CN101316187A - Network management method and network management system - Google Patents
Network management method and network management system Download PDFInfo
- Publication number
- CN101316187A CN101316187A CNA2007101116448A CN200710111644A CN101316187A CN 101316187 A CN101316187 A CN 101316187A CN A2007101116448 A CNA2007101116448 A CN A2007101116448A CN 200710111644 A CN200710111644 A CN 200710111644A CN 101316187 A CN101316187 A CN 101316187A
- Authority
- CN
- China
- Prior art keywords
- user
- network equipment
- network
- management object
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a network management method for managing network users and network equipment in a same management system, which includes the steps of: taking the users and the network equipment communicating with the users as two management objects and establishing incidence relation between the two management objects; determining another management object correlating with the current management object according to the established incidence relation; at least providing one basis or means for carrying out management operation to another management object. The invention also provides a network management system which includes a management module and a memory module. The network management proposal provided by the invention can realize the management on the network equipment and the network users in the same network management system, thus reducing the complexity of the management operation.
Description
Technical field
The present invention relates to network management technology, be specifically related to network management and network management system.
Background technology
Along with the fast development of the Internet, network user is also progressively improving the requirement of network management, is also progressively going deep into to field separately at the network equipment and the network user's management.
Network device management to as if the tangible hardware of network side, i.e. network equipment resource.Network device management mainly comprises alarm management, Topology Management and performance management etc.Wherein, alarm management is to alarm demonstration according to the security incident that the safety detection network equipment in the network reports, and the network equipment that this security incident relates to is handled.Topology Management shows the physical topology that managed networks equipment forms to the keeper, and the network equipment information at network topology node place.Performance management is that the running status of the flow of the network equipment of flowing through and the network equipment is monitored and added up, performance index such as calculating such as CPU (CPU) utilance, response time, port flow, and add up the variation of each performance index, with the health status of judging the network equipment and the performance trend of predicting the network equipment.By to network device management, the keeper can the awareness network topology situation, network equipment safety or failure condition, performance of network equipments situation etc., and according to these information network is optimized.
Network users management to as if be included into system management, authenticate, charge or use other professional network user, i.e. users by management system.In fact the user is the terminal resource that a class is called as user resources.Network users management is to the increase of user in the network, revises, checks, nullifies and to the management of user profile and user's access security situation.
Along with going deep into and expansion of the network user and network device management field, and the needs of operation layer application, network device management and network users management no longer have been separate relations, have progressively formed the incidence relation between existing network users management as shown in Figure 1, network device management and the service application layer.
As shown in Figure 1, the business that the user in the network user management system uses service application layer to provide, so network user management system is associated with service application layer.For the user opens one when professional, at service application layer with user and business-binding, according to the business of being opened the network equipment is disposed accordingly again, for example, for the port of this user's access network device is disposed Access Control List (ACL) (ACL, AccessControl List), to realize the open-minded of this user business of being applied for.And dispose ACL is the function that realizes in network apparatus management system, so network user management system has related to resource and the function in the network apparatus management system.Because network user management system does not possess the network device management function, therefore need the keeper to switch to and carry out corresponding operating in the network apparatus management system.
In the network device management process, sometimes also need to obtain the user profile and the access security situation thereof of access network device, when the network equipment detects virus attack or malice detection, the network manager needs directly to navigate to relative users according to the user profile that gets access to, so that solve network device problem rapidly.As seen, network apparatus management system has related to part resource and the function in the network user management system.Because network apparatus management system does not possess user profile, therefore need the keeper to switch to and obtain corresponding information in the network user management system.
As seen, in order to realize network device management and network users management, the keeper often need be switched between two systems, and operation is inconvenience very.In order to address this problem, adopt following two kinds of schemes at present usually.
Scheme one: pointwise extended mode.Under this mode,, required interdepartmental system function is expanded in the network user management system or the network equipment at the needs of network user management system or network apparatus management system.Fig. 2 is the structural representation of existing a kind of network user management system.As shown in Figure 2, this system adopts pointwise extended mode, and required network device management function is set in network user management system, and this partial function is a function superposed part between network user management system and the network apparatus management system among Fig. 1.Though the partial function that this mode can realize the partial function of network device management in network user management system and realize network users management in network apparatus management system has following shortcoming:
One, be example,, can not obtain comprehensive network device management function though can in network user management system, realize the subnetwork Equipment Management Function with the network user management system.When the keeper wishes the network user and the network equipment managed simultaneously, still need between network user management system and network apparatus management system, switch, increased the complexity that the keeper carries out management.
Two, when needs add new function, can only begin exploitation from bottom again, and already present function in existing flat network equipment management system or the network user management system directly can't be added, can not effectively utilize existing resources, cause the work of repetition and the wasting of resources.
Three, in the design phase of network user management system or network apparatus management system, can not carry out comprehensive expansion design for adding interdepartmental system function.Therefore, the interdepartmental system function that increases as expansion is difficult to merge in original management system.Along with the variation of expansion or increase gradually, need constantly to revise or increase expansion, make the complexity of original management system improve gradually, thereby the fail safe and the stability of management system is threatened.
Scheme two: interface linkage mode.Under this mode, by being arranged on the interlock of the interlock Interface for System function on network user management system, network apparatus management system and the service application layer.Fig. 3 is existing a kind of management system structural representation of realizing network users management and network device management, as shown in Figure 3, expand the interlock interface layer respectively on network user management system and network apparatus management system, network user management system and network apparatus management system are carried out its required interdepartmental system function by interlock interface layer control the other side respectively.Service application layer is too by expansion interlock interface layer passage, Control Network Subscriber Management System and the network apparatus management system realization function corresponding between foundation and network user management system and the network apparatus management system respectively.This mode has following shortcoming:
One, network user management system and network apparatus management system remain two independently systems, has administration interface separately respectively, therefore keeper's operation of still can not the omission system switching comes the supervising the network user and the network equipment simultaneously, solves and uses the high defective of complexity.
Two, network apparatus management system can obtain required user profile by the interlock interface layer from network user management system.In like manner, network user management system also can the control network devices management system carry out the configuration of the network equipment.But, because each management system has its cover resource representation mode separately, both made for the same network equipment in the Internet or same user, also may be different in network user management system and expression mode in the network apparatus management system.Therefore when linking, the interlock interface layer needs the corresponding resource mapping relation according to two systems that preserve in advance, in native system, the user or the network equipment are mated, and adopt native system identification mode to represent this user and the network equipment, just can carry out subsequent operation then.Simultaneously, network user management system is related with resource mapping in the network apparatus management system can't to be utilized by service application layer, and service application layer need carry out resource mapping again in inside.As seen, additional matching operation and in the secondary resource mapping that service application layer carries out has increased the complexity that realizes this network management system.
Three, service application layer need be expanded different interlock interface layers, to be suitable for the network user management system and the network apparatus management system of different frameworks.Therefore, further increased the complexity that realizes network management system.
As seen, the complicated operation degree is higher is the major defect of the above-mentioned network equipment and user's Managed Solution.
Summary of the invention
In view of this, the invention provides a kind of network management, can reduce the complexity of bookkeeping.
This method is used in same management system the network user and the network equipment being managed, and comprising:
With the user and with the network equipment of this telex network as two class management objects, set up the incidence relation between the described two class management objects;
According to the incidence relation of being set up, determine the another kind of management object that is associated with current management object;
A foundation or an approach that described another kind of management object is managed operation is provided at least.
Wherein, the described incidence relation of setting up between the described two class management objects is: with the unique identification of user in network as linked character information, set up the corresponding relation of user and linked character information, the access network device of described telex network and intermediary network device arrive self with described linked character information learning in the message repeating process, utilize this linked character information that described user, access network device and intermediary network device are carried out association.
Wherein, any one in described linked character information be user terminal media interviews control MAC Address, Internet protocol IP address, dispatch from the factory sequence number or the port numbers.
Wherein, described current management object is the user, described definite another kind of management object that is associated with current management object is: with the user as current management object is index, according to described incidence relation, determines the access network device that is associated with described user;
Describedly provide a foundation or an approach that described another kind of management object is managed operation to be at least: that set in advance, relevant with the described access network device that is associated network users management rule to be shown with visual form.
Preferably, described the network users management rule that sets in advance is shown after, further comprise: determine current selected network users management rule, the described access network device that is associated is carried out bookkeeping according to this rule.
Wherein, described current management object is the network equipment, described definite another kind of management object that is associated with current management object is: with the network equipment as current management object is index, according to described incidence relation, determines the user who communicates by letter with the described network equipment;
Before the described incidence relation of setting up between the described two class management objects, further comprise: when activating the service for the user, set up and preserve described user and the corresponding relation between activating the service, and preserve the business information opened, the service deployment information that will be used to open described business is issued to the access network device of described user's correspondence.
The network equipment that the keeper is selected in the topology interface that sets in advance is during as current management object, describedly provides a foundation or an approach that described another kind of management object is managed operation to comprise at least: obtain the user profile with the described user who is associated as the network equipment of current management object; To reach as the network equipment of current management object and be shown in the described topology interface so that visual form is corresponding with its user's who is associated user profile.
