JP2019083034A - Remote apparatus management system - Google Patents

Abstract

To make it possible to avoid an increase in a burden of management jobs on a network manager and a deterioration in network security even in an environment in which a mediation device communicates in a communication mode different from communication modes of electronic apparatuses.SOLUTION: A CPU 44 of a communication adapter (mediation device) 21 previously sets execution order of communication in each communication mode of a plurality of communication modes including security communication modes (a transport mode and a tunnel mode in an IPsec communication mode) used for apparatus search, sequentially executes communication in each communication mode with each electronic apparatus registered as a management object apparatus, performs apparatus search to acquire apparatus information in a communication mode capable of communication from each electronic apparatus, and associates the apparatus information obtained by the apparatus search with a communication mode at the time of acquisition of the apparatus information and retains it as communication related information in a RAM 46.SELECTED DRAWING: Figure 3

Description

  The present invention relates to each electronic device by the management device via a communication device (communication adapter) which communicates with each electronic device such as one or more respective OA devices (for example, a copying machine, a facsimile machine, a printer or a printing machine). Remote device management system for remotely managing

  As shown in, for example, Patent Document 1, as a remote device management system, an image forming apparatus (OA device) such as a copying machine installed in an office of a user (customer) or the like is used as an intermediary device (management terminal) and a communication line. 2. Description of the Related Art A remote device management system that can be used and connected to a management device (center system) installed in a service center or the like is generally known.

  On the other hand, in recent years, with the improvement of security awareness of information, encryption of data flowing on a LAN (Local Area Network) or a WAN (Wide Area Network) has come to be used. Therefore, in addition to communication by HTTPS (Hypertext Transfer Protocol Security) performed in the transport layer, communication by communication mode (communication method) of IPsec (IP Security Protocol) that performs encryption in the network (IP) layer is VPN (Virtual Protocol). With the spread of Private Network, etc., it has come to be performed many times.

Here, the IPsec communication mode will be briefly described.
There are two IPsec communication modes: "transport mode" and "tunnel mode". In the transport mode, encryption (or authentication) processing of only the data portion of an IP packet (hereinafter, also simply referred to as "packet") is performed. In tunnel mode, encryption (or authentication) processing of both the header information and the data part of the packet is performed. The receiver of the encrypted packet needs to decrypt the packet by a device compatible with IPsec.

  IPsec is also used in communication with OA devices connected to a network environment such as a LAN in an office. However, since encryption (or authentication) processing is performed at the IP level in IPsec communication (encrypted communication in the communication mode of IPsec), OA devices that perform IP communication and OA devices that perform IPsec communication are mixed in an office environment. May be installed. In addition, even if only OA equipment that performs only IPsec communication is installed, communication using a tunnel mode is used when communicating via a router because it is a different network segment, and transport mode is used for the same network segment. Need to communicate.

Therefore, according to the conventional remote device management system that manages maintenance of the OA device and the like, in the case where the mediation device communicates with a plurality of OA devices in different communication modes, the following (1) to (1) The problem shown in (3) occurs.
(1) A network administrator consumes a great deal of effort to manage OA devices connected on the network.
(2) The configuration management of the OA device is not performed for the new introduction of the OA device to the customer site, so the operation status of the OA device can not be grasped, and the burden on the customer's business may occur. is there.
(3) If OA equipment that performs IP communication and OA equipment that performs IPsec communication coexist due to the new introduction of OA equipment to customers, each OA equipment can not be managed. Will lower the security level of the network.

  The present invention has been made in view of the above problems, and the management device and one or more electronic devices can communicate with each other via the communication device, and the management device can perform the electronic communication via the communication device. In a remote device management system that remotely manages devices, even if the communication device communicates with electronic devices such as a plurality of OA devices in a different communication mode, the burden on management tasks by the network administrator increases, and network security Can be avoided, and even when the setting of the communication mode is changed in the electronic device, the communication device can not be disabled from communication and the number of times of device search processing on the communication device side is reduced. The purpose is

The present invention provides a remote device management system in which a management device and one or more electronic devices can communicate via a communication device, and the management device remotely manages the electronic device via the communication device by the management device. To achieve the purpose
The communication apparatus sequentially executes communication in a plurality of different communication methods with respect to the one or more electronic devices, and when there is a response, the device information is transmitted from the electronic device by the communication method in which the response is received. Device information acquisition means to be acquired, storage means for associating the device information with the communication method at the time of acquisition of the device information when the device information acquisition means acquires the device information, and holding in the storage means Communication related information transmitting means for transmitting the determined communication related information to the management device;
The management apparatus is provided with communication related information managing means for storing and managing the communication related information when the communication related information is received from the communication apparatus.

Furthermore, the communication device may be provided with setting means for setting an execution order of communication in each of the plurality of different communication methods used by the device information acquisition means.
Further, the setting means of the communication apparatus may include means for setting whether or not to execute communication in each of the communication methods used by the device information acquisition means.

  In these remote device management systems, communication status check means for checking the communication status with the one or more electronic devices in the communication device, and the one or more electronic devices as a result of the check by the communication status check means When communication with any one of the above is not possible, the device information acquisition means sequentially executes communication with a plurality of different communication methods to the one or more electronic devices, and when there is a response, It is preferable to provide a means for starting processing for acquiring device information from the electronic device according to the communication method in which the response has been made.

  Alternatively, in the management apparatus, communication state check means for checking the communication state with the one or more electronic devices and communication with any one of the one or more electronic devices as a result of the check by the communication state check means When it becomes impossible, the device information acquisition unit sequentially executes communication with a plurality of different electronic devices with respect to the communication device, and a response is received. There may be provided means for starting processing for acquiring device information from the electronic device according to the communication method in which the response has been made.

Further, each communication method may be an IP communication mode and an IPsec communication mode which is a security communication mode.
In that case, it is preferable to have a transport mode and a tunnel mode as the IPsec communication mode.

