storage control unit 42 of the first local communication device 4 stores the first local setting information received from the VPN management server 2 in the local storage unit 41 (S40).

  FIG. 4 is a sequence diagram showing a flow of processing until the collection server 1 receives and stores state information from the plurality of information devices 5 in the device information collection system S according to the first embodiment. Here, it is assumed that the center communication device 3 stores first center setting information, and the first local communication device 4 stores first local setting information.

  First, the timing management unit 12 of the collection server 1 refers to the schedule information stored in the storage unit 11, and the current date and time indicates the status information of the plurality of information devices 5 connected to the first local communication device 4. It is determined whether it is time to collect (S110). When the timing management unit 12 determines that it is time to collect information of the plurality of information devices 5 (when the determination is YES), the instruction unit 13 determines that the center communication device 3 and the center communication device 3 1 Connection instruction information for instructing to establish a VPN connection with the local communication device 4 is transmitted.

  Subsequently, when receiving the connection instruction information from the collection server 1, the center communication unit 33 performs VPN connection processing with the first local communication device 4 (S120). Specifically, when receiving the connection instruction information, the center communication unit 33 makes a VPN connection request to the first local communication device 4 based on the first center setting information stored in the center storage unit 31. The local communication unit 43 of the first local communication device 4 performs authentication in response to accepting the VPN connection request from the center communication device 3, and when the authentication is successful, the center communication device 3 sends information to the plurality of information devices 5. Allow access. Similarly, the local communication unit 43 of the first local communication device 4 makes a VPN connection request to the center communication device 3. The center communication unit 33 of the center communication device 3 performs authentication in response to accepting the VPN connection request from the first local communication device 4, and when the authentication is successful, the first local communication device 4 transfers to the center communication device 3. Allow access.

  Subsequently, the collection unit 14 of the collection server 1 makes the VPN between the center communication device 3 and the first local communication device 4 when a predetermined time elapses after the instruction unit 13 transmits the connection instruction information to the center communication device 3. It is assumed that they are connected, and an SNMP command is transmitted to the plurality of information devices 5 via the center communication device 3 and the first local communication device 4.

  Here, the collection unit 14 may first collect state information indicating the state of the first local communication device 4 by transmitting an SNMP command to the first local communication device 4. This status information includes, for example, the status of the port used for communication. Based on the status of the port, the collection unit 14 normally performs the VPN connection with the first local communication device 4. It can be determined whether or not. The collection unit 14 may transmit an SNMP command to the plurality of information devices 5 when the VPN connection with the first local communication device 4 is normally performed. When the collection unit 14 collects stepwise state information based on the communication path, the administrator of the collection server 1 has a problem with the information device 5 (or the first local communication device 4). It is possible to easily estimate the background of the trouble. Note that the collection unit 14 may retransmit the connection instruction information to the center communication device 3 by the instruction unit 13 when confirming that the VPN connection is not established. Further, when it is confirmed that the VPN connection is not established, the collection unit 14 may notify the administrator of the collection server 1 that the VPN connection is not established by a display unit (not shown) or the like.

When the local communication unit 43 of the first local communication device 4 receives the state information (response command) from the plurality of information devices 5 (S130), the local communication unit 43 transmits the state information to the collection server 1 via the center communication device 3. .
Subsequently, when the collection unit 14 of the collection server 1 receives the state information, the collection unit 14 stores the state information in the storage unit 11 (S140).

  Here, in response to the determination that the timing management unit 12 determines that the current date and time is the timing for ending the collection of information of the plurality of information devices 5, the instruction unit 13 instructs the center communication device 3 to Disconnection instruction information for instructing to disconnect the VPN connection between the communication device 3 and the first local communication device 4 may be transmitted. In this case, the center communication unit 33 of the center communication device 3 disconnects the VPN connection with the first local communication device 4 in response to receiving the disconnection instruction information.

[Effect in the first embodiment]
As described above, according to the device information collection system S according to the first embodiment, when the collection server 1 instructs the center communication device 3 to make a VPN connection with the first local communication device 4, the center communication device 3 A VPN connection with the first local communication device 4 is established. By doing so, the center communication device 3 and the first local communication device 4 establish the VPN connection only during the time when the VPN connection is required, and thus the security risk can be reduced.

  Further, since the collection server 1 collects state information from the plurality of information devices 5 connected to the first local communication device 4 via the VPN-connected center communication device 3 and the first local communication device 4, The network administrator does not have to collect the status information of the plurality of information devices 5 by himself, and can easily manage the information devices.