Wherein, after the described incidence relation of setting up between the described two class management objects, further comprise: when detecting alarm event,, the network equipment corresponding with this alarm event is defined as described current management object according to detected alarm event;
Describedly provide a foundation or an approach that described another kind of management object is managed operation to be at least: according to detected alarm event, the user's who communicates by letter with the described network equipment user profile is shown in the alarm interface and topology interface that sets in advance.
Wherein, described alarm event is security incident;
The network equipment of described alarm event correspondence is: the network equipment that is subjected to this security incident influence;
Described determine with user that the described network equipment is communicated by letter after, further comprise: according to described security incident, with user that the described network equipment is communicated by letter in determine to cause security incident the user;
Describedly provide a foundation or an approach that described another kind of management object is managed operation further to comprise at least: to be subjected to the network equipment information of this security incident influence and/or to cause that the user's of security incident user profile is shown in the described alarm interface and topology interface that sets in advance with described.
Wherein, describedly provide a foundation or an approach that described another kind of management object is managed operation further to comprise at least: to obtain network equipment performance data and/or this user's the customer service performance data and/or the user authentication data of in the network insertion process, preserving of the access network device of the described user's correspondence that causes security incident, determine the occurrence cause of described security incident for the network manager according to these data.
Preferably, after the described incidence relation of setting up between the described two class management objects, further comprise: according to the performance of network equipments rule that sets in advance, the data traffic of the described network equipment of flowing through and the running status of the described network equipment are monitored and added up, obtain network equipment performance data;
Described alarm event is that network equipment performance data surpasses the threshold value that sets in advance;
Describedly will the network equipment corresponding with this alarm event be defined as described current management object and be: the network equipment that network equipment performance data is surpassed threshold value is defined as described current management object;
Describedly provide a foundation or an approach that described another kind of management object is managed operation further to comprise at least: the network equipment information that obtains current management object; According to described user and the corresponding relation between activating the service, search the user's corresponding service that is associated with described current management object; The network equipment information of described current management object and/or the user's that is associated business information is shown in the described alarm interface and topology interface that sets in advance, judges the influence of performance of network equipments customer service for the network manager.
Preferably, after the described incidence relation of setting up between the described two class management objects, further comprise: according to preset user service feature rule, the data traffic that carries designated user, specified services to the network equipment of flowing through is monitored and is added up, and obtains each customer service performance data;
Described alarm event surpasses the threshold value that sets in advance for the customer service performance data;
Describedly will the network equipment corresponding with this alarm event be defined as described current management object and be: the network equipment that the customer service performance data is surpassed threshold value is defined as current management object;
Describedly provide a foundation or an approach that described another kind of management object is managed operation further to comprise at least: to obtain the network equipment information that the customer service performance data surpasses the network equipment of threshold value; The network equipment information that gets access to is shown in the described alarm interface and topology interface that sets in advance, judges of the influence of customer service performance the network equipment for the network manager.
Preferably, set in advance the corresponding relation of alarm event and alarming processing operation, described be shown in the alarm interface that sets in advance and the topology interface after, further comprise: carry out the processing operation of described alarm event correspondence.
Preferably, before the described incidence relation of setting up between the described two class management objects, further comprise: provide a unified keeper to login approach, when receiving keeper's logging request, the keeper is authenticated, and when authentication is passed through, allow described keeper's login and allow its while leading subscriber and network equipment in described management system.
Preferably, described providing at least after the foundation or approach that described another kind of management object is managed operation further comprises: will be to the performed operation note of user and/or the network equipment in one that sets in advance unified audit log.
Preferably, this method further comprises: according to the described foundation that another kind of management object is managed operation described current management object is managed.
The present invention also provides a kind of network management system, can reduce the complexity of bookkeeping.
This system is used in this network management system the network user and the network equipment being managed, and comprising: administration module and memory module, wherein,
Described administration module with the user and with the network equipment of this telex network as two class management objects, set up the incidence relation between the described two class management objects, and this incidence relation sent to described memory module; According to the incidence relation that reads from memory module, determine the another kind of management object that is associated with current management object; A foundation or an approach that described another kind of management object is managed operation is provided at least;
Described memory module is preserved the incidence relation that comes from described administration module.
Wherein, described administration module comprises the control submodule,
Described control submodule obtains described incidence relation from described memory module, when definite current management object is the user, with the user as current management object is index, according to described incidence relation, definite access network device that is associated with described user provides a foundation or an approach that described access network device is managed operation at least; When definite current management object is the network equipment, with the network equipment as current management object is index, according to described incidence relation, definite user who communicates by letter with the described network equipment provides a foundation or an approach that described user is managed operation at least.
Preferably, described administration module further comprises the alarm submodule, detects alarm event, after determining alarm event to occur, this alarm event is sent to described control submodule;
Described control submodule further receives described alarm event, the network equipment of described alarm event correspondence is defined as described current management object, and according to described alarm event, the user profile of obtaining the user who communicates by letter with the described network equipment is as the foundation that described user is managed operation.
Preferably, described administration module further comprises: the Performance Detection submodule, according to the performance of network equipments rule that sets in advance, the data traffic of the described network equipment of flowing through and the running status of the described network equipment are monitored and added up, obtain network equipment performance data, and this network equipment performance data sent to described alarm submodule, and/or, according to preset user service feature rule, the designated user that carries to the network equipment of flowing through, the data traffic of specified services is monitored and is added up, obtain the customer service performance data, and this customer service performance data is sent to described alarm submodule;
Described alarm submodule is further determined the appearance of alarm event according to described network equipment performance data and/or customer service performance data.
Preferably, described administration module further comprises the administrator authentication submodule, preserve legal keeper's authentication information, receiving management person's logging request, according to the authentication information of being preserved this keeper is authenticated, and authentication by the time, notify described control submodule to allow described keeper login and allow its leading subscriber and network equipment simultaneously.
Preferably, described administration module further comprises: the audit submodule, receive the bookkeeping record come from described control submodule, and with the bookkeeping recorded and stored that receives in the unified audit log of self;
Described control submodule further basis generates the bookkeeping record to user and/or the performed bookkeeping of the network equipment, and this bookkeeping record is sent to described audit submodule.
Preferably, described system further comprises: display module, receive come from described administration module described another kind of management object is managed the foundation or the approach of operation, and show with visual form;
Foundation or approach that described administration module is further used for described another kind of management object being managed operation send to described display module.
Preferably, this system further comprises business module, when activating the service for the user, set up user and the corresponding relation that is activated the service, this corresponding relation and user's business information is sent to described memory module, and will be used for the service deployment information that the user activates the service and send to described administration module;
Described memory module is further preserved described user and corresponding relation that is activated the service and described user's business information;
Described administration module further receives described service deployment information, and sends out under this service deployment information that will receive.
Preferably, this system further comprises: the service dynamic expansion module, and for described administration module and business module provide unified business interface.
The present invention provides a kind of computer software again, can reduce the complexity of bookkeeping.This software comprises computer executed instructions, and this instruction is with so that computer equipment is carried out above-mentioned network management.
The present invention provides a kind of computer-readable medium again, can reduce the complexity of bookkeeping.This medium comprises aforementioned calculation machine software.
The present invention provides a kind of computer equipment at last, comprises the software of carrying out above-mentioned network management, and the hardware that moves this software.
According to above technical scheme as seen, use the present invention and can reduce the complicated operation degree of keeper in managing network device and user procedures.Specifically, technical scheme of the present invention has following beneficial effect:
Network management scheme of the present invention as two class management objects, and is integrated in user and the network equipment in the same management system with network users management function and network device management function.The keeper can manage the user and the network equipment simultaneously, has avoided switching the trouble that causes because of system, has reduced the complexity of bookkeeping.
The health status of the network equipment can impact user and business, correspondingly, and user and the professional health status that also may have influence on the network equipment.The present invention can get access to network equipment information, user profile and the business information relevant with this alarm event after detecting alarm event, carry out association then and show.Thereby provide related intuitively demonstration and operation interface between the network equipment and user, avoid existing keeper between network device management interface and network users management interface, to switch the harmful effect that brings with the operation of obtaining relevant information, reduced keeper's complicated operation degree.
In the service fulfillment process, the keeper can finish the whole flow process that is set to network equipments configuration from business in an interface, avoided the operation of interface switching, has further reduced keeper's bookkeeping complexity.
In addition, because the user and the network equipment occur as unified resource, therefore the identical network equipment or user has unified expression way, omitted and need carry out the operation of information matches according to mapping.And service application layer can directly adopt this same expression way to be configured operation, avoids repeating mapping, thus the information process in the simplified system.
The present invention can also be by pre-configured customer service performance management rule, and the flow of flowing through the network equipment and carry the specified services of designated user is monitored and added up, and obtains the customer service performance data.Then according to the customer service performance data, the network equipment is reconfigured or changes, perhaps the specified services with above-mentioned designated user is deployed on other network equipment, thereby has realized the optimization of network.
Description of drawings
Fig. 1 is the incidence relation schematic diagram between existing network users management, network device management and the service application layer.
