CN101030880A - Multi-server management system and method - Google Patents
Multi-server management system and method Download PDFInfo
- Publication number
- CN101030880A CN101030880A CN 200610024339 CN200610024339A CN101030880A CN 101030880 A CN101030880 A CN 101030880A CN 200610024339 CN200610024339 CN 200610024339 CN 200610024339 A CN200610024339 A CN 200610024339A CN 101030880 A CN101030880 A CN 101030880A
- Authority
- CN
- China
- Prior art keywords
- module
- management
- server
- hmac
- management server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The system comprises a management server comprising a WEB server module, a user interface module, a sensor module, an information platform module, an alarm module, a network setting module, a users' management module, a power management module and a communication module. Each module in the management server uses IPMI2.0 management technology; the communication module uses RMCP+ protocol to respectively connect with multi IPMI 2.0-based servers. The invention also uses encryption algorithms HMAC-MD5, HMAC-SHAl, AES-CBC to encrypt and decrypt communication data packets.
Description
Technical field
The present invention relates to computer realm, more particularly, relate to a kind of multi-server management system and management method based on IPMI2.0 standard, cross-platform Web mode.
Background technology
IPMI (the abbreviation of Intelligent Platform Management Interface, IPMI) technology derives from the server admin intellectuality, its starting point is that settlement server hardware management ability is low, the user can utilize the physical features of IPMI monitor server, as temperature, voltage, electric fan operating state, power supply supply and cabinet invasion etc., for system management and recovery and asset management provide information.The management system of the multiserver of prior art, basically be based on the IPMI (abbreviation of Intelligent Platform Management Interface, IPMI) design principle of The Application of Technology system and application, in other words, the management software of the standard that is based on IPMI1.0 or 1.5 of employing, the product of this management software, by fairly simple user, password authentification mode, communication security can not get effective guarantee, and all are 1 pair 1 way to manages.Therefore efficient is hanged down F, and fail safe can not obtain fine assurance.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of management system and method for multiserver, can overcome the above-mentioned deficiency of prior art, and it is better to have a communications security, uses characteristics more easily.
The above-mentioned technical problem of the present invention solves like this, construct a kind of multi-server management system, comprise management server, moving on described management server has with lower module: the WEB server module, subscriber interface module, sensor assembly, the platform information module, alarm module, the network settings module, user management module, power management module and communication module, it is characterized in that, above-mentioned each module of moving on management server is to adopt the IPMI2.0 administrative skill, and described communication module is connected with a plurality of servers based on IPMI2.0 of being managed respectively with the RMCP+ agreement.
In the above-mentioned multi-server management system of the present invention, described management server and described managed a plurality of based on the communication data between the server of IPMI2.0, transmit leg is encrypted with cryptographic algorithm HMAC-MD5, HMAC-SHA1 and AES-CBC, and the recipient is decrypted with cryptographic algorithm HMAC-MD5, HMAC-SHA1 and AES-CBC.
Another technical problem of the present invention solves like this, construct a kind of multiserver administration method, it is characterized in that, set up a management server and comprise the WEB server module, subscriber interface module, sensor assembly, the platform information module, alarm module, the network settings module, user management module, power management module and communication module, a plurality of servers based on IPMI2.0 are carried out communication data by described communication module and described management server, transmit leg adopts cryptographic algorithm HMAC-MD5, HMAC-SHA1 and AES-CBC encrypt, and the recipient adopts corresponding decipherment algorithm to be decrypted.By the browser program of visit WEB server, implement the management of one-to-many.More particularly, multiserver administration method of the present invention may further comprise the steps: S1) import on management server WEB interface by the IP address of management server object; S2) the IP address is joined by in the tabulation of management server; S3) each project in the tabulation is selected to implement management activities; S4) according to user's selection, generation meets RMCP+ specification data bag, after communication module use AES-CBC algorithm for encryption, sends on the definite server of IP; S5) by management server management activities is carried out in the packet deciphering back of receiving, and execution result is encrypted the back with returning after the RMCP+ packet encapsulation; S6) receive the RMCP+ packet of the encryption acts execution result that returns after, be decrypted and resolve and show.
Implement multi-server management system provided by the invention and method, owing to adopt the RMCP+ communications protocol of IPMI2.0 standard definition, use cryptographic algorithm HMAC-MD5 simultaneously, HMAC-SHA1, AES-CBC carries out encryption and decryption to the communication bag, makes data communication safer, simultaneously, adopt the WEB mode of one-to-many to manage, make server admin more efficient, guaranteed the safe and reliable of communication between remote side administration program and each server.
Description of drawings
Fig. 1 is the logic diagram of multi-server management system of the present invention.
Fig. 2 is the schematic flow sheet of multiserver administration method embodiment of the present invention.