  According to this invention, in the remote device management system, the management device and one or more electronic devices can communicate via the communication device, and the management device remotely manages the electronic device via the communication device by the management device, Even in an environment where the communication device communicates with one or more electronic devices in a different communication mode, it is possible to avoid an increase in the burden of management operations by the network administrator and a decrease in network security, and Even when the setting of the communication mode is changed, communication with the communication device is not disabled, and the number of times of device search processing on the communication device side can be reduced.

FIG. 1 is a block diagram showing a configuration example of a remote device management system according to the present invention. It is a block diagram which shows the structural example of the server 3a of FIG. It is a block diagram which shows the structural example of the communication adapter 21 of FIG. FIG. 2 is a block diagram showing an example of configuration of a control system of copying machines 13 and 23 of FIG. 1; It is a flowchart which shows an example of the content of the search condition setting process by the communication adapter 21 shown in FIG. FIG. 14 is a flow chart showing an example of the contents of the device search process as well. It is a figure for similarly describing a specific example of device search processing. FIG. 5 is a flow chart showing an example of contents of communication mode setting change processing by the copying machine 23 shown in FIG. 4; It is a flowchart which shows an example of the content of the communication related information update process by the communication adapter 21 shown in FIG. FIG. 7 is a diagram for describing a specific example of processing relating to setting change of the communication mode by the copying machine 23 and the communication adapter 21 when the setting change of the communication mode is instructed by the copying machine 23 of FIG. It is a flowchart which shows an example of the content of the setting change information transmission process of the communication mode by the center system 1 shown in FIG. It is a flowchart which shows the other example of the content of the communication related information update process by the communication adapter 21 shown in FIG. FIG. 8 is a diagram for describing a specific example of processing related to setting change of the communication mode by the center system 1, the communication adapter 21 and the copying machine 23 when the setting change of the communication mode is instructed in the center system 1 of FIG. It is a flowchart which shows an example of the content of the security information selection * transmission process by the communication adapter 21 shown in FIG. FIG. 5 is a flow chart showing an example of contents of security information update processing by the copying machine 23 shown in FIG. 4; FIG. 7 is a diagram for describing a specific example of processing regarding updating of security information by the communication adapter 21 and the copying machine 23 when selection of security information is instructed by the communication adapter 21 of FIG. 1; It is a flowchart which shows an example of the content of the security information selection * transmission process by the center system 1 shown in FIG. It is a flowchart which shows an example of the content of the security information transmission process by the communication adapter 21 shown in FIG. FIG. 8 is a diagram for describing a specific example of processing related to updating of security information by the center system 1, communication adapter 21 and copying machine when selection of security information is instructed in the center system 1 of FIG. 1;

Hereinafter, the best mode for carrying out the present invention will be specifically described based on the drawings.
FIG. 1 is a block diagram showing a configuration example of a remote device management system (image forming apparatus management system) according to the present invention.
The remote device management system includes a center system 1 as a central management device (also referred to simply as a “management device”) installed in a service center, and an electronic device installed in each customer site (user side) A, B. It consists of a group of devices.

The center system 1 includes a router 2, a plurality of servers 3a and 3b, and a network 4 such as a LAN for communicably connecting them.
The customer site A includes a router 11, a communication adapter (communication device) 12 communicably connected to the center system 1 via the router 11 and the Internet 5, and OA devices such as a copying machine 13 and a printer 14 which are electronic devices. A network segment is configured by (image forming apparatus) and a network 15 such as a LAN for communicably connecting the OA device, the router 11, and the communication adapter 12 to each other.

  The customer site B has a communication adapter (communication device) 21 communicably connected to the center system 1 via the public communication network 6 and the access point 7, a facsimile (FAX) device 22 which is an electronic device, a copying machine 23, A network 25 such as a LAN for communicably connecting the communication adapter 21, the copying machine 23, and the printer 24 to each other and an OA device such as the printer 24 are communicably connected to the communication adapter 21 and the facsimile apparatus 22. A network segment is configured by a dedicated I / F 26 by a wired connection.

FIG. 2 is a block diagram showing a configuration example of the server 3a of FIG.
The server 3a comprises a CPU 31, a real time clock circuit 32, a ROM 33, a RAM 34, an external memory control unit 35, a network I / F unit 36, a hard disk drive (hereinafter abbreviated as "HDD") 37 and the like. In addition, since the server 3b is also the same structure as the server 3a, illustration and description of each part other than the network I / F unit 36 will be omitted.

The CPU 31 is a central processing unit that generally controls the entire server 3 a by a control program in the ROM 33.
The real time clock circuit 32 generates time information, and the CPU 31 can know the current time by reading it.
The ROM 33 is a read only memory storing various fixed data including control programs used by the CPU 31.
The RAM 34 is a readable / writable memory used as a work memory or the like used when the CPU 31 performs data processing.

The external memory control unit 35 performs interface control with the HDD 37.
The network I / F unit 36 performs interface control with other servers 3 b and routers 2 connected to the network 4.
The HDD 37 is a storage unit capable of storing various types of information including communication related information and security information described later as DB (database). The server 3a may be provided with a non-volatile memory to store various information.

  Here, the CPU 31 of the servers 3a and 3b operates according to the control program in the ROM 33, and inputs information such as various instructions from a terminal device such as a PC (personal computer) not shown, the RAM 34, and the external memory control unit 35. By controlling the network I / F unit 36, the HDD 37, etc., communication state check means, device search request transmission means, communication related information management means, communication related information update means, setting change, which are various functions related to the present invention It is possible to realize functions as an instruction means, a setting change information transmission means, a security information holding means, a security information selection means, a security information change destination selection means, and a security information transmission means.

  Alternatively, a disk device such as a flexible disk device or an optical disk device is built in or externally attached to the server 3a, 3b, and control is recorded on a recording medium (flexible disk or a disk such as an optical disk) inserted by the disk device. The various functions can be realized by reading a program, installing it in a built-in HDD or RAM, and operating according to the control program.