Fig. 2 is the structural representation of existing a kind of network user management system.
Fig. 3 is existing a kind of management system structural representation of realizing network users management and network device management.
Fig. 4 is the exemplary process diagram of network management of the present invention.
Fig. 5 is the flow chart of network management in the embodiment of the invention.
Fig. 6 is the flow chart of alarm management in the embodiment of the invention.
Fig. 7 is the basic structure schematic diagram of network management system of the present invention.
Fig. 8 is the structural representation of network management system in the embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing embodiment that develops simultaneously, describe the present invention.
The present invention is a kind of network management scheme, and its basic thought is: in the consolidated network management system, with the user and with the network equipment of this telex network as two class management objects, set up the incidence relation between the described two class management objects; According to the incidence relation of being set up, definite another kind of management object that is associated with current management object provides a foundation or an approach that another kind of management object is managed operation at least.
Fig. 4 shows the exemplary process diagram based on the network management of above basic thought.As shown in Figure 4, this method may further comprise the steps:
Step 401: with the user and with the network equipment of this telex network as two class management objects, set up the incidence relation between this two classes management object.
Step 402:, determine the another kind of management object that is associated with current management object according to the incidence relation of being set up.
Step 403 a: foundation or an approach that described another kind of management object is managed operation is provided at least.
Here, the described foundation that another kind of management object is managed operation is meant, judges the information of which kind of bookkeeping of follow-up execution for keeper or network management system, and this information can be the information relevant with the user and/or the network equipment.To another kind of management object manage operation specifically can be to this management object increase, operation such as deletion, configuration, also can carry out simple display operation to this another kind of management object.
The described approach that another kind of management object is managed operation is meant that management system the bookkeeping that follow-up needs are carried out according to the information analysis of obtaining automatically, and can show by the link of visual form with bookkeeping.The approach that the keeper can provide according to management system is selected required bookkeeping.
As seen, adopt the network management scheme shown in Fig. 4, user and network equipment unification as managed object, and are integrated in network users management function and network device management function in the same management system.The keeper can manage the network user and the network equipment in same administration interface, has avoided the trouble because of needing interface switching to cause, and has reduced the complexity of Admin Administration's operation.
In addition, because the user and the network equipment are in the same management system, therefore the identical network equipment or user has unified expression way, omitted and need carry out the operation of information matches according to mapping.And service application layer can directly adopt this unified expression way to be configured operation, avoids repeating mapping, thus the information process in the simplified system.
Below lifting specific embodiment is described in detail network management scheme of the present invention.
Fig. 5 is the flow chart of network management in the embodiment of the invention.As shown in Figure 5, this method comprises:
Step 501: when opening customer service, the corresponding relation between service application layer is set up and preserved the user and activated the service, preservation user's business information, the service deployment information that will be used to activate the service is issued to access network device.
In this step, when the user activated the service, service application layer was with user account number and user-selected business-binding and preserve, thereby had set up user and professional corresponding relation, simultaneously the particular content that the user activated the service was preserved as business information.Then, service deployment information is issued to access network device and finishes deployment, thereby finished the open-minded of customer service.
So that Fiber To The Curb, sub-district, building, the family, (FTTx of office, Fiber To The Curb, Cell, Building, Home, Office) business is example, this business provides different set meal services for the user, for example program set meal service of the different channel of customization etc.Every kind of corresponding ACL of set meal service.ACL is exactly some rule sets, according to the rule that ACL is provided with the message that meets specified conditions is handled.For example, when opening the service of user applies soccer programs set meal,, will be configured on the corresponding port of access network device as the ACL of service deployment information simultaneously in the user account number binding of service application layer with ACL and this user of this soccer programs set meal service.Like this, the binding relationship of preserving in this locality be the user and the corresponding relation between activating the service.After the user connects network by access network device, can use the business of opening.Here, will user, the network equipment and business association the ACL that gets up call the fusion object.Different services have different fusion objects.
Provide personalized service as the user with the QinQ technology of using two-layer Virtual Local Area Network sign and to be example, at first a QinQ Virtual Local Area Network (VLAN is set in this step for the user, Virtual LocalArea Network) number, at each QinQ VLAN the personalized user right and the service content of user applies are set.When opening the service of user applies, preserve user's QinQ vlan number and the corresponding user right and the service content of user applies, this user's QinQ vlan number is issued on this user's the corresponding port of access network device; Perhaps earlier this user's QinQ vlan number is configured in the server, treat that the user logins after, be issued in user's the access network device.Like this, the user just can use the business of opening.Wherein, for the user is provided with the QinQ vlan number user and professional corresponding relation are set promptly, the user right and the user applies service content of preserving at the QinQ vlan number are business information.As seen, the QinQ vlan number with user, the network equipment and business association get up, be exactly the fusion object in providing personalized service for QinQVLAN number for the user.
In the present embodiment, merging object all is the Internet resources object usually, such as vlan number, ACL number, QinQ number, switch ports themselves number, network equipment the Internet (IP, Internet Protocol) address/media interviews control (MAC, Media Access Control) address (Port) number etc.So, can simply these Internet resources objects be merged the object resource as preparation and carry out unified management.
Network management system can provide above step guide of opening flow process for the keeper, makes the keeper progressively operate according to guide, finishes each step of opening flow process in an interface, and need not interface switching.
Step 502: when the user terminal at user place passes through the access network device access network, management system is preserved the corresponding relation of user and user terminal MAC Address, this user's access network device and with the intermediary network device of this user terminal communication by the message repeating process, the MAC address learning of this user terminal is arrived self, thereby set up the incidence relation of user and access network device and intermediary network device.
Before the business of in using step 501, opening, the user need be linked in the network, so that transmission of Information such as realization business datums.When the study MAC Address, access network device gets access to MAC Address and is kept on the port from the access message that user terminal sends, and intermediary network device is then obtained MAC Address from the message that comes from user terminal that access network device is transmitted.Like this, by with MAC Address as linked character information, can associate with user, access network device and with the intermediary network device of this user terminal communication.As seen, the MAC Address of user terminal is the bridge of the contact user and the network equipment, i.e. linked character information.
Certainly, the IP address of user terminal also can be access in network equipment and intermediary network device and get access to, network management system is as long as under when inserting user terminal IP and user's corresponding relation being preserved, the IP address of user terminal also can be used as linked character information so.As seen, the unique identification of can be in network unique expression user or user terminal can be as linked character information, for example information such as the sequence number that dispatches from the factory of user terminal, user ID.Certainly, if adopt dispatch from the factory sequence number or user ID, then also need after the user inserts, this linked character information be sent to user's access network device and intermediary network device, and by access network device and intermediary network device preservation, thereby utilize this linked character information to carry out user, access network device and intermediary network device related.
In this step, access network device is also created dynamic session identification (SessionID) for the user of this access, for the SessionID that this user creates corresponding with the MAC Address of its place user terminal.Therefore, SessionID also can associate the user and the network equipment, but the association that produces on the basis of MAC, therefore can be called as the linked character information on upper strata.
Step 503: after determining current management object, judge whether this current management object is the user, if then execution in step 504; Otherwise, execution in step 505.
Current management object can be determined by the keeper, can be determined automatically by management system.
Situation about being determined by the keeper for current management object, usually, management system can be with the online tabulation of the user who comprises user profile, and the network topology that comprises network equipment distributed intelligence and mutual physics or logic connecting relation is shown to the keeper.Wherein, user profile is meant and user-dependent information, comprises user basic information such as user name, terminal, user access network equipment that the user bound, or the like.Network equipment information be meant with network in the network equipment relevant information, comprise network appliance IP address, network equipment title, types of network equipment information, or the like.User profile and network equipment information are the information of being safeguarded and being preserved by management system.
Particularly, the network topology display operation can be realized according to following step:
A, with all network equipments that will manage as the network equipment that will show, obtain the network equipment information of wanting display network equipment; Wherein, the network equipment that manage is to search from whole network automatically by the auto discovery mechanism of network in advance.
The network equipment information that b, basis are obtained forms topology, and with visual form this topology is shown.Here, the topology that demonstrates is simple topology, does not merge user profile.
After this, the keeper selects the user who is managed from the online tabulation of user when determining to carry out network users management; When determining to carry out network device management, from network topology, select the network equipment of being managed.No matter above-mentioned which kind of management, management system all can get access to the management object information of being clicked by the keeper by the mode of mouse event sensitivity.
Situation about automatically being determined by management system for current management object when management system detects trigger event, can be determined the user or the network equipment as current management object automatically according to trigger event.For example, when management system detects alarm event, determine current management object according to alarm event; Perhaps, after management system detects execution safety inspection order, determine current management object according to the object of safety inspection.
Step 504: according to the incidence relation of being set up, the access network device that user definite and as current management object is associated, the foundation or the approach that this user and/or this user's access network device are managed operation are provided, and finish the present networks management process.