Fig. 3 is a distant place management control protocol data packet format schematic diagram.
Embodiment
As shown in Figure 1, in an exemplary embodiment of multi-server management system of the present invention, the user passes through browser program, management server on the accesses network is implemented the service of one-to-many, moving on management server has with lower module: the WEB server module, subscriber interface module, sensor assembly, the platform information module, alarm module, the network settings module, user management module, power management module and communication module, because these modules are used the IPMI2.0 administrative skill, communication module can be connected with a plurality of servers based on IPMI2.0 respectively with the RMCP+ agreement, and carry out data communication between based on the server of IPMI2.0 at the WEB server and by a plurality of far-ends of being managed, transmit leg is with cryptographic algorithm HMAC-MD5, HMAC-SHA1 and AES-CBC encrypt, and the recipient is with cryptographic algorithm HMAC-MD5, HMAC-SHA1 and AES-CBC are decrypted.Because all realizations all are based on Java technology JSP+JavaBean, can be at Windows under the situation of not revising any source code, Linux uses on the different operating system platforms such as Solaris.Because above-mentioned management system and method is the Web mode more than 1 pair, can improve the efficiency of management to each server significantly effectively.
Wherein, the RMCP+ agreement derives from RMCP (Remote Management ControlProtocol, distant place management control protocol), and it is a kind of management regulation of being formulated by a DMTF of International Standards Organization (Desktop Management Task Force).It is independent of operating system, realizes jointly by an individual chips BMC (Baseboard Management Controller, base band Management Controller) and hypervisor.RMCP is the agreement of request-response type, and it can be encapsulated in IPMI message in the packet, and the RMCP data packet format that has encapsulated IPMI message as shown in Figure 3.Wherein, Ethernet Framing is an Ether frame, MAC Address is the medium access controls, IP/UDP is Internet user's data protocol, IP Address is an internet address, RMCP Port# is that remote mail is checked protocol port number, PMCP message is the remote mail protocol massages, Class=IPMI represents that classification is an IPMI, RMCP Sequence# is meant distant place management control protocol sequence number, IPMI v1.5 or IPMIV2.0+ is IPMI 1.5 editions or 2.0+ version, and Session Wrapper is the session wrapper, IPMI Message IPMI message.
The RMCP+ agreement is the RMCP that strengthens, and it has identical data packet format with RMCP, but it requires more, the more complicated cryptographic algorithm of utilization in the transmission of the establishment of IPMI Session and IPMI message receives, with the safety of guarantee communication.The process of RMCP+ agreement communication generally is:
1. the encryption/decryption algorithm of using in hypervisor and the server negotiate communication based on IPMI 2.0 activates a meeting (Session), then so that carry out the transmission of IPMI message.This stage has four steps:
A. hypervisor sends request, and whether the IPMI version that the inquiry server is supported is supported/essential informations such as decipherment algorithm.
B. the encryption/decryption algorithm of using when sending message behind the Session is set up in the Session process and set up to hypervisor and server negotiate.
C. hypervisor and server exchange random number and GUID etc. set up the information that (HMAC-MD5, HMAC-SHA1 etc.) need use in the cryptographic algorithm at Session.
D. hypervisor and server exchange are set up at Session and are used the information that (AES-CBC etc.) need use in the cryptographic algorithm when IPMI message is transmitted in the back.Finish the activation of Session after the affirmation.
2. hypervisor is encrypted the server based on IPMI2.0 that is packaged into the RMCP+ packet and sends to far-end by network according to the cryptographic algorithm of determining in the previous step (AES-CBC etc.) to the IPMI message that needs transmit.
3. server receives deciphering behind the RMCP+ packet and carries out the action of appointment in the IPMI message, then execution result is returned to hypervisor.
4. hypervisor is closed Session, finishes the process of a communication.
In conjunction with Fig. 2, further specify the flow process of management method of the present invention, after frame 201 beginnings, at frame 202, open administration web page on the Web server by remote subscriber by http (s) agreement, it is the interface portion of hypervisor, at frame 203, the user imports the IP address based on the IPMI2.0 server that will manage on the interface of opening, in frame 204, the user confirms the IP address of importing on the interface, if the user confirms, in frame 205, hypervisor joins the IP address by in the management server tabulation, imports if can not confirm to come back in the frame 203; In frame 206, judge, add if desired more by management server, return frame 203, otherwise in frame 207, user's server that selection will be managed from tabulation, opening function option after clicking IP on the webpage, select the management activities (check the cpu fan rotating speed, restart machine etc.) that to implement then.Then, implementing management activities 208 pairs of frames confirms, if can not confirm, get back to frame 207, if can confirm, in frame 209, the corresponding function module of hypervisor meets RMCP+ specification data bag according to user's one of selection generation, sends to specified server (IP determines) after the communication module use AES-CBC algorithm for encryption by hypervisor; Then in frame 210, receive the packet that hypervisor sends based on the server of IPMI 2.0, desired action is carried out in the deciphering back, and will move result's encryption of carrying out, with returning to hypervisor after the RMCP+ packet encapsulation; At last, in frame 211, hypervisor is deciphered after receiving the RMCP+ packet of representing the action execution result, and resolves the result who carries out, and is presented on the webpage then.Get back to frame 207 as continuing, otherwise end at frame 213.