FIG. 3 is a block diagram showing a configuration example of the communication adapter 21 of FIG. In addition, since the communication adapter 12 is also the same structure, the illustration and description are abbreviate | omitted. However, the communication adapter 12 differs from the communication adapter 21 in that it communicates with the router 11.
In the communication adapter 21, data from the public communication network 6 is first input to the line switching circuit 41. Here, if the communication from the public communication network 6 side is addressed to the facsimile apparatus 22 connected to the communication adapter 21, the public communication network 6 side is connected to the facsimile apparatus 22, and the communication from the center system 1 is performed. In the case of communication, the public communication network 6 side is connected to the modem 42.

Further, the network I / F unit 43 communicates with the OA device such as the copying machine 23 or the like.
The control and processing are performed mainly by the CPU 44 in accordance with a control program (software including firmware) in the ROM 45.
The ROM 45 stores various fixed data including a control program used by the CPU 44.

The RAM 46 is storage means capable of storing various information including communication related information and security information described later. A backup battery (battery) 47 is connected to the RAM 46.
The switch 48 is for selectively setting various modes and inputting information such as various instructions.
The display unit 49 displays various information.
The communication adapter 21 polls the OA devices connected to it constantly and periodically and in the order of the device addresses assigned to them.

  Here, the CPU 44 of the communication adapters 21 and 12, which are communication devices, operates according to the control program in the ROM 45, and inputs information from a switch 48 or a terminal device such as a PC (not shown) or the network I / F unit 43, Device information acquisition means, device search means, storage means (communication related information holding means, security information holding means), search condition setting means, which are various functions related to the present invention, by controlling the RAM 46 and the display unit 49 etc. Communication status check means, device search instruction means, communication related information transmission means, communication related information update means, update communication related information transmission means, security information selection means, security information change destination selection means, security information transmission means, and setting change information A function as a transmission means can be realized.

  Alternatively, a disk device such as a flexible disk device or an optical disk device is built in or externally attached to the communication adapter 21 and a control program recorded on a recording medium (a disk such as a flexible disk or an optical disk) inserted by the disk device. The above-described various functions can also be realized by loading the program, installing it in the built-in RAM, and operating according to the control program.

FIG. 4 is a block diagram showing a configuration example of a control system of the copying machines 13 and 23 of FIG.
Control of the copying machines 13 and 23 is performed based on control programs and data stored in the ROM 102 centering on the CPU 101. In addition, the RAM 103 (storage means) is used to store intermediate results of processing, various setting values, the state of the apparatus, and the like. The RAM 103 is a non-volatile RAM backed up by a battery. Aside from the RAM 103, a nonvolatile storage medium such as a nonvolatile memory or an HDD may be provided.

The A / D converter 104 supplies the voltage supplied to the exposure lamp, the light emission voltage and light reception voltage of the P sensor, the output of the potential sensor, the output of the ADS sensor, the output of the lamp light quantity sensor that detects the light quantity of the exposure lamp, and the photosensitive drum. It is used to input the output of the drum current sensor that detects the current flowing, the thermistor voltage in the fixing unit, and the like.
The optical system control unit 105 controls the exposure lamp.
The high-voltage power supply unit 106 supplies high voltages respectively applied to the charger, the separation charger, the transfer charger, and the pre-transfer charger (PTC), and a developing bias voltage applied to the developing roller in the developing unit.

A motor control unit 107 controls a main motor that drives the photosensitive drums and rollers of the sheet feeding units and the conveyance unit.
The heater control unit 108 controls energization of a fixing heater that heats the fixing roller of the fixing unit, and holds the surface temperature of the fixing roller within a predetermined range.
The sensor control unit 109 is used to change the light receiving gain of the lamp light amount sensor, the light receiving gain of the ADS sensor, the light receiving gain of the P sensor, the light emission voltage of the LED of the P sensor, and the like.
The network I / F unit 110 is a unit that communicates with the communication adapters 12 and 21.

The operation unit 111 is an operation / display panel having a display unit for displaying various information and a switch unit (operation key) for inputting various information.
Here, the CPU 101 of the copying machine 13 or 23 operates according to the control program in the ROM 102, and inputs information such as various instructions from the operation unit 111, the RAM 103, the network I / F unit 110, the operation unit 111, and the like. By controlling the above, it is possible to realize functions as communication mode setting means, setting change information transmitting means, setting change instructing means, security information holding means, and security information update means, which are various functions related to the present invention.
The control system of the copying machines 13 and 23 has been described above, but other OA devices such as the printers 14 and 24 also have the same control system, so the illustration and description thereof will be omitted.

Hereinafter, each example of control and processing according to the present invention in the remote device management system configured as described above will be specifically described with reference to the drawings of FIGS.
For convenience of explanation, as communication control in this remote device management system, an electronic device including a communication adapter 21 installed at a customer site B and an image forming apparatus such as a copying machine 23 (hereinafter also referred to as "OA device") Only communication control between devices and communication control between the communication adapter 21 and the server 3a of the center system 1 will be described.

  Further, although not shown in FIG. 1, for example, as shown in FIG. 7, the communication adapter 21 includes the copying machine 231, the printer 241, and the router 300 together with the copying machine 23 and the printer 24 via the network 25. The copying machine 301 and the printer 302 are connected to the router 300 via the network 310. The network 25 side is a network segment C, and the network 310 side is a network segment D. The copiers 231 and 301 have the same configuration as that of the copier 23 (FIG. 4), and the printers 241 and 302 have the same configuration as the printer 24, respectively.

Furthermore, it is assumed that the transport mode and tunnel mode as the IPsec communication mode which is the security communication mode are applied to some OA devices and the router 300 according to the security policy of the customer. Therefore, there is a network environment in which the OA device in which the IP communication mode is set, the OA device in which the transport mode is set, and the router 300 in which the tunnel mode is set are mixed.
In this network environment, the communication adapter 21 does not know the communication mode of each electronic device (OA device, router) registered as a management target device, and has a device search function for searching each electronic device. It will be necessary.

First Embodiment
First, the first embodiment will be described.
FIG. 5 is a flowchart showing an example of the content of the search condition setting process by the communication adapter 21.