  In the device information collection system S, the VPN management server 2 stores setting information used when making a VPN connection, and transmits the first center setting information to the center communication device 3 in response to access from the center communication device 3. Therefore, the VPN management server 2 can centrally manage the setting information used in the center communication device 3.

  Further, the setting information transmission unit 24 of the VPN management server 2 receives the login ID and the MAC address from the first local communication device 4, and receives the first local setting information in response to the successful authentication based on these information. 1 Transmit to the local communication device 4. Therefore, the VPN management server 2 can safely transmit the first local setting information to the first local communication device 4.

<Second Embodiment>
[Collect information from each information device connected to a different network]
Next, the second embodiment will be described. FIG. 5 is a schematic diagram of a device information collection system S according to the second embodiment. The device information collection system S according to the second embodiment further includes a second local communication device 6 connected to the network N. In the device information collection system S according to the second embodiment, the center communication device 3 sequentially connects to different local communication devices with VPN, and collects status information from a plurality of information devices connected to the local devices. It is a thing.

  In the second embodiment, the center communication device 3 disconnects the VPN connection with the first local communication device 4 in response to receiving the connection change instruction for the VPN connection, and the second communication device 6 It differs from the first embodiment in that it performs VPN connection and the collection server 1 collects information indicating the status of a plurality of information devices 7 connected to the second local communication device 6. is there.

  Hereinafter, the device information collection system S according to the second embodiment will be described while describing a sequence showing a processing flow until the collection server 1 receives and stores state information from a plurality of information devices 7. FIG. 6 is a sequence diagram illustrating a processing flow until the collection server 1 according to the second embodiment receives and stores state information from the plurality of information devices 7. The center communication device 3 is assumed to store the first center setting information and the second center setting information used when the center communication device 3 makes a VPN connection with the second local communication device 6. Further, the second local communication device 6 stores second local setting information used when the second local communication device 6 makes a VPN connection with the center communication device 3.

First, it is assumed that the center communication device 3 and the first local communication device 4 are in VPN connection at the start of this sequence (S200).
In this state, the timing management unit 12 of the collection server 1 refers to the schedule information stored in the storage unit 11, and the current date and time is the state of the plurality of information devices 7 connected to the second local communication device 6. It is determined whether it is time to collect information (S210). When the timing management unit 12 determines that it is the timing to collect information of the plurality of information devices 7 (timing for connection switching) (when the determination is YES), the instruction unit 13 causes the center communication device 3 to be in the second local Connection change instruction information for VPN connection to the communication device 6 is transmitted to the center communication device 3. The connection change instruction information includes information instructing to perform a VPN connection using the second center setting information.

  Subsequently, when the center communication unit 33 of the center communication device 3 receives the connection change instruction information from the collection server 1 and makes a VPN connection with the first local communication device 4, the center communication unit 33 disconnects the VPN connection, Based on the second center setting information, VPN connection with the second local communication device 6 is performed (S220). The local communication unit 43 of the second local communication device 6 performs authentication when a VPN connection request is received from the center communication device 3, and when the authentication is successful, permits access to the plurality of information devices 7 from the center communication device 3. . Similarly, the local communication unit 43 of the second local communication device 6 makes a VPN connection request to the center communication device 3. The center communication unit 33 of the center communication device 3 performs authentication in response to receiving the VPN connection request from the second local communication device 6, and when the authentication is successful, the second local communication device 6 transfers to the center communication device 3. Allow access.

  Subsequently, the collection unit 14 of the collection server 1 passes through the center communication device 3 and the second local communication device 6 when a predetermined time has elapsed since the instruction unit 13 transmitted the connection change instruction information to the center communication device 3. The SNMP command is transmitted to the plurality of information devices 7.

When the local communication unit 43 of the second local communication device 6 receives the state information from the plurality of information devices 7 (S230), the local communication unit 43 transmits the state information to the collection server 1 via the center communication device 3.
Subsequently, the collection unit 14 of the collection server 1 stores the received state information in the storage unit 11 (S240).

[Effects of Second Embodiment]
As described above, according to the device information collection system S according to the second embodiment, when the center communication device 3 and the first local communication device 4 are VPN-connected, the collection server 1 is connected to the center communication device 3. When the connection change instruction information is transmitted, the center communication device 3 disconnects the VPN connection with the first local communication device 4 and performs the VPN connection with the second local communication device 6. By doing in this way, the collection server 1 controls the VPN connection of the center communication device 3 even when the plurality of information devices 5 and 7 are connected to different networks, respectively. Status information can be collected from the devices 5 and 7. Further, according to the device information collection system S according to the second embodiment, when managing information devices existing in one network by managing status information from a plurality of information devices 5 and 7 collectively. In comparison, trouble handling cases and the like are abundant, so the administrator on the collection server 1 side can perform high quality management.