Claims (5)
1, a kind of multi-server management system, comprise management server, moving on described management server has with lower module: WEB server module, subscriber interface module, sensor assembly, platform information module, alarm module, network settings module, user management module, power management module and communication module, it is characterized in that, above-mentioned each module of moving on management server is to adopt the IPMI2.0 administrative skill, and described communication module is connected with a plurality of servers based on IPMI2.0 of being managed respectively with the RMCP+ agreement.
2, according to the described multi-server management system of claim 1, it is characterized in that, described management server and described managed a plurality of based on the communication data between the server of IPMI2.0, transmit leg is encrypted with cryptographic algorithm HMAC-MD5, HMAC-SHA1 and AES-CBC, and the recipient is decrypted with cryptographic algorithm HMAC-MD5, HMAC-SHA1 and AES-CBC.
3, a kind of multiserver administration method, it is characterized in that, set up a management server and comprise WEB server module, subscriber interface module, sensor assembly, platform information module, alarm module, network settings module, user management module, power management module and communication module, a plurality of servers of being managed based on IPMI2.0 are carried out communication data by described communication module and described management server, transmit leg adopts cryptographic algorithm HMAC-MD5, HMAC-SHA1 and AES-CBC to encrypt, and the recipient adopts corresponding decipherment algorithm to be decrypted.
4, according to the described multiserver administration method of claim 3, it is characterized in that,, implement the management of one-to-many by the browser program of visit with the communication of WEB server.
5, according to the described multiserver administration method of claim 3, it is characterized in that, may further comprise the steps: S1) input of the WEB interface on management server is by the IP address of management server object; S2) the IP address is joined by in the tabulation of management server; S3) each project in the tabulation is selected to implement management activities; S4) according to user's selection, generation meets RMCP+ specification data bag, after communication module use AES-CBC algorithm for encryption, sends on the definite server of IP; S5) by management server management activities is carried out in the packet deciphering back of receiving, and execution result is encrypted the back with returning after the RMCP+ packet encapsulation; S6) receive the RMCP+ packet of the encryption acts execution result that returns after, be decrypted and resolve and show.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610024339 CN101030880A (en) | 2006-03-03 | 2006-03-03 | Multi-server management system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610024339 CN101030880A (en) | 2006-03-03 | 2006-03-03 | Multi-server management system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101030880A true CN101030880A (en) | 2007-09-05 |
Family
ID=38715978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610024339 Pending CN101030880A (en) | 2006-03-03 | 2006-03-03 | Multi-server management system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101030880A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102469067A (en) * | 2010-11-05 | 2012-05-23 | 中科正阳信息安全技术有限公司 | HTTP hidden button protection method based on preposed gateway |
| CN102594602A (en) * | 2012-02-23 | 2012-07-18 | 浪潮电子信息产业股份有限公司 | Location management design method of multi-node cloud computing server |
| CN103905245A (en) * | 2014-03-04 | 2014-07-02 | 上海挚连科技有限公司 | Sensor node management method |
| CN104410606A (en) * | 2014-10-31 | 2015-03-11 | 国云科技股份有限公司 | Server access method for application IPMI protocol |
| CN104504323A (en) * | 2014-12-16 | 2015-04-08 | 浪潮集团有限公司 | IPMI (intelligent platform management interface) management system with encryption authentication |
| CN105978724A (en) * | 2016-05-12 | 2016-09-28 | 浪潮集团有限公司 | Server management system based on IPMI |
| CN107038101A (en) * | 2017-04-11 | 2017-08-11 | 广东浪潮大数据研究有限公司 | A kind of multiserver remote monitoring and administration method and system |
| CN107181634A (en) * | 2017-07-26 | 2017-09-19 | 郑州云海信息技术有限公司 | A kind of server Explore of Unified Management Ideas and system |
| CN107343038A (en) * | 2017-06-30 | 2017-11-10 | 山东超越数控电子有限公司 | A kind of remote real-time monitoring device and method based on IPMI |
| US9819532B2 (en) | 2011-04-13 | 2017-11-14 | Huawei Technologies Co., Ltd. | Multi-service node management system, device and method |