  The CPU 44 of the communication adapter 21 starts the processing routine of FIG. 5 by the instruction of the search condition setting by the user interface (the operation of the switch 48 or the operation on the terminal device), and first proceeds to step S1 and is necessary for communication in the IPsec communication mode. When IKE (Internet Key Exchange) information, which is security information, is input through a user interface (hereinafter abbreviated as "UI"), the IKE information is stored and set in the RAM 46 (internal storage area). When a plurality of IKE information is used in the network 25 connected to the communication adapter 21, all the IKE information is stored. The IKE information is protocol information for completely determining the encryption method constituting the SA (Security Association) information, exchanging the encryption key (or an electronic certificate including the same), and mutual authentication.

Next, proceeding to step S2, when SA (Security Association) information which is security information necessary for communication in the IPsec communication mode (transport mode, tunnel mode) is input by the UI, the SA information is stored in the RAM 46. To set. The SA information is composed of information such as an encryption method and an encryption key. These pieces of information can be exchanged and shared with the other party in communication in the IPsec communication mode, and a secure communication path can be established.
Finally, the process proceeds to step S3, and when the execution order of communication according to communication mode (communication according to each communication mode) is designated and input by the UI, the execution order of communication according to the communication mode is stored in RAM 46 and set. .

For example, when the IPsec communication mode (transport mode or tunnel mode) is not set in any of the electronic devices registered as the management target devices, communication in the IPsec communication mode is not performed at the time of device search. If this is done, the processing load on the CPU 44 is reduced accordingly, so that whether or not to execute communication for each communication mode can be designated and input by the UI, and can be stored and set in the RAM 46.
When the CPU 44 of the communication adapter 21 searches each electronic device registered as a device to be managed, it is necessary to set a range of IP addresses. Therefore, after setting the search condition in the communication adapter 21, the range of the IP address input from the UI is stored and set in the RAM 46 as the target IP address.

Here, processing by IKE information performed immediately before the start of communication in the IPsec communication mode will be described.
The processing based on this IKE information is to decide SA information to be used at the time of communication in the IPsec communication mode, and is divided into two stages.
In the first half, the encryption method to be used in the second half is determined, and the same encryption key is generated and shared with both parties. After sharing the encryption key, use this to move to the second half.

  In the second half, since IKE-limited encrypted communication becomes possible, negotiation for communication in the IPsec communication mode (encrypted communication) is started, and both sides can be presented by presenting mutually usable encryption methods. After determining the usable encryption method in step S. 2, exchange various encryption keys corresponding to the encryption method, and exchange various information (SA information) necessary for communication in the IPsec communication mode. This enables communication in the IPsec communication mode.

  As security information necessary for communication in the IPsec communication mode (transport mode, tunnel mode), there is SP (security policy) information in addition to SA (Security Association) information. The SP information indicates processing specifications for packets at the time of communication in the IPsec communication mode, and is stored and set in advance in the RAM 46. The SP information is also used together with the above-described IKE information and SA information in communication in the IPsec communication mode, but the description of the communication procedure including the SP information is omitted.

FIG. 6 is a flowchart showing an example of the contents of the device search process by the communication adapter 21. The target IP addresses are IP1 and IP2 here for convenience of explanation.
The CPU 44 of the communication adapter 21 starts the process routine of FIG. 6 at a predetermined timing, and performs the process of step S11 first.

Here, the start timing will be described.
For example, device information (remote management model number, model name, model number, device number, MIB information, etc.) of each electronic device registered as a management target device is stored in the RAM 46, and each device information is stored. The communication state with the electronic device is checked, and as a result of the check, when the communication with any one of the electronic devices becomes impossible, the processing routine of FIG. 6 is started.
Alternatively, in the server 3a of the center system 1, device information of each electronic device registered as a management target device is stored (stored) in the HDD (DB) 37, and communication with each electronic device having the device information is performed. The state is checked, and as a result of the check, when communication with any of the respective electronic devices is not possible, the CPU 44 of the communication adapter 21 transmits a request for device search to the communication adapter 21 as shown in FIG. Start the processing routine of 6.

In step S11, the execution order of communication according to communication mode is read from the RAM 46. Here, the order of execution is IP communication mode, transport mode and tunnel mode in this order.
Next, for each IP address (target IP address) of each electronic device registered as a management target device in steps S12 to 14, communication (connection) in IP communication mode, transport mode, tunnel mode one IP address at a time When communication is possible, device information is acquired from the electronic device of the IP address in the communication mode, and device search is performed to determine whether the electronic device is to be managed. Although the description is omitted here, as described above, the processing by the IKE information is performed immediately before performing the communication in the transport mode and the tunnel mode which are the IPsec communication mode. The same applies to the following.

  In step S12, Ping (network diagnosis) in the communication in the IP communication mode is performed on IP1, and if there is a Ping response from the electronic device of IP1, the electronic device of IP1 performs the device by HTTPS or SNMP. Information is acquired, and a device search is performed to determine whether the electronic device is to be managed. Next, the same device search is performed on IP2 (next IP address). Note that the device search is terminated for the IP address (electronic device having acquired device information) for which the Ping response has been made, and the Ping in communication in the subsequent IPsec communication mode (transport mode, tunnel mode) is performed. Does not include device search.

  In step S13, Ping in communication in transport mode which is one of the IPsec communication modes is performed on IP1, and if there is a Ping response from the electronic device of IP1, HTTPS or IP1 from the electronic device of IP1 is performed. Device information is acquired by SNMP, and device search is performed to determine whether the electronic device is to be managed. Next, the same device search is performed on IP2. Note that the device search is ended for the IP address for which the Ping response has been made, and the device search including execution of Ping in the subsequent communication in the tunnel mode is not performed.

In step S14, Ping in communication in tunnel mode which is one of the IPsec communication modes is performed on IP1, and when there is a Ping response from the electronic device of IP1, HTTPS or SNMP is transmitted from the electronic device of IP1. The device information is acquired in step S5, and a device search is performed to determine whether the device is an electronic device to be managed. Next, the same device search is performed on IP2.
After the device search is completed, the process proceeds to step S15, and the management target device is registered based on the result of the device search. That is, the device information (device information of the electronic device to be the management target device) acquired by the device search is stored in the RAM 46. As a result, the electronic device having the device information is registered as the management target device.