In order to provide this user and access network device are carried out bookkeeping, present embodiment can set in advance the network users management rule, manage the foundation of operation as access network device, and this network users management rule is shown with visual form to this user and/or this user.After then this step was carried out, the keeper need can select the bookkeeping of execution from this rule, and management system is carried out the corresponding management operation according to keeper's selection.The bookkeeping here can be that user's user profile and corresponding access network device information are shown to the keeper, can be to force this user and access network device to carry out the user offline operation, can also be further according to user who sets up in the step 501 and professional corresponding relation, this user's corresponding service information is shown to the keeper, and the business information that reception process keeper upgrades is also preserved.
Step 505: according to the incidence relation of being set up, the user that the network equipment definite and as current management object is associated, provide to this network equipment and/or to the user who is associated with this network equipment and manage the foundation or the approach of operation, and finish the present networks management process.
Foundation that provides in this step or approach can show at topology interface that is used for Topology Management and/or the alarm interface that is used for alarm management.
Wherein, in Topology Management, will be as the network equipment of current management object and the network equipment that is associated with this current management object as the network equipment that will show, obtain the network equipment information of wanting display network equipment, and with the described user's who is associated as the network equipment of current management object user profile, form topology according to network equipment information that obtains and user profile, and this topology is shown with visual form.This topology is not simple topology, possesses the user profile relevant with the network equipment in this topology, is about to the related demonstration with related network device of user profile.Related demonstration is meant in same administration interface carries out the correspondence demonstration with corresponding network equipment information and user profile.When the keeper checks network equipment information, can in same administration interface, view the user profile that inserts the user on this network equipment, perhaps when checking user profile, view the network equipment information of this user's access network device in the same administration interface.During concrete the demonstration, can be by setting up information entry, user profile that will be relevant with the network equipment is hidden and is shown.The keeper can see the particular content of user profile behind the link information inlet.For example, in topology interface, after clicking the network equipment by right key, the option that " checking user profile " occur, administrator just specifies will be selected this option, and topology interface shows the user profile that inserts user on this network equipment, " checking business information " option can also occur, after the keeper selected, topology interface showed the business information that inserts this network equipment user.As seen, for Topology Management, the foundation that the network equipment is managed is a network equipment information, and the foundation that the user who is associated with this network equipment is managed is the user profile and/or the business information of this usefulness.Management system also can analyze the bookkeeping that specifically should carry out automatically according to these information and be shown to the keeper, and the another kind of management object that current management object is associated as the keeper is carried out the approach of bookkeeping.
In alarm management, when detecting alarm event, determine alarm cause according to this alarm event, the network equipment corresponding with this alarm cause is defined as current management object, according to determined alarm cause, to carrying out the alarm management operation as the network equipment of current management object and the user who communicates by letter with this network equipment.Performed bookkeeping can comprise warning information, relevant network equipment information, user profile and business information are shown, and the equipment relevant with alarm event, user or business are handled.Wherein, alarm event can cause by security incident, also can be to be caused unusually, also can be the unusual initiation by the assembly of management system own by performance of network equipments, or the like.But preceding two kinds is the alarm of outbalance.As seen, for alarm management, the foundation that the network equipment is managed is the network equipment information of the network equipment relevant with alarm event, to being the user's that communicates by letter with the above-mentioned network equipment relevant with alarm event user profile and/or business information with foundation that user that this network equipment is associated manages.Management system also can analyze the bookkeeping that specifically should carry out automatically and be shown to the keeper according to these information, and the another kind of management object that current management object is associated as the keeper is carried out the approach of bookkeeping.
So far, finish network management flow process in the present embodiment.
By foregoing description as seen, in the present embodiment, owing to set up the incidence relation of user and LA Management Room, network users management function and network device management function are blended among the same system, therefore, the keeper can utilize above-mentioned two kinds of management functions to carry out bookkeeping in very convenient ground simultaneously, switches and need not executive system, thereby reduced the complexity of bookkeeping effectively, and improved the efficient of bookkeeping.
Because two kinds of management functions are blended in the system, then the convenience of alarm management has obtained improving significantly in the present embodiment.Fig. 6 shows the flow chart of alarm management in the present embodiment.Referring to Fig. 6, the alarm management operation may further comprise the steps:
Step 601: judge whether to detect alarm event, if then execution in step 602, otherwise, finish this alarm management operating process.
Step 602: judge whether this alarm event is security incident, if then execution in step 603; Otherwise, execution in step 606.
In this step, when this alarm event shows that network side is subjected to such as attack, virus or unauthorized access etc., judge that this alarm event is security incident; When this alarm event shows that performance issue appears in network side, judge that then this alarm event is a performance event.
Step 603: according to the information of security incident, obtain the network equipment that is subjected to this security incident influence, the network equipment that obtains as current management object, according to the network equipment and user's incidence relation, is searched the user and the user profile thereof that are associated with current management object;
In this step,, determine to be subjected to the network equipment of security incident influence according to information such as the source address in the security event information, destination address, the network segments.Here, the access network device of under attack, virus or unauthorized access can be defined as being subjected to the network equipment of security incident influence, the network segment that also can take place according to security incident simultaneously, with all related network devices in this network segment all as being subjected to the network equipment that security incident influences.Then, according to the network equipment and user's incidence relation, search the user and the user profile thereof that are associated with the network equipment that is subjected to the security incident influence.Specifically, when detecting is after access network device is subjected to the security incident influence, can obtain MAC Address from this access network device, according to the user of management system preservation and the corresponding relation of MAC Address, search the user who inserts on the access network device, obtaining this user's user profile.When detecting is after intermediary network device is subjected to the influence of security incident, can directly from the service message of bearing safety incident, obtain the MAC Address of the equipment that sends this message, then according to the corresponding relation of user and MAC Address, search the initiation user of this service message and obtain this user's business information.Above-mentioned these users can be as the user who is associated with the network equipment that is subjected to the security incident influence.There is one to be the user who causes security incident among these users.
In order to access the propagation path of security incident, can also determine to cause the user terminal of this security incident according to the source address of security incident, cause the equipment of this security incident.
Step 604: determine to cause the user of security incident, from this user's user profile, obtain this user's on-position.
User's the mode of determining to cause security incident in this step is more flexible, can obtain this user's user profile with the user of the MAC Address correspondence of the above-mentioned equipment that sends this message as the user who causes security incident;
Perhaps, according to the IP address of the equipment that causes this security incident,, determine to cause the user of attack and obtain user profile with the binding relationship of user who preserves in the user profile and IP address;
Perhaps, from determining that the access network device that is subjected to the security incident influence obtains MAC Address, according to the user of management system preservation and the corresponding relation of MAC Address, obtain the user and the user profile thereof that insert this access network device, again as the user's who causes security incident user profile;
Compare in fact, first kind of user's who determines to cause security incident mode is fairly simple.
Step 605: will be subjected to the network equipment information and the user information corresponding thereof of this security incident influence, and cause that the user profile of security incident shows in alarm interface and topology interface.Direct then execution in step 607.
In this step, unite demonstration in the interface, can adopt visual tabular form in alarm, the display alarm reason, this alarms the related network equipment and user.Particularly, with the determined corresponding demonstration of user profile that is subjected to the network equipment information of security incident influence and is subjected to the security incident influence of step 603; The user profile that causes security incident that step display 604 is determined is comprising user's on-position.This corresponding display mode helps the keeper to determine attack source, and the network equipment, user and the business of influence under fire.
Association in topology interface shows, can adopt visual graphic form, display alarm reason, related equipment and the user of this alarm.Particularly, in topology, show events affecting under attack network equipment information, be subjected to the security incident influence user profile, cause the user profile of attack and the on-position that causes the user of attack.If security incident is an attack, can also show attack path.
Wherein, when showing the network equipment that is subjected to the security incident influence, in the topology that shows, the network equipment that is defined as being subjected to the security incident influence is shown as the color that predefined expression is subjected to the security incident influence, and the formed zone of the network equipment that can also be subjected to the security incident influence adopts the color of predefined sign security incident coverage to show; When showing attack path, according to the network equipment of determining that causes security incident and the network equipment that is subjected to the security incident influence, calculate the intermediate node between them, the network equipment that will cause security incident then is defined as attack path by the path that intermediate node arrives the network equipment that is subjected to the security incident influence, attack path is shown as the color of predefined expression attack path; When showing the user's who is subjected to the security incident influence user profile, provide information entry on this user's access network device, user profile is hidden with the form of information entry and is shown, after the keeper enters information entry, can see corresponding user profile.In like manner, showing provides information entry when playing the user of security incident on this user's terminal, and the access network device that perhaps this is caused the user of security incident is shown as to be represented to cause the color of the security incident network equipment and information entry is provided.
Above-mentionedly represent to be in the network equipment and the path of different conditions, in practice, can also adopt other special identifier to represent to be in the network equipment and the path of different conditions according to change in color.For example, adopt specific pattern identification.