<Third Embodiment>
[VPN connection is made based on the address of the first local communication device 4 acquired from the dynamic DNS server 8]
Subsequently, a third embodiment will be described. The third embodiment is different from the first embodiment in that the IP address of the first local communication device 4 is dynamically assigned. The device information collection system S according to the third embodiment further includes a dynamic DNS server 8 that manages an IP address dynamically assigned to the communication device and a host name of the communication device, and includes center communication. The apparatus 3 is different from the first embodiment in that the apparatus 3 acquires the IP address of the first local communication apparatus 4 from the dynamic DNS server 8 and performs VPN connection based on the IP address.

FIG. 7 is a functional configuration diagram of the collection server 1, the VPN management server 2, the center communication device 3, and the first local communication device 4 according to the third embodiment.
In the third embodiment, the center communication device 3 further includes an acquisition unit 34.
The acquisition unit 34 requests the dynamic DNS server 8 for the IP address of the first local communication device 4 and acquires the IP address of the first local communication device 4.

  Specifically, the name of the first local communication device 4 that is the VPN connection destination is stored in the first center setting information in the third embodiment. Here, the name of the first local communication device 4 is, for example, an FQDN (Fully Qualified Domain Name) composed of a combination of a domain name indicating a company and a device name (host name) of the first local communication device 4. ). When the acquisition unit 34 receives the connection instruction information from the collection server 1, the acquisition unit 34 requests the dynamic DNS server 8 to acquire an IP address. Here, the IP address acquisition request includes the name of the first local communication device 4 set in the first center setting information.

When receiving an IP address acquisition request, the dynamic DNS server 8 acquires an IP address corresponding to the name of the first local communication device 4 included in the acquisition request, and transmits the IP address to the center communication device 3. The acquisition unit 34 receives an IP address from the dynamic DNS server 8.
When the acquisition unit 34 receives the IP address, the center communication unit 33 accesses the first local communication device 4 based on the IP address and performs VPN connection with the first local communication device 4.

[sequence]
Next, the flow of processing in the device information collection system S according to the third embodiment will be described. FIG. 8 is a sequence diagram illustrating a processing flow until the collection server 1 according to the third embodiment receives and stores state information from the plurality of information devices 5.

The first local communication device 4 transmits the device name of the first local communication device 4 and the IP address to the dynamic DNS (DDNS) server 8 in response to the assignment of the IP address. The dynamic DNS server 8 registers the IP address of the first local communication device 4 by storing the IP address in association with the device name of the first local communication device 4 (S105).
The process of S110 is the same as the process of S110 of the sequence diagram described in FIG.

When the center communication unit 33 receives the connection instruction information, the acquisition unit 34 requests the dynamic DNS server 8 to acquire the IP address of the first local communication device 4. When receiving the IP address acquisition request, the dynamic DNS server 8 extracts the IP address corresponding to the name of the first local communication device 4 included in the acquisition request (S115), and transmits the IP address to the center communication device 3. . The acquisition unit 34 receives an IP address from the dynamic DNS server 8.
The processing from S120 to S140 is the same as the processing from S120 to S140 in the sequence diagram described in FIG.

[Effect in the third embodiment]
As described above, according to the device information collection system S according to the third embodiment, the center communication device 3 uses the first local communication device 4 based on the IP address of the first local communication device 4 acquired from the dynamic DNS server 8. 4 and VPN connection. Therefore, the device information collection system S can perform the VPN connection without any trouble even if the IP address of the first local communication device 4 is dynamically assigned.

  In the third embodiment, the example in which the dynamic DNS server 8 stores the IP address of the first local communication device 4 has been described. However, the dynamic DNS server 8 determines the name and IP address of the center communication device 3. It may be stored in association. In this case, the local communication unit 43 of the first local communication device 4 transmits the name of the center communication device 3 to the dynamic DNS server 8 during VPN connection processing with the center communication device 3, and the dynamic communication server 8 sends the name of the center communication device. VPN connection processing may be performed by receiving the third IP address.

  As mentioned above, although this invention was demonstrated using embodiment, the technical scope of this invention is not limited to the range as described in the said embodiment. It will be apparent to those skilled in the art that the above-described embodiments can be combined and various modifications or improvements can be added to the above-described embodiments.