  Next, the process proceeds to step S16, and the next process is performed. That is, the device information of the electronic device to be managed and the communication mode at the time of acquisition thereof are associated with each other and held in the RAM 46 as communication related information. At this time, if the communication mode at the time of acquiring the device information of the electronic device to be managed is the IPsec communication mode (transport mode or tunnel mode), SA information and SP information used for communication in the IPsec communication mode Are associated with the respective device information, and held in the RAM 46 as an SA database (hereinafter abbreviated as "SAD") and an SP database (hereinafter abbreviated as "SPD"). The communication mode at the time of device information acquisition may be added to the SP information.

Thereafter, the communication related information and SAD, SPD held in the RAM 46 in step S17 are transmitted to the center system 1 by HTTPS communication.
When the CPU 31 of the server 3a of the center system 1 receives the communication related information and the SAD and SPD sent from the communication adapter 21, the CPU 31 stores them as device management information in the HDD (DB) 37 and manages them.

Here, the device search process by the communication adapter 21 will be described in more detail.
FIG. 7 is a diagram for explaining a specific example of device search processing by the communication adapter 21. As shown in FIG.
For example, the copier 23 installed in the network segment C has a communication execution order for each communication mode which is a search condition set in the communication adapter 21 in the order of the IP communication mode, the transport mode, and the tunnel mode. , 231, the printers 24, 241, and the IP address of the router 300, the copier 301, and the printer 302 installed in the network segment D, and the communication mode set in them are as shown in FIG. The communication adapter 21 applies one IP address from the IP address "192.168.30.50" for each communication mode (IP communication mode, transport mode, tunnel mode) to the IP address range "192.168.30.50-192.168.40.85". Perform device search one by one.

Then, when performing device search in the first IP communication mode, if Ping in communication in the IP communication mode is sequentially performed on each of the IP addresses “192.168.30.55” and “192.168.30.56”, the copying machine of each IP address Since there is a Ping response from the printer 241 sequentially from the printer 241, device information is sequentially acquired from the copying machine 231 and the printer 241 by HTTPS or SNMP.
When performing device search in the next transport mode, if Ping in communication in the transport mode is sequentially performed on each of the IP addresses “192.168.30.70” and “192.168.30.71”, the copying machine 23 of each IP address of the respective IP address, Since there is a Ping response from the printer 24 sequentially, device information is sequentially acquired from the copying machine 23 and the printer 24 by HTTPS or SNMP.

At the time of device search in the last tunnel mode, if Ping in transport mode communication is performed for each IP address "192.168.40.11", "192.168.40.80" and "192.168.40.82", the respective IP addresses Since there is a ping response from the router 300, the copier 301, and the printer 302, respectively, the device information is acquired from the router 300, the copier 301, and the printer 302 by HTTPS or SNMP.
Although the device search for each communication mode is repeatedly and sequentially performed for each IP address in each communication mode here, it may be repeatedly and sequentially performed for each IP address. In this case, if there is a Ping response, it is preferable to end the device search for the IP address at that time and shift to device search for the next IP address.

As described above, according to the first embodiment, the following effects (1) to (6) can be obtained.
(1) The execution order of communication for each of a plurality of communication modes including the security communication mode (transport mode which is the IPsec communication mode, tunnel mode) used by the communication adapter (communication apparatus) for device search is set in advance Communication is sequentially performed with each electronic device registered as a management target device and each communication mode, device search is performed to obtain device information in a communication mode in which communication is possible from each electronic device, and acquisition is performed by the device search The stored device information and the communication mode at the time of obtaining the device information are associated with each other and held as communication related information. Therefore, by referring to the communication related information, communication different from each electronic device registered as the management target device It becomes possible to communicate reliably in the mode.

In addition, even when any one of the electronic devices registered as the management target device becomes incapable of communication due to the occurrence of abnormality such as a failure, the communication can be reliably performed in a different communication mode with other electronic devices. It will be possible.
Therefore, even in an environment in which the communication adapter communicates with a plurality of electronic devices in different communication modes, it is possible to avoid an increase in the burden of management operations by the network administrator and a decrease in network security, and the operation efficiency of the electronic devices Can be improved.

(2) If it is possible to set whether or not to execute communication for each communication mode used for device search, the communication adapter does not need to execute communication in an unnecessary communication mode and carry out device search, so communication for that amount Processing load on the adapter is reduced and processing efficiency is improved.
(3) When the communication adapter acquires device information in a communicable communication mode, if the device search for the electronic device having the device information is finished, the communication in the communication mode is repeatedly executed to perform the device search Since it is not necessary, the processing load on the communication adapter is reduced accordingly.
(4) The communication adapter checks the communication state with each electronic device registered as a management target device, and as a result of the check, the device search when communication with any of the respective electronic devices is not possible. Since the device search does not need to be performed regularly, the processing load on the communication adapter is reduced accordingly.

(5) When the center system (management apparatus) checks the communication state with each electronic device registered as a management target device, and as a result of the check, communication with any of the respective electronic devices becomes impossible In addition, if the device search is requested to the communication adapter, the communication adapter does not need to check the communication status with each electronic device registered as the management target device, so the processing load on the communication adapter is further reduced. .
(6) The communication adapter associates the device information acquired by the device search with the communication mode at the time of acquiring the device information and holds it as communication related information, and then transmits the communication related information to the center system, and the center system However, by receiving the communication related information from the communication adapter and storing it in the HDD and managing it, the center system can reliably manage each electronic device registered as the device to be managed.

Second Embodiment
Next, a second embodiment will be described. In the second embodiment, the following processing is performed in addition to the processing of the first embodiment.
FIG. 8 is a flow chart showing an example of the contents of communication mode setting change processing by the copying machine 23. In addition, since other electronic devices such as the printer 24 perform the same processing, the corresponding illustration and description will be omitted.
FIG. 9 is a flowchart showing an example of the content of the communication related information update process by the communication adapter 21.