The network equipment information and the user information corresponding thereof that are subjected to this security incident influence obtained in this step, and cause that the attack path information of the user profile of security incident and corresponding and attack can be as to being subjected to the administration base of the network equipment that this security incident influences and/or the user who is associated.After obtaining above-mentioned information as administration base, the keeper can check these information, carry out the security incident analysis according to these information, can also utilize user name and the implementor name from information, obtained that the network equipment that is subjected to this security incident influence and/or the user who is associated are carried out safety inspection, perhaps obtain the performance data of the network equipment that is subjected to this security incident influence, perhaps obtain the user who is associated with the network equipment that is subjected to this security incident influence and use professional customer service performance data, thereby carry out further analyzing and processing.Certainly, management system also can analyze the bookkeeping that specifically should carry out automatically according to these information, for example control user offline or reconfigure the network equipment etc., then the bookkeeping that analyzes is shown to the keeper, the another kind of management object that current management object is associated as the keeper is carried out the approach of bookkeeping.
Step 606: obtain abnormal cause according to this performance event, and user profile, network equipment information and the business information that will be subjected to the influence of this performance event show in alarm interface and topology interface.
In the present embodiment, network management system is carried out performance of network equipments and is detected and the customer service Performance Detection during the network operation.Wherein, it is the performance of network equipments rule that basis sets in advance that performance of network equipments detects, and the operation conditions of the data traffic on the network equipment of flowing through and the network equipment is monitored the statistical correlation data, to obtain the performance data of various network device, i.e. network equipment performance data; The customer service Performance Detection is according to preset user service feature rule, adopt the filtering rule of user+business, flow to the designated user specified services of the network equipment of flowing through is monitored and is added up, to obtain user's service feature data, i.e. customer service performance data.
Because MAC Address and user binding, the protocol port of message can identify message institute loaded service, the filtering rule that therefore can adopt the MAC+ protocol port filters the flow of the network equipment of flowing through, statistics network equipment disposition has the appointment MAC Address, and the protocol port in the service message is the flow of specified protocol port, and this flow is exactly the flow that designated user uses specified services.As seen, filter the back and only pay close attention to the data traffic of using specified services corresponding to designated user,, can obtain the customer service performance data by this data traffic is added up.The MAC here obtains from the network equipment, and protocol port is to find corresponding user according to MAC, obtains this professional protocol port according to this user's business information.Therefore, the fusion that has also embodied the network equipment and the network user of obtaining of customer service performance data is managed.
The abnormal cause that produces performance event in the present embodiment comprises: the unusual and customer service property abnormality of network equipment health status.
When in determining network equipment performance data one or many index surpassed predetermined threshold, then decision network equipment health status was unusual.The predetermined threshold here can be the percentage of the total flow that can bear of the network equipment, for example: 90%, 60% etc.According to the difference that sets threshold value, be carried on Business Stream on this network equipment and can be subjected in various degree influence, the user who inserts this network equipment also can be subjected to the influence of respective degrees.For example, when total flow arrived 90%, decision network equipment was unhealthy, professional and user was impacted, and when total flow reaches 60%, judged that this performance trend will impact professional and user.Under network equipment health status abnormal conditions, this step is when showing, the network equipment that network equipment performance data is surpassed threshold value is defined as current management object, incidence relation according to this network equipment and user, search the user and the user profile thereof that are associated with current management object, according to user and professional corresponding relation, search the employed business of the user who is associated with current management object, can also obtain the professional business information of using simultaneously.Management system can show as administration base information, user profile and the business information of above-mentioned current management object at alarm interface and topology interface.Thereby embody network equipment health status which user and which business have been caused influence.And, can also predict the development trend that may impact according to above-mentioned information.For example, can obtain the network equipment performance data of the unusual network equipment of this health status, and the designated user of this network equipment carrying, the customer service performance data of specified services, carry out forecast analysis according to these data, obtain the affected trend of the network equipment or customer service, thereby the network equipment and/or user are managed.
When concrete topology shows; can be in topology interface; network equipment performance data surpasses the color that performance event appears in expression that the network equipment of threshold value is set to set in advance; or be expressed as the figure of appointment; and provide the related user profile and the information entry of business information at the network equipment place that this network equipment performance data surpasses threshold value; for example activate and show these and the network equipment relevant information of network equipment performance data, with can with which business impacting which user unusually of embodiment network equipment performance data directly perceived above threshold value by clicking " professional details " and " User Detail ".
When in determining the customer service performance data one or many index surpass predetermined threshold, judge the customer service property abnormality, the variation tendency of customer service performance data will impact the network equipment health this moment.In this case, this step is when showing, the network equipment that the customer service performance data is surpassed threshold value obtains the network equipment information of this network equipment as the network equipment that will show.Can also obtain the customer service performance data and surpass the user who inserts on the network equipment of threshold value according to the incidence relation of the user and the network equipment.Can also from user profile, obtain the user's who uses this customer service access network device and network equipment information thereof if desired.Provide related demonstration in the association demonstration of alarm in the interface and the topology interface according to these information for the keeper.So, the keeper can be according to the information of obtaining, and adjusting user's on-position or replaceability can better the network equipment or change network equipments configuration, to optimize network.
As seen, the user profile, network equipment information and the business information of obtaining in this step that are subjected to the influence of this performance event can be as the foundation that the user that is subjected to the performance event influence and/or the network equipment are managed.
Step 607:, carry out corresponding processing operation at alarm event according to shown information and the fusion management strategy that sets in advance.Wherein, record the corresponding relation that sets in advance alarm event and alarming processing operation in the fusion management strategy.
In this step, the information of demonstration is the foundation that is used for the leading subscriber or the network equipment.According to these foundations and fusion management strategy, on alarm interface and topology interface, show the inlet of suggestion operations, or network management system automatically performs the processing operation of suggestion, thereby guaranteed the health and safety of network and customer service two aspects.Wherein, handle operation comprise isolate abnormal user, isolation network equipment, close network equipment port, revise network equipments configuration, to keeper's send Email or SMS notification or change the show state of the network equipment or user interface, or the combination of above a plurality of processing operations.
When management system shows the inlet of handling operation, just provided the approach that current management object is managed.Administrator just specifies will select a processing operation that provides just can realize the another kind of management object that current management object is associated is carried out bookkeeping.
For the aforementioned alarm cause that is checked through security incident, after determining to cause the user of security incident, the processing of its correspondence operation can for: control automatically causes the user offline of security incident, perhaps points out the keeper to control the user offline that causes security incident.The operation of control user offline can be in the user's who causes security incident as this access network device, MAC Address deletion with this user's correspondence, make this user can not pass through corresponding access network device accesses network, perhaps this user's that management system is preserved verify data deletion, make the user can not pass through checking, thus can not accesses network.
Behind the control user offline, the keeper can review the generation reason of security incident.At this moment, need according to causing that user's specifying information of security incident analyzes.These specifying informations comprise the one or any combination in the information such as customer service performance data, network equipment performance data and user authentication data.The present invention shows and the relevant information such as customer service performance data, network equipment performance data and user authentication data of customer security incident that take place with topology interface at the alarm interface, perhaps show the information entry that obtains these information, the keeper can pass through information entry as required, obtain the information relevant, determine the reason of customer security incident alarm according to the information that obtains with security incident.Wherein, customer service performance data and network equipment performance data are the correlated performance data of the access network device of user's correspondence, are preserved by network management system when user authentication data is this user access network.This reviews the operation that security incident produces reason, avoided existing interface from network user management system to obtain the user authentication data relevant with customer security incident, the interface that switches to network apparatus management system then obtains the operation of network equipment performance data.Simultaneously, remedied the defective that the customer service performance data can not be provided in the existing network management system.
So far, the alarm management flow process in the present embodiment finishes.
From foregoing description as seen, need not switch any interface from detecting alarm event to the process that the keeper makes judgement and execution corresponding operating according to demonstration.And need not adopt existing means, and according to alarm, from Internet resources, locate alarm source at the network device management interface, turn back to subscriber administration interface according to the alarm source of determining again and carry out management the user.As seen, merge and show the operation of having avoided interface switching, directly the network equipment that will be relevant with alarm event and affected user and business show, and the keeper judges and respective handling according to demonstration, has reduced the complexity of Admin Administration's network.
If the step 601 among Fig. 6 is not checked through alarm event, can not illustrate that the network equipment and customer service are healthy.For this reason, network management of the present invention also provides the safety inspection operation, and the keeper can be provided with network management system and regularly carry out safety inspection, and perhaps the irregular Control Network management system of keeper is carried out the safety inspection operation.After safety inspection begins, with the network equipment of each node in the topology as current management object, obtain the network equipment information of the network equipment of each node in the topology, the user profile and the business information that are associated with these network equipment informations, and network equipment performance data and customer service performance data, according to the information of obtaining health status, customer service situation, network user's safe condition of the network equipment are judged again, can also be predicted performance of network equipments trend and customer service performance trend simultaneously.Perhaps, after safety inspection begins, the user that will be managed is as current management object, obtain this user's user profile and business information, the network equipment information of the network equipment that is associated with this user and with the network equipment that the user is associated on network equipment information data and customer service performance data, can judge network equipment health status, customer service situation, network user's safe condition according to these information equally.More than these information can be respectively in different interface display, also can be in topology interface related the demonstration.