| CN109067757A (en) * | 2018-08-22 | 2018-12-21 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Safety method and system based on IPMI encryption module |
| CN113014431A (en) * | 2021-02-26 | 2021-06-22 | 山东英信计算机技术有限公司 | BMC management system, method and device and computer readable storage medium |
-
2006
- 2006-03-03 CN CN 200610024339 patent/CN101030880A/en active Pending
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102469067B (en) * | 2010-11-05 | 2014-12-31 | 中科信息安全共性技术国家工程研究中心有限公司 | HTTP hidden button protection method based on preposed gateway |
| CN102469067A (en) * | 2010-11-05 | 2012-05-23 | 中科正阳信息安全技术有限公司 | HTTP hidden button protection method based on preposed gateway |
| US9819532B2 (en) | 2011-04-13 | 2017-11-14 | Huawei Technologies Co., Ltd. | Multi-service node management system, device and method |
| CN102594602B (en) * | 2012-02-23 | 2016-08-10 | 浪潮电子信息产业股份有限公司 | A kind of location management design method of multi-node cloud computing server |
| CN102594602A (en) * | 2012-02-23 | 2012-07-18 | 浪潮电子信息产业股份有限公司 | Location management design method of multi-node cloud computing server |
| CN103905245A (en) * | 2014-03-04 | 2014-07-02 | 上海挚连科技有限公司 | Sensor node management method |
| CN104410606A (en) * | 2014-10-31 | 2015-03-11 | 国云科技股份有限公司 | Server access method for application IPMI protocol |
| CN104504323B (en) * | 2014-12-16 | 2017-06-06 | 浪潮集团有限公司 | A kind of IPMI management systems with encryption certification |
| CN104504323A (en) * | 2014-12-16 | 2015-04-08 | 浪潮集团有限公司 | IPMI (intelligent platform management interface) management system with encryption authentication |
| CN105978724A (en) * | 2016-05-12 | 2016-09-28 | 浪潮集团有限公司 | Server management system based on IPMI |
| CN107038101A (en) * | 2017-04-11 | 2017-08-11 | 广东浪潮大数据研究有限公司 | A kind of multiserver remote monitoring and administration method and system |
| CN107343038A (en) * | 2017-06-30 | 2017-11-10 | 山东超越数控电子有限公司 | A kind of remote real-time monitoring device and method based on IPMI |
| CN107181634A (en) * | 2017-07-26 | 2017-09-19 | 郑州云海信息技术有限公司 | A kind of server Explore of Unified Management Ideas and system |
| CN109067757A (en) * | 2018-08-22 | 2018-12-21 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Safety method and system based on IPMI encryption module |
| CN109067757B (en) * | 2018-08-22 | 2021-07-02 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Safety method and system based on IPMI encryption module |
| CN113014431A (en) * | 2021-02-26 | 2021-06-22 | 山东英信计算机技术有限公司 | BMC management system, method and device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101030880A (en) | Multi-server management system and method | |
| CA3098836C (en) | Key management system and method | |
| US8886934B2 (en) | Authorizing physical access-links for secure network connections | |
| KR100994667B1 (en) | Access and control system for network-enabled devices | |
| CN1833403B (en) | Communication system, communication device and communication method | |
| US9300467B2 (en) | Real-time communication security for automation networks | |
| EP1926245B1 (en) | Method and system for obtaining ssh host key of managed device | |
| Calabretta et al. | MQTT-Auth: A token-based solution to endow MQTT with authentication and authorization capabilities | |
| JP2012523614A (en) | Identity Management Services Provided by Network Operators | |
| CN104010001B (en) | In mobile terminal, the method and system connecting communication is carried out in similar networking request | |
| CN111541776A (en) | Safe communication device and system based on Internet of things equipment | |
| Akerberg et al. | Exploring security in PROFINET IO | |
| JP2005204189A5 (en) | ||
| CN103384246A (en) | Safety supervision system login assistant method | |
| CN101388796B (en) | Information sending processing method, communication equipment and communication system | |
| Arvandy et al. | Design of secure iot platform for smart home system | |
| US11588798B1 (en) | Protocol free encrypting device | |
| Cisco | SNMP Support for VPNs | |
| CN108462681A (en) | A kind of communication means of heterogeneous network, equipment and system | |
| Ahmed et al. | A Secure IoT enabled Pure Sine Wave Inverter using Payload Encryption Of MQTT Protocol | |
| CN106355101A (en) | Transparent file encryption and decryption system and method for simple storage services | |
| Asadi et al. | Formal security analysis of authentication in SNMPv3 protocol by an automated tool | |
| Fischer et al. | Security for building automation with hardware-based node authentication | |
| US20230109755A1 (en) | Remote command access in a hybrid cloud to on-premises devices | |
| CN218301408U (en) | Encrypt management type serial port server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20070905 |