  The communication adapter 21 can manage a plurality of electronic devices performing communication in different communication modes by the device search described above. However, if the setting of the communication mode of any one of the electronic devices is changed (IP communication mode / IPsec communication mode), the communication adapter 21 attempts to communicate in the communication mode which has been able to communicate until now. , Can not communicate. Therefore, since the electronic device is in the same state as when the power is turned off, it can not be managed even if the electronic device is in the operating state.

Therefore, the CPU 101 of the copying machine 23 periodically starts the processing routine of FIG. 8 and first determines in step S21 whether or not the setting change of the communication mode is instructed by the user interface (operation of the operation unit 111) If the setting change is not instructed, the processing routine of FIG. 8 is ended.
When the setting change of the communication mode is instructed, since the communication mode is also designated by the user interface, the setting change information including the information of the designated communication mode is specified together with the device information of its own in step S22. Send to

Then, after the communication is successful, the setting is changed to the communication mode designated by the user interface in step S23. For example, when the IP communication mode (transport mode) is specified in the state where the IP communication mode is set, the setting is changed to the specified IPsec communication mode. Alternatively, when the IP communication mode is designated while the IPsec communication mode (transport mode) is set, the setting is changed to the designated IP communication mode.
When the setting change is completed, the processing routine of FIG. 8 ends.

On the other hand, the CPU 44 of the communication adapter 21 periodically starts the processing routine of FIG. 9, first determines in step S31 whether or not setting change information has been received from any of the electronic devices, and the setting change information is If not received, the processing routine of FIG. 9 is ended.
When setting change information is received together with device information from any of the electronic devices, the communication related information held in the RAM 46 is updated based on the information in step S32.

That is, the communication mode corresponding to the received device information in the communication related information is updated to the communication mode (the communication mode after the setting change) specified by the setting change information.
Thereafter, in step S33, the updated communication related information is transmitted to the center system 1 by HTTPS communication, and the processing routine of FIG. 9 is ended.
When the CPU 31 of the server 3a of the center system 1 receives the updated communication related information from the communication adapter 21, the communication related information stored in the HDD (DB) 37 based on the communication related information (in fact, it is Update the device management information).

Here, the process related to the setting change of the communication mode by the copying machine 23 and the communication adapter 21 when the setting change of the communication mode is instructed by the copying machine 23 will be described in more detail.
FIG. 10 is a diagram for explaining a specific example of processing relating to setting change of the communication mode by the copying machine 23 and the communication adapter 21. In FIG.

When the CPU 101 of the copying machine 23 having the IP address "192.168.30.70" is instructed to change the setting to the IP communication mode by the user interface in a state where the transport mode (one of the IPsec communication modes) is set. After transmitting the setting change information to the communication adapter 21 together with the device information, the setting is changed from the transport mode to the designated IP communication mode.
When the CPU 44 of the communication adapter 21 receives the setting change information from the copying machine 23 having the IP address “192.168.30.70” together with the device information, the communication mode corresponding to the received device information among the communication related information held in the RAM 46 Are updated to the communication mode specified by the setting change information, and the communication related information after the update is transmitted to the center system 1.

  As described above, according to the second embodiment, in addition to the same effects as the first embodiment, the following effects can be obtained. That is, when each electronic device is instructed to change the setting of the communication mode used for communication with the communication adapter, the setting change information is transmitted to the communication adapter, and then the setting of the communication mode is changed, and the communication is performed. When the adapter receives the setting change information from any of the electronic devices, the adapter updates the communication related information held therein based on the setting change information, and the communication related information after the update is used as the center system. When the center system receives the updated communication related information from the communication adapter, the center system updates the communication related information stored and managed therein based on the communication related information. Even if the setting of the communication mode is changed on the device, there is no possibility that communication with the communication adapter will be disabled, so the device search processing is performed on the communication adapter side. The number is reduced.

Third Embodiment
Next, a third embodiment will be described. In the third embodiment, the following processing is performed in addition to the processing of the first embodiment.
FIG. 11 is a flow chart showing an example of the contents of setting change information transmission processing of the communication mode by the center system 1.
FIG. 12 is a flowchart showing another example of the content of the communication related information update process by the communication adapter 21.

The CPU 31 of the server 3a of the center system 1 periodically starts the processing routine of FIG. 11. First, in step S41, communication with the customer's electronic device is performed by the user interface (terminal device such as PC not shown in the center system 1). It is determined whether or not change of the mode setting has been instructed, and if the change of the setting has not been instructed, the processing routine of FIG. 11 is ended.
When the setting change of the communication mode is instructed, the device information of the electronic device to be subjected to the setting change is also input and the communication mode is designated by the user interface, and the processing described below is performed in step S42.

That is, the configuration change information including the information of the communication mode designated by the user interface is transmitted to the communication adapter 21 by the HTTPS communication together with the device information inputted by the user interface.
After the communication is successful, the communication related information stored in the HDD (DB) 37 is updated based on the device information of the setting change target electronic device input by the user interface in step S43 and the specified communication mode. . That is, the communication mode corresponding to the input device information in the communication related information is updated to the specified communication mode.

On the other hand, the CPU 44 of the communication adapter 21 periodically starts the processing routine of FIG. 12, first determines in step S51 whether or not setting change information has been received from the center system 1, and receives the setting change information. If not, the processing routine of FIG. 12 is ended.
When setting change information is received from the center system 1 together with the device information, the following processing is performed in step S52.

That is, the electronic device to be managed is searched, and if there is an electronic device indicated by the received device information, the setting change information received via HTTPS is transmitted to the electronic device.
After the communication is successful, the communication related information held in the RAM 46 is updated based on the setting change information and the device information received in step S53.
When receiving the setting change information from the communication adapter 21, the CPUs (the CPU 101 of the copying machine 23 and the like) of the respective electronic devices change the setting to the communication mode specified by the setting change information.

Here, the processing related to the setting change of the communication mode by the center system 1, the communication adapter 21 and the copying machine 23 when the setting change of the communication mode is instructed in the center system 1 will be described in more detail.
FIG. 13 is a diagram for explaining a specific example of processing relating to setting change of the communication mode by the center system 1, the communication adapter 21 and the copying machine 23. As shown in FIG.