In the regular maintenance operation, the network management of the embodiment of the invention can also provide maintenance interface.The key network path of difference display network facility information, user profile, business information, network equipment performance data, customer service performance data, customer service in maintenance interface.Also can in topology interface above information be carried out association shows.These information can assist the keeper to formulate efficient strategy, with the configuration of guidance to the network equipment in the network, or control user on-position, thereby optimize network.
As seen, above display operation all needs to carry out related demonstration according to user profile and network equipment information, and some displaying contents also needs to carry out forecast analysis according to network equipment performance data and customer service performance data, related then the demonstration.Therefore, the keeper if just in an interface, check can awareness network equipment and user two aspect information, avoided switching the operation at different interfaces, reduced the complexity of bookkeeping.
The operation that more than has the keeper to participate in all is to carry out under the situation after keeper's login.For the network management that the present invention realizes, also comprise by providing a same keeper to login approach, realize unified management to the keeper.Specifically, before network management system is operated, authentication information according to the legal keeper who preserves in advance, after the logging request that carries authentication information that receives keeper's initiation, according to authentication information of preserving and the authentication information in the logging request keeper is authenticated, authentication allows keeper's login and allows its while leading subscriber and network equipment in described management system by being the administrator configurations authority then, otherwise refusal keeper login.Administrator just specifies will be logined once, just can manage the network user and the network equipment, can manage business simultaneously.
As seen, the present invention can avoid the dispersion and the confusion of administration authority to keeper's unified management.
Network management of the present invention also comprises the operation to user and/or network equipment resource is integrated the audit log that provides unified, uses for operating audit.If independent user operation and independently network equipment operation, also need user's operation and the network equipment operated to unite to manage, the audit log after the fusion is provided.
As seen, preserve the audit log after merging, make the keeper have comprehensive understanding and objective understanding, be convenient to the keeper problem is directly navigated to the concrete network equipment and concrete user the user in the network and the network equipment.
Network management of the present invention can also provide the demonstration respectively of network equipment information and user profile, to realize basic Network Management Function except the association that information can be provided shows.
In order to realize network management of the present invention, the invention provides a kind of network management system.
Fig. 7 is the basic structure schematic diagram of network management system of the present invention.As shown in Figure 7, this system management module 701 and memory module 702.
Wherein, administration module 701 just the user and with the network equipment of this telex network as two class management objects, set up the incidence relation between the two class management objects, and this incidence relation sent to memory module 702, according to the incidence relation that reads from memory module 702, determine the another kind of management object that is associated with current management object; A foundation or an approach that described another kind of management object is managed operation is provided at least.
Fig. 8 is the structural representation of network management system in the embodiment of the invention.As shown in Figure 8, this system comprises administration module 810, memory module 820, display module 830 and business module 840.
Wherein, memory module 820 is preserved the incidence relation that comes from administration module 810, preserves to come from the user of business module and the corresponding relation that is activated the service.Also store by the user profile of leading subscriber and business information, and the network equipment information of managed networks equipment.
The information that display module 830 will be received from administration module 810 shows.This information comprises foundation or the approach that the user is managed operation, and/or the network equipment is managed the foundation or the approach of operation.
In order to realize alarm management, the administration module 810 in the present embodiment also comprises alarm submodule 812.This submodule detects alarm event, after determining alarm event to occur, this alarm event is sent to control submodule 811.
In this case, control submodule 811 is further used for receiving the alarm event from alarm submodule 812, the network equipment of the alarm event correspondence that receives is defined as current management object, and according to described alarm event, obtain the user's who communicates by letter with the described network equipment user profile, as this user is managed one of foundation of operation.Particularly, when alarm cause is security incident, according to security event information, obtain the network equipment that is subjected to this security incident influence, from memory module 820, obtain the network equipment and user's incidence relation of its preservation, with the network equipment that obtains as current management object, according to the incidence relation that obtains, search the user who is associated with current management object, and from memory module 820, obtain the user's who is associated with current management object user profile; Determine to cause the user of security incident, and obtain this user's user profile from memory module 820; To be subjected to the network equipment information and the user information corresponding thereof of security incident influence, and cause that the user profile of security incident sends to display module 830.
At this moment, display module 830 is according to network equipment information that is subjected to the security incident influence that receives and/or the user's corresponding with the network equipment that is subjected to the security incident influence user profile and/or cause that the user's of security incident user profile is shown in alarm interface and the topology interface.
For realize performance management and with performance-relevant alarm, the administration module 810 of present embodiment can also comprise Performance Detection submodule 813, this submodule is according to the performance of network equipments rule that sets in advance, the data traffic of the network equipment of flowing through and the operation conditions of the network equipment are monitored and added up, obtain the network equipment performance data of various network device; And/or, according to preset user service feature rule, adopt the filtering rule of user+business, the flow that carries designated user, specified services of the network equipment of flowing through is monitored and added up, to obtain the customer service performance data.And network equipment performance data and/or customer service performance data that handle obtains send to alarm submodule 812.Performance Detection submodule 813 can also send to control submodule 811 with network equipment performance data and customer service performance data, carries out analyses and prediction for it, can also send to display module 830, makes its demonstration.
In this case, alarm submodule 812 is further used for receiving network equipment performance data and/or the customer service performance data from Performance Detection submodule 813, determines the appearance of alarm event according to the performance data that receives.For example, when performance data surpasses the threshold value set in advance, judge alarm event takes place, and definite alarm cause is the alarm that performance event has taken place, then performance event is sent to control submodule 811 as alarm cause.
At this moment, display module 830 will be subjected to user profile, network equipment information and the business information of this performance event influence, be shown in alarm interface and the topology interface.
In actual applications, the administration module 810 of present embodiment can also comprise administrator authentication submodule 814, this submodule is preserved legal keeper's authentication information, after receiving the logging request that comprises authentication information, authenticate according to authentication information of preserving and the authentication information in the logging request, after authentication is passed through, allow keeper's login, 811 authentications of notice control submodule are passed through, and allow this keeper's login and allow its leading subscriber and network equipment simultaneously.After this, the keeper can operate by each interface in the network management system, realizes the fusion management to the network user and the network equipment.
In actual applications, the administration module 810 of present embodiment can also comprise audit submodule 816, this submodule receives and comes from the bookkeeping record of controlling submodule 811, and with the bookkeeping recorded and stored that receives in the unified audit log of self.Audit log can also be sent to display module 830 by control submodule 811 shows.
In this case, control submodule 811 further basis is used to generate the bookkeeping record to user and/or the performed bookkeeping of the network equipment, and this bookkeeping record is sent to audit submodule 816.
In practice, control submodule 811 serves as according to analyzing, according to the fusion management strategy that sets in advance with network equipment information, user profile and the business information of obtaining further when alarm event is carried out alarm management, obtain processing operation, and automatically perform at alarm cause; Perhaps, the processing operation information at alarm cause that obtains is sent to display module 830 as the approach information that current management object is managed operation, demonstrate the execution inlet of handling operation by display module 830, the approach of i.e. reason operation, after the keeper confirms, control submodule 811 receives the affirmation information that display module 830 returns, and carries out the processing operation at alarm.
When administration module 810 carries out information interaction with business module 840, need be adopted as the business interface of business module 840 designs, when having disposed multinomial business in the business module 840, the corresponding business of business interface.For unified business interface being provided for business module 840 and administration module 810, the network management system of present embodiment further comprises service dynamic expansion module 850, this module provides unified interface for all business in the business module 840, the expansion of business in the supporting business module 840.The business of expansion can be carried out information interaction by service dynamic expansion module 850 and administration module 810 in the business module 840.
As seen, present embodiment has adopted service dynamic expansion module 850, has avoided being provided with at different business the problem of different business interface, has improved the service expansion capability of network management system of the present invention.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise some instructions with so that the computer equipment of a broad sense (as personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
In sum, more than be preferred embodiment of the present invention only, be not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (28)
1, a kind of network management is characterized in that, is used in same management system the network user and the network equipment being managed, and this method comprises:
With the user and with the network equipment of this telex network as two class management objects, set up the incidence relation between the described two class management objects;
According to the incidence relation of being set up, determine the another kind of management object that is associated with current management object;
A foundation or an approach that described another kind of management object is managed operation is provided at least.
2, the method for claim 1, it is characterized in that, the described incidence relation of setting up between the described two class management objects is: with the unique identification of user in network as linked character information, set up the corresponding relation of user and linked character information, the access network device of described telex network and intermediary network device arrive self with described linked character information learning in the message repeating process, utilize this linked character information that described user, access network device and intermediary network device are carried out association.
3, method as claimed in claim 2 is characterized in that, any one in media interviews control MAC Address, the Internet protocol IP address that described linked character information is user terminal, dispatch from the factory sequence number or the port numbers.
4, the method for claim 1, it is characterized in that, described current management object is the user, described definite another kind of management object that is associated with current management object is: with the user as current management object is index, according to described incidence relation, determine the access network device that is associated with described user;
Describedly provide a foundation or an approach that described another kind of management object is managed operation to be at least: that set in advance, relevant with the described access network device that is associated network users management rule to be shown with visual form.