  For example, in the above-described embodiment, the VPN connection between the center communication device 3 and the first local communication device 4 has been described. However, the center communication device 3 performs the VPN connection with a plurality of communication devices at the same time. May be. In this case, the center communication device 3 stores setting information related to VPN connection with a plurality of communication devices, and performs VPN connection with the plurality of communication devices based on the setting information. In this case, the collection server 1 may collect state information from information devices connected to the respective communication devices via a plurality of communication devices that are VPN-connected to the center communication device 3.

DESCRIPTION OF SYMBOLS 1 ... Collection server, 11 ... Storage part, 12 ... Timing management part, 13 ... Instruction part, 14 ... Collection part, 2 ... VPN management server, 21 ... Setting information Registration unit, 22 ... Setting information storage unit, 23 ... Identification information storage unit, 24 ... Setting information transmission unit, 3 ... Center communication device, 31 ... Center storage unit, 32 ... Center storage control unit 33 ... Center communication unit 34 ... Acquisition unit 4 ... First local communication device 41 ... Local storage unit 42 ... Local storage control unit 43 ... Local communication unit, 5 ... information device, 6 ... second local communication device, 7 ... information device, 8 ... dynamic DNS server, N ... network, S ... device information collection system

Claims (8)

A device information collection system comprising a center communication device, a first local communication device, and a collection server connected to each other via a network,
The first local communication device has a local communication unit that relays data transmitted and received between a plurality of information devices connected to be communicable and the center communication device,
The collection server
A timing management unit for managing timing of collecting information on information devices connected to the first local communication device;
An instruction unit that transmits connection instruction information for instructing the center communication device to establish a VPN connection with the first local communication device at the timing indicated by the timing management unit;
A collection unit that collects information indicating a state of the information device connected to the first local communication device via the center communication device;
Have
The center communication device is
A center storage unit that stores first center setting information used when the center communication device makes a VPN connection to the first local communication device;
When receiving the connection instruction information, based on the first center setting information stored in the center storage unit, a center communication unit for VPN connection with the first local communication device,
Having
Device information collection system. A VPN management server,
The VPN management server
A setting information storage unit for storing the first center setting information;
A setting information transmission unit that transmits the first center setting information to the center communication device;
The center storage unit stores the first center setting information received from the VPN management server.
The device information collection system according to claim 1. A second local communication device connected to the network;
The instruction unit of the collection server transmits a connection change instruction to connect the center communication device to the second local communication device at a predetermined timing to the center communication device,
The setting information transmission unit of the VPN management server transmits second center setting information used for VPN connection with the second local communication device to the center communication device,
The center storage unit stores the second center setting information received from the VPN management server,
When the center communication unit receives the connection change instruction and is connected to the first local communication device with a VPN, the center communication unit disconnects the VPN connection and connects to the second local communication device with a VPN.
The device information collection system according to claim 2. The VPN management server further includes an identification information storage unit that stores identification information of the first local communication device,
The setting information storage unit further stores first local setting information used when the first local communication device makes a VPN connection to the center communication device,
The setting information transmission unit transmits the first local setting information to the first local communication device when receiving the identification information from the first local communication device.
The device information collection system according to claim 2 or 3. The setting information storage unit stores unique information unique to the first local communication device and the first local setting information in association with each other,
The setting information transmission unit transmits the first local setting information associated with the unique information to the first local communication device after receiving the identification information and the unique information from the first local communication device. ,
The device information collection system according to claim 4. The collection unit starts collecting information indicating a state of the information device after a predetermined time has elapsed since the instruction unit transmits the connection instruction information to the center communication device.
The device information collection system according to any one of claims 2 to 5. The center communication device further includes an acquisition unit that requests the address of the first local communication device from the dynamic DNS and acquires the address of the first local communication device.
The center communication unit makes a VPN connection with the first local communication device based on the acquired address of the first local communication device.
The device information collection system according to any one of claims 1 to 6. Equipment for collecting information of information equipment connected to the first local communication device by the collection server using a center communication device, a first local communication device, and a collection server connected to each other via a network An information collection method,
A procedure for determining a timing for collecting information of an information device connected to the first local communication device;
At the timing, the collection server transmits connection instruction information for instructing the center communication device to establish a VPN connection with the first local communication device;
In accordance with the instruction, the center communication device makes a VPN connection with the first local communication device based on first center setting information used when making a VPN connection with the first local communication device;
A step of collecting information indicating a state of the information device connected to the first local communication device after the step of connecting the VPN by the collection server;
A device information collecting method comprising:

Images