  When the CPU 31 of the server 3a of the center system 1 instructs the copying machine 23 of the IP address "192.168.30.70" for which the transport mode is set to be changed to the IP communication mode by the user interface. After transmitting the setting change information to the communication adapter 21 together with the device information of the copying machine 23, the communication mode corresponding to the input device information among the communication related information stored in the HDD (DB) 37 is designated. Update to the communication mode.

When receiving the setting change information from the center system 1 together with the device information, the CPU 44 of the communication adapter 21 transmits the setting change information to the copying machine 23 indicated by the device information, and then, among the communication related information held in the RAM 46 And updating the communication mode corresponding to the received device information to the communication mode specified by the setting change information.
When receiving the setting change information from the communication adapter 21, the CPU 101 of the copying machine 23 having the IP address “192.168.30.70” changes the setting from the transport mode to the IP communication mode specified by the setting change information.

  As described above, according to the third embodiment, in addition to the same effects as the first embodiment, the following effects can be obtained. That is, when the center system is instructed to change the setting of the communication mode used for communication with any of the communication adapters of each electronic device, the setting change information is transmitted to the communication adapter, and the setting change information is transmitted. Based on the communication related information stored and managed in the self is updated, and when the communication adapter receives the setting change information from the center system, the setting change information is transmitted to the corresponding one of the electronic devices. Simultaneously with updating the communication related information held in itself based on the received setting change information, and when each electronic device receives the setting change information from the communication adapter, the communication is performed based on the setting change information By changing the setting of the mode, even if the setting of the communication mode is changed in the electronic device, communication with the communication adapter may not be possible. Becomes therefore, it decreases the number of times to perform the device search processing in the communication adapter side. Moreover, since the setting change of the communication mode of each electronic device is performed by remote control by the center system, the work load on the user side is reduced.

Fourth Embodiment
Next, a fourth embodiment will be described. In the fourth embodiment, the following processing is performed in addition to the processing of the second embodiment.
FIG. 14 is a flowchart showing an example of the contents of security information selection / transmission processing by the communication adapter 21.
FIG. 15 is a flow chart showing an example of the contents of the security information update process by the copying machine 23. In addition, since other electronic devices such as the printer 24 perform the same processing, the corresponding illustration and description will be omitted.

The CPU 44 of the communication adapter 21 periodically starts the processing routine of FIG. 14 and first determines in step S61 whether or not the change of security information is instructed by the user interface (the switch 48 or the input unit of the terminal device). If the change is not instructed, the processing routine of FIG. 14 is ended.
When a change of security information is instructed, the following processing is performed in step S62.

  That is, a list of a plurality of different security information (SA information or SP information) required for communication in the IPsec communication mode (security communication mode) held in the RAM 46 is read out and displayed on the display unit 49 or a terminal such as a PC not shown. Display on the display of the device. The list of security information can be input in advance by the user interface and held in the RAM 46.

Next, proceeding to step S63, when selection of any security information in the list of security information displayed on the display unit 49 or the display unit of the terminal device is instructed by the user interface, the security information is selected. .
Next, proceeding to step S64, when the change destination of the security information is designated from the electronic devices to be managed by the user interface, the electronic device of the change destination is selected.
When the selection of the security information and the electronic device of the change destination is completed, the selected security information is transmitted to the selected electronic device in step S65 by HTTPS communication, and the processing routine of FIG. 14 is ended.

On the other hand, the CPU 101 of the copying machine 23 periodically starts the processing routine of FIG. 15 and first determines in step S71 whether security information has been received from the communication adapter 21. If the security information has not been received. The processing routine of FIG. 15 ends.
When security information is received from the communication adapter 21, the security information held in the RAM 103 is updated to the received security information in step S72, and the processing routine of FIG. 15 is ended. When security information is received for the first time after the initial installation of the copying machine 23, the security information is held in the RAM 103 as it is.

Here, processing related to updating of security information by the communication adapter 21 and the copying machine 23 when selection of security information is instructed by the communication adapter 21 will be described in more detail.
FIG. 16 is a diagram for explaining a specific example of processing relating to the update of security information by the communication adapter 21 and the copying machine 23.

The CPU 44 of the communication adapter 21 selects any security information from the list of security information according to an instruction from the user interface, and selects the copying machine 23 of the IP address "192.168.30.70" as the change destination of the security information, and then The selected security information is transmitted to the copying machine 23 by HTTPS communication.
When receiving the security information from the communication adapter 21, the CPU 101 of the copying machine 23 having the IP address “192.168.30.70” updates the security information held in the RAM 103 with the received security information. The updated security information is used when performing IPsec communication.

  As described above, according to the fourth embodiment, in addition to the same effects as the second embodiment, the following effects can be obtained. In other words, after the communication adapter selects any of the security information held in itself and selects the change destination of the security information from among the electronic devices, the selected security information is selected to the electronic device selected. The communication adapter can centrally update the security information of each electronic device by the electronic device that has transmitted and received the security information updating the security information held therein to the received security information. As a result, the operating time can be secured by shortening the time required for the update. Therefore, the operation efficiency of the electronic device can be further improved.

Fifth Embodiment
A fifth embodiment will now be described. In the fifth embodiment, the following processing is performed in addition to the processing of the third embodiment.
FIG. 17 is a flowchart showing an example of the contents of security information selection / transmission processing by the center system 1.
FIG. 18 is a flowchart showing an example of the content of the security information transmission process by the communication adapter 21.

  The CPU 31 of the server 3a of the center system 1 periodically starts the processing routine of FIG. 17 and first determines in step S81 whether or not the change of security information for the customer's electronic device is instructed by the user interface. If no change is instructed, the processing routine of FIG. 17 ends.

  When the change of the security information is instructed, the process proceeds to step S82, and a list of a plurality of different security information (SA information or SP information) necessary for communication in the IPsec communication mode stored in the HDD 37 is read It displays on the display part of the terminal device which is not illustrated. Note that the list of security information can be previously input through the user interface and stored in the HDD 37.

Next, proceeding to step S83, when selection of any security information in the list of security information displayed on the display unit of the terminal device is instructed by the user interface, the security information is selected.
Next, proceeding to step S84, when the change destination of the security information is designated from the electronic devices to be managed by the user interface, the electronic device of the change destination is selected.
When the selection of the security information and the electronic device of the change destination is completed, the selected security information is transmitted together with the device information of the selected electronic device in step S85 to the communication adapter 21 by HTTPS communication, and the processing routine of FIG. .

On the other hand, the CPU 44 of the communication adapter 21 periodically starts the processing routine of FIG. 18 and first determines in step S91 whether security information has been received from the center system 1, and if the security information has not been received. The processing routine of FIG. 18 ends.
If the security information is received from the center system 1 together with the device information, the process proceeds to step S92, the electronic device to be managed is searched, and if there is an electronic device indicated by the received device information, the process proceeds to the electronic device Send the received security information by HTTPS communication.

The CPU 101 of the copying machine 23 updates the security information held in the RAM 103 to the received security information in step S72 when the security information is received from the communication adapter 21 by the same processing as FIG.
Here, processing related to updating of security information by the center system 1, the communication adapter 21 and the copying machine 23 when selection of security information is instructed by the center system 1 will be described in more detail.
FIG. 19 is a view for explaining a specific example of processing concerning updating of security information by the center system 1, the communication adapter 21 and the copying machine 23.

  The CPU 31 of the server 3a of the center system 1 selects arbitrary security information from the list of security information according to an instruction from the user interface, and selects the copying machine 23 of the IP address "192.168.30.70" as the change destination of the security information. Thereafter, the selected security information is transmitted to the communication adapter 21 by HTTPS communication together with the device information of the selected copying machine 23.

When receiving the security information from the center system 1 and the device information, the CPU 44 of the communication adapter 21 transmits the security information to the copying machine 23 of the IP address “192.168.30.70” indicated by the device information.
When receiving the security information from the communication adapter 21, the CPU 101 of the copying machine 23 having the IP address “192.168.30.70” updates the security information held in the RAM 103 with the received security information.

  As described above, according to the fifth embodiment, in addition to the same effects as those of the third embodiment, the following effects can be obtained. In other words, after the center system selects any of the security information held in itself and selects the change destination of the security information from among the electronic devices, the electronic device of which the selected security information is selected is selected. The communication adapter that transmits the security information and the device information to the communication adapter together with the device information transmits the security information to the electronic device indicated by the device information, and the electronic device that receives the security information holds itself By updating the current security information to the received security information, the center system can centrally update the security information of each electronic device via the communication adapter, so the operating time required for the update can be shortened. It becomes possible to secure. Further, since the security information of each electronic device is changed by remote control by the center system, the work load on the user side is further reduced. Therefore, the operation efficiency of the electronic device can be further improved.

  As apparent from the above description, according to the present invention, even when the communication apparatus communicates with a plurality of electronic devices in different communication modes, the burden on the management task by the network administrator increases, and the network security Since the decrease can be avoided, the operation efficiency of the electronic device can be improved. Therefore, an operation efficient remote device management system and communication device can be provided.

1: Center system (central management unit) 2, 11, 300: Router 3a, 3b: Server 4, 15, 25, 310: Network 5: Internet 6: Public communication network 7: Access point 12, 21: Communication adapter 13 , 23, 231, 301: copier 14, 24, 241, 302: printer 22: facsimile device 26: dedicated I / F 31, 44, 101: CPU 32: real time clock circuit 35: external memory control unit 36, 43, 110: Network I / F unit 37: Hard disk drive 41: Line switching circuit 42: Modem 47: Battery 48: Switch 49: Display section 111: Operation section

Unexamined-Japanese-Patent No. 2004-221696

Claims (7)

In a remote device management system in which a management device and one or more electronic devices can communicate via a communication device, and the management device remotely manages the electronic device via the communication device by the management device,
In the communication device,
Communication is sequentially performed on a plurality of different communication methods with respect to the one or more electronic devices, and when there is a response, device information acquisition is performed to obtain device information from the electronic devices in the communication method in which the response is received. Means,
Storage means for associating and holding the device information and the communication method at the time of obtaining the device information when the device information obtaining means obtains the device information;
Communication related information transmitting means for transmitting the communication related information held in the storage means to the management device;
In the management device,
A remote device management system, comprising communication related information management means for storing and managing the communication related information when the communication related information is received from the communication device. In the remote device management system according to claim 1,
A remote device management system, comprising setting means for setting an execution order of communication in each of the plurality of different communication methods used by the device information acquisition means in the communication device. In the remote device management system according to claim 2,
The remote device management system according to claim 1, wherein the setting unit of the communication apparatus includes a unit for setting whether to execute communication in each of the communication methods used by the device information acquisition unit. The remote device management system according to any one of claims 1 to 3.
In the communication device,
Communication status check means for checking the communication status with the one or more electronic devices, and when communication with any one of the one or more electronic devices is disabled as a result of the check by the communication status check means, The device information acquisition means sequentially executes communication in a plurality of different communication methods for the one or more electronic devices, and when there is a response, the electronic device receives the response, and the electronic device receives A remote device management system, comprising: means for starting processing for acquiring information. The remote device management system according to any one of claims 1 to 3.
In the management device,
Communication status check means for checking the communication status with the one or more electronic devices, and when communication with any one of the one or more electronic devices is disabled as a result of the check by the communication status check means, For the communication device, the device information acquisition unit sequentially executes communication with a plurality of different communication methods for the one or more electronic devices, and when there is a response, the communication having the response A remote device management system comprising: means for starting processing of obtaining device information from the electronic device in a method. The remote device management system according to any one of claims 1 to 5,
The remote device management system, wherein each communication method is an IP communication mode and an IPsec communication mode which is a security communication mode. In the remote device management system according to claim 6,
A remote device management system comprising a transport mode and a tunnel mode as the IPsec communication mode.

Images