5, method as claimed in claim 4, it is characterized in that, described the network users management rule that sets in advance is shown after, further comprise: determine current selected network users management rule, the described access network device that is associated is carried out bookkeeping according to this rule.
6, the method for claim 1, it is characterized in that, described current management object is the network equipment, described definite another kind of management object that is associated with current management object is: with the network equipment as current management object is index, according to described incidence relation, determine the user who communicates by letter with the described network equipment;
Before the described incidence relation of setting up between the described two class management objects, further comprise: when activating the service for the user, set up and preserve described user and the corresponding relation between activating the service, and preserve the business information opened, the service deployment information that will be used to open described business is issued to the access network device of described user's correspondence.
7, method as claimed in claim 6 is characterized in that, the network equipment that the keeper is selected in the topology interface that sets in advance is as current management object;
Describedly provide a foundation or an approach that described another kind of management object is managed operation to comprise at least: to obtain user profile with the described user who is associated as the network equipment of current management object; To reach as the network equipment of current management object and be shown in the described topology interface so that visual form is corresponding with its user's who is associated user profile.
8, method as claimed in claim 6, it is characterized in that, after the described incidence relation of setting up between the described two class management objects, further comprise: when detecting alarm event, according to detected alarm event, the network equipment corresponding with this alarm event is defined as described current management object;
Describedly provide a foundation or an approach that described another kind of management object is managed operation to be at least: according to detected alarm event, the user's who communicates by letter with the described network equipment user profile is shown in the alarm interface and topology interface that sets in advance.
9, method as claimed in claim 8 is characterized in that, described alarm event is security incident;
The network equipment of described alarm event correspondence is: the network equipment that is subjected to this security incident influence;
Described determine with user that the described network equipment is communicated by letter after, further comprise: according to described security incident, with user that the described network equipment is communicated by letter in determine to cause security incident the user;
Describedly provide a foundation or an approach that described another kind of management object is managed operation further to comprise at least: to be subjected to the network equipment information of this security incident influence and/or to cause that the user's of security incident user profile is shown in the described alarm interface and topology interface that sets in advance with described.
10, method as claimed in claim 9, it is characterized in that, describedly provide a foundation or an approach that described another kind of management object is managed operation further to comprise at least: to obtain network equipment performance data and/or this user's the customer service performance data and/or the user authentication data of in the network insertion process, preserving of the access network device of the described user's correspondence that causes security incident, determine the occurrence cause of described security incident for the network manager according to these data.
11, method as claimed in claim 8, it is characterized in that, after the described incidence relation of setting up between the described two class management objects, further comprise: according to the performance of network equipments rule that sets in advance, the data traffic of the described network equipment of flowing through and the running status of the described network equipment are monitored and added up, obtain network equipment performance data;
Described alarm event is that network equipment performance data surpasses the threshold value that sets in advance;
Describedly will the network equipment corresponding with this alarm event be defined as described current management object and be: the network equipment that network equipment performance data is surpassed threshold value is defined as described current management object;
Describedly provide a foundation or an approach that described another kind of management object is managed operation further to comprise at least: the network equipment information that obtains current management object; According to described user and the corresponding relation between activating the service, search the user's corresponding service that is associated with described current management object; The network equipment information of described current management object and/or the user's that is associated business information is shown in the described alarm interface and topology interface that sets in advance, judges the influence of performance of network equipments customer service for the network manager.
12, method as claimed in claim 8, it is characterized in that, after the described incidence relation of setting up between the described two class management objects, further comprise: according to preset user service feature rule, the data traffic that carries designated user, specified services to the network equipment of flowing through is monitored and is added up, and obtains each customer service performance data;
Described alarm event surpasses the threshold value that sets in advance for the customer service performance data;
Describedly will the network equipment corresponding with this alarm event be defined as described current management object and be: the network equipment that the customer service performance data is surpassed threshold value is defined as current management object;
Describedly provide a foundation or an approach that described another kind of management object is managed operation further to comprise at least: to obtain the network equipment information that the customer service performance data surpasses the network equipment of threshold value; The network equipment information that gets access to is shown in the described alarm interface and topology interface that sets in advance, judges of the influence of customer service performance the network equipment for the network manager.
13, as claim 9,11 or 12 described methods, it is characterized in that, set in advance the corresponding relation of alarm event and alarming processing operation, described be shown in the alarm interface that sets in advance and the topology interface after, further comprise: carry out the processing operation of described alarm event correspondence.
14, the method for claim 1, it is characterized in that, before the described incidence relation of setting up between the described two class management objects, further comprise: provide a unified keeper to login approach, when receiving keeper's logging request, the keeper is authenticated, and when authentication is passed through, allow described keeper's login and allow its while leading subscriber and network equipment in described management system.
15, the method for claim 1, it is characterized in that, described providing at least after the foundation or approach that described another kind of management object is managed operation further comprises: will be to the performed operation note of user and/or the network equipment in one that sets in advance unified audit log.
16, the method for claim 1 is characterized in that, this method further comprises: according to the described foundation that another kind of management object is managed operation described current management object is managed.
17, a kind of network management system is characterized in that, is used in this network management system the network user and the network equipment being managed, and this system comprises: administration module and memory module, wherein,
Described administration module with the user and with the network equipment of this telex network as two class management objects, set up the incidence relation between the described two class management objects, and this incidence relation sent to described memory module; According to the incidence relation that reads from memory module, determine the another kind of management object that is associated with current management object; A foundation or an approach that described another kind of management object is managed operation is provided at least;
Described memory module is preserved the incidence relation that comes from described administration module.
18, system as claimed in claim 17 is characterized in that, described administration module comprises the control submodule,
Described control submodule obtains described incidence relation from described memory module, when definite current management object is the user, with the user as current management object is index, according to described incidence relation, definite access network device that is associated with described user provides a foundation or an approach that described access network device is managed operation at least; When definite current management object is the network equipment, with the network equipment as current management object is index, according to described incidence relation, definite user who communicates by letter with the described network equipment provides a foundation or an approach that described user is managed operation at least.
19, system as claimed in claim 18 is characterized in that, described administration module further comprises the alarm submodule, detects alarm event, after determining alarm event to occur, this alarm event is sent to described control submodule;
Described control submodule further receives described alarm event, the network equipment of described alarm event correspondence is defined as described current management object, and according to described alarm event, the user profile of obtaining the user who communicates by letter with the described network equipment is as the foundation that described user is managed operation.
20, system as claimed in claim 19, it is characterized in that, described administration module further comprises: the Performance Detection submodule, according to the performance of network equipments rule that sets in advance, the data traffic of the described network equipment of flowing through and the running status of the described network equipment are monitored and added up, obtain network equipment performance data, and this network equipment performance data sent to described alarm submodule, and/or, according to preset user service feature rule, the designated user that carries to the network equipment of flowing through, the data traffic of specified services is monitored and is added up, obtain the customer service performance data, and this customer service performance data is sent to described alarm submodule;
Described alarm submodule is further determined the appearance of alarm event according to described network equipment performance data and/or customer service performance data.
21, system as claimed in claim 18, it is characterized in that, described administration module further comprises the administrator authentication submodule, preserve legal keeper's authentication information, receiving management person's logging request, according to the authentication information of being preserved this keeper is authenticated, and authentication by the time, notify described control submodule to allow described keeper login and allow its leading subscriber and network equipment simultaneously.
22, system as claimed in claim 18, it is characterized in that, described administration module further comprises: the audit submodule, receive the bookkeeping record come from described control submodule, and with the bookkeeping recorded and stored that receives in the unified audit log of self;
Described control submodule further basis generates the bookkeeping record to user and/or the performed bookkeeping of the network equipment, and this bookkeeping record is sent to described audit submodule.
23, system as claimed in claim 17 is characterized in that, described system further comprises: display module, receive come from described administration module described another kind of management object is managed the foundation or the approach of operation, and show with visual form;
Foundation or approach that described administration module is further used for described another kind of management object being managed operation send to described display module.
24, system as claimed in claim 17, it is characterized in that, this system further comprises business module, when activating the service for the user, set up user and the corresponding relation that is activated the service, this corresponding relation and user's business information is sent to described memory module, and will be used for the service deployment information that the user activates the service and send to described administration module;
Described memory module is further preserved described user and corresponding relation that is activated the service and described user's business information;
Described administration module further receives described service deployment information, and sends out under this service deployment information that will receive.
25, system as claimed in claim 24 is characterized in that, this system further comprises: the service dynamic expansion module, and for described administration module and business module provide unified business interface.
26, a kind of computer software is characterized in that, this software comprises computer executed instructions, and this instruction is used so that computer equipment is carried out as any described network management in the claim 1 to 16.
27, a kind of computer-readable medium is characterized in that, this medium comprises computer software as claimed in claim 26.
28, a kind of computer equipment comprises the software of carrying out as any described network management in the claim 1 to 16, and the hardware that moves this software.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101116448A CN101316187B (en) | 2007-06-01 | 2007-06-01 | Network management method and network management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101116448A CN101316187B (en) | 2007-06-01 | 2007-06-01 | Network management method and network management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101316187A true CN101316187A (en) | 2008-12-03 |
| CN101316187B CN101316187B (en) | 2010-08-25 |
Family
ID=40107044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101116448A Active CN101316187B (en) | 2007-06-01 | 2007-06-01 | Network management method and network management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101316187B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102201929A (en) * | 2010-03-23 | 2011-09-28 | 中兴通讯股份有限公司 | Network management method and network management system |
| CN102291247A (en) * | 2010-06-18 | 2011-12-21 | 中兴通讯股份有限公司 | Alarm association diagram generation method and device and association alarm determination method and device |
| CN102739439A (en) * | 2012-05-04 | 2012-10-17 | 青岛海信传媒网络技术有限公司 | Network communication management system and data transmission processing method thereof, and web master server |
| CN105071965A (en) * | 2015-08-07 | 2015-11-18 | 上海斐讯数据通信技术有限公司 | Management system of network equipment |
| CN105138687A (en) * | 2015-09-17 | 2015-12-09 | 成都索贝数码科技股份有限公司 | Media object description method based on uniform addresses |
| CN105592489A (en) * | 2014-11-12 | 2016-05-18 | 中兴通讯股份有限公司 | Transmission data management method and apparatus |
| CN105703923A (en) * | 2014-11-24 | 2016-06-22 | 中兴通讯股份有限公司 | Network asset information demonstration method and device |
| CN105843901A (en) * | 2016-03-21 | 2016-08-10 | 合肥赛猊腾龙信息技术有限公司 | Method and system for displaying relationship between event and object |
| CN106170947A (en) * | 2015-02-12 | 2016-11-30 | 华为技术有限公司 | A kind of alarm information processing method, relevant device and system |
| CN106487571A (en) * | 2015-09-02 | 2017-03-08 | 中国移动通信集团公司 | A kind of method and device of assessment network performance index variation tendency |
| CN107769998A (en) * | 2017-11-14 | 2018-03-06 | 烽火通信科技股份有限公司 | The method and system of a large amount of flow performance statistics storage inquiries of PTN network |
| CN111726358A (en) * | 2020-06-18 | 2020-09-29 | 北京优特捷信息技术有限公司 | Attack path analysis method and device, computer equipment and storage medium |
| CN111726357A (en) * | 2020-06-18 | 2020-09-29 | 北京优特捷信息技术有限公司 | Attack behavior detection method and device, computer equipment and storage medium |
| CN112261134A (en) * | 2020-10-21 | 2021-01-22 | 阳光保险集团股份有限公司 | Network data access auditing method, device, equipment and storage medium |
| US11552965B2 (en) * | 2017-12-28 | 2023-01-10 | Hitachi, Ltd | Abnormality cause specification support system and abnormality cause specification support method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1161846A1 (en) * | 1999-03-12 | 2001-12-12 | Telefonaktiebolaget L M Ericsson (Publ) | Relating network events to subscriber and mobile equipment identities |
| KR20030003981A (en) * | 2001-07-04 | 2003-01-14 | 주식회사 인티 | Apparatus and method for managing network |
| CN1929407B (en) * | 2006-09-27 | 2010-07-28 | 华为技术有限公司 | Method for obtaining network information and network management system |
-
2007
- 2007-06-01 CN CN2007101116448A patent/CN101316187B/en active Active
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102201929A (en) * | 2010-03-23 | 2011-09-28 | 中兴通讯股份有限公司 | Network management method and network management system |
| CN102291247A (en) * | 2010-06-18 | 2011-12-21 | 中兴通讯股份有限公司 | Alarm association diagram generation method and device and association alarm determination method and device |
| CN102739439A (en) * | 2012-05-04 | 2012-10-17 | 青岛海信传媒网络技术有限公司 | Network communication management system and data transmission processing method thereof, and web master server |
| CN102739439B (en) * | 2012-05-04 | 2015-02-04 | 青岛海信传媒网络技术有限公司 | Network communication management system and data transmission processing method thereof, and web master server |
| CN105592489A (en) * | 2014-11-12 | 2016-05-18 | 中兴通讯股份有限公司 | Transmission data management method and apparatus |
| CN105703923A (en) * | 2014-11-24 | 2016-06-22 | 中兴通讯股份有限公司 | Network asset information demonstration method and device |
| US10771323B2 (en) | 2015-02-12 | 2020-09-08 | Huawei Technologies Co., Ltd. | Alarm information processing method, related device, and system |
| CN106170947B (en) * | 2015-02-12 | 2019-09-27 | 华为技术有限公司 | A kind of alarm information processing method, relevant device and system |
| CN106170947A (en) * | 2015-02-12 | 2016-11-30 | 华为技术有限公司 | A kind of alarm information processing method, relevant device and system |
| CN105071965B (en) * | 2015-08-07 | 2018-07-13 | 上海斐讯数据通信技术有限公司 | A kind of management system of the network equipment |
| CN105071965A (en) * | 2015-08-07 | 2015-11-18 | 上海斐讯数据通信技术有限公司 | Management system of network equipment |
| CN106487571A (en) * | 2015-09-02 | 2017-03-08 | 中国移动通信集团公司 | A kind of method and device of assessment network performance index variation tendency |
| CN106487571B (en) * | 2015-09-02 | 2020-02-14 | 中国移动通信集团公司 | Method and device for evaluating network performance index change trend |
| CN105138687B (en) * | 2015-09-17 | 2018-08-10 | 成都索贝数码科技股份有限公司 | It is a kind of that method is described based on the media object for unifying address |
| CN105138687A (en) * | 2015-09-17 | 2015-12-09 | 成都索贝数码科技股份有限公司 | Media object description method based on uniform addresses |
| CN105843901B (en) * | 2016-03-21 | 2019-09-03 | 合肥赛猊腾龙信息技术有限公司 | The method and system of relationship between a kind of display event and object |
| CN105843901A (en) * | 2016-03-21 | 2016-08-10 | 合肥赛猊腾龙信息技术有限公司 | Method and system for displaying relationship between event and object |
| CN107769998A (en) * | 2017-11-14 | 2018-03-06 | 烽火通信科技股份有限公司 | The method and system of a large amount of flow performance statistics storage inquiries of PTN network |
| US11552965B2 (en) * | 2017-12-28 | 2023-01-10 | Hitachi, Ltd | Abnormality cause specification support system and abnormality cause specification support method |
| CN111726358A (en) * | 2020-06-18 | 2020-09-29 | 北京优特捷信息技术有限公司 | Attack path analysis method and device, computer equipment and storage medium |
| CN111726357A (en) * | 2020-06-18 | 2020-09-29 | 北京优特捷信息技术有限公司 | Attack behavior detection method and device, computer equipment and storage medium |
| CN112261134A (en) * | 2020-10-21 | 2021-01-22 | 阳光保险集团股份有限公司 | Network data access auditing method, device, equipment and storage medium |
| CN112261134B (en) * | 2020-10-21 | 2023-06-30 | 阳光保险集团股份有限公司 | Network data access auditing method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101316187B (en) | 2010-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101316187B (en) | Network management method and network management system | |
| US11075819B2 (en) | Identifying unauthorized changes to network elements and determining the impact of unauthorized changes to network elements on network services | |
| CN109729180A (en) | Entirety is intelligence community platform | |
| CN102111440B (en) | Real-time information safety service method and system for supporting dynamic interaction | |
| CN105139139B (en) | Data processing method and device and system for O&M audit | |
| JP2002525943A (en) | Interface system for integrated monitoring and management of network devices in telecommunication networks | |
| RU2679179C1 (en) | Systems and methods for creating and modifying access lists | |
| US20090198707A1 (en) | System and method for managing firewall log records | |
| US8271642B1 (en) | System, method, and computer program product for isolating a device associated with at least potential data leakage activity, based on user input | |
| CN107276858A (en) | A kind of access relation carding method and system | |
| CN102195991A (en) | Terminal security management and authentication method and system | |
| KR102014807B1 (en) | An access control system of detecting and blocking roundabout access | |
| CN108027808A (en) | Internet security and management equipment | |
| CN110413485A (en) | A kind of one-stop Networked Control and Management System and method for based on Zabbix Open Source Platform | |
| CN110875943A (en) | Security service delivery method and related device | |
| CN103413083A (en) | Security defending system for single host | |
| CN110175102A (en) | A kind of information management system | |
| Amin et al. | Auto-configuration of ACL policy in case of topology change in hybrid SDN | |
| CN112104618A (en) | Information determination method, information determination device and computer readable storage medium | |
| CN112291266B (en) | Data processing method, device, server and storage medium | |
| CN104539463B (en) | A kind of network equipments configuration file on-line attribute cross-check method and system | |
| CN101714990B (en) | Network security safeguarding integrated system and control method thereof | |
| Farahmandian et al. | SDS 2: A novel software-defined security service for protecting cloud computing infrastructure | |
| CN101616038A (en) | SOA safe-guard system and method | |
| Gergeleit et al. | Modeling security requirements and controls for an automated deployment of industrial IT systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |