CN101677275A - System and method of managing network element authority - Google Patents
System and method of managing network element authority Download PDFInfo
- Publication number
- CN101677275A CN101677275A CN200810216178A CN200810216178A CN101677275A CN 101677275 A CN101677275 A CN 101677275A CN 200810216178 A CN200810216178 A CN 200810216178A CN 200810216178 A CN200810216178 A CN 200810216178A CN 101677275 A CN101677275 A CN 101677275A
- Authority
- CN
- China
- Prior art keywords
- network element
- configuration file
- module
- veneer
- user cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/085—Retrieval of network configuration; Tracking network configuration history
- H04L41/0853—Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
- H04L41/0856—Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information by backing up or archiving configuration information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a system and a method of managing the network element authority. The system of managing the network element authority comprises a network element management side and a networkelement side which is connected with the network element management side. The network element management side is provided with a user password setting module, a login password setting module and a data configuring module, wherein the user password setting module is used for setting user password message, the login password setting module is used for logging in the password, and the data configuring module is used for converting the user password message into a user password configuring file. The network element side is provided with a database component and an authenticating module, wherein the database component is used for storing the user password configuring file, and the authenticating module is used for authenticating the network element login password and the user password configuring file. The system and the method of managing the network element authority are safer because the authenticating module is arranged on the network element side, and the network element side and the database component thereof are not arranged in the local site.
Description
Technical field
The present invention relates to the communications field, in particular, a kind of managing network element authority system and method.
Background technology
Present communications industry high speed development, it is huge day by day that communication network becomes.Operator needs to manage simultaneously hundreds of in same supervising the network, even thousands of communication equipments, and along with the continuous development of operator, the continuous surge of customer volume is constantly increased the management quantity and the NE management security requirement of network element device.
In network management framework, by Element management system network element is managed, according to the regulation in the TDS0225 People's Republic of China (PRC) communication industry standard, the six functions that Element management system need possess: safety management function, alarm management function, performance management function, system management function, configuration management function, topology management function.Being achieved as follows of network element safety in the prior art:
At first NE management side (being Element management system) is provided with user cipher; Then, network element side (promptly controlling veneer) sends the request that connects to the NE management side; After connecting foundation, the NE management side joint is received local management user's login password, finishes network element authority information authentication (being also referred to as authentication) in the NE management side, behind the network element authority information authentication success network element is managed.
Problems of the prior art are: the authentication of network element authority information is carried out in the NE management side, because NE management side and database are installed in this locality, fail safe is low.In addition, when the NE management authority is set, be merely able at one time single network element is provided with the NE User password,, the NE User password be set one by one, inefficiency for thousands of network elements in the Element management system.
Therefore, also there is defective in prior art, awaits improving and development.
Summary of the invention
The technical problem that the present invention solves provides a kind of managing network element authority system and method, and this system and method can improve the fail safe of managing network element authority.
For solving the problems of the technologies described above, the present invention adopts following scheme:
A kind of managing network element authority system, the network element side that comprises the NE management side and be attached thereto, this NE management side is provided with: be respectively applied for that the user cipher that user cipher message and login password are set is provided with module and login password is provided with module; Be used for described user cipher message is converted to the data configuration module of user cipher configuration file; This network element side is provided with: the database member that is used to store described user cipher configuration file; Be used for described network element login password and described user cipher configuration file are carried out the authentication module of authentication.
Described system, wherein, described network side also comprises with described master control veneer controls veneer accordingly fully, is used to preserve described user cipher configuration file.
Described system, wherein, described master control veneer and the described veneer of controlling fully correspondingly all are provided with active and standby control board data simultaneous module, are used for the described user cipher configuration file that described master control veneer is preserved write controlling veneer accordingly fully.
Described system, wherein, described authentication module is arranged in the described database member.
The present invention also provides a kind of managing network element authority method, may further comprise the steps: S1, NE management side joint are received the user cipher message, and be saved to the network element side after being converted to configuration file; S2, described network element side are received login password from described NE management side joint, and this login password and described configuration file are carried out authentication.
Described method, wherein, described step S1 comprises: described configuration file is saved to one or more selected master control veneers.
Described method, wherein, described step S1 comprises: described master control veneer is synchronized to described configuration file and controls veneer accordingly fully.
Compared with prior art, managing network element authority system and method for the present invention by authentication module being arranged on the network element side, is not arranged on this locality because of network element side and database member thereof again, has therefore improved fail safe, in addition, and native system simple in structure, reliability height; Implement simply have actual application value in actual applications.
Description of drawings
Fig. 1 is the realization block diagram of managing network element authority of the present invention system;
Fig. 2 is the realization block diagram of managing network element authority system and method for the present invention;
Fig. 3 is the schematic flow sheet of managing network element authority method of the present invention.
Embodiment
The present invention is described in further detail below in conjunction with embodiment and accompanying drawing.
Managing network element authority system and method for the present invention is for realizing improving the purpose of fail safe, the technology of mainly taking is that authentication module is arranged on the network element side, network element side and database member thereof are not arranged on this locality like this, and then realization improves the purpose of fail safe, and be provided with the building blocks of function that issues to a plurality of master control veneer partition of network element side, realized a plurality of master control veneers are write password, improved efficient.
As depicted in figs. 1 and 2, managing network element authority of the present invention system comprises interconnective NE management side and network element side;
The network element side adopts Element management system 100, comprising: NE User password setting module 110 (be called for short user cipher module is set), network element login password are provided with module 120 (be called for short login password module is set), network element data configuration module 130, building blocks of function 140;
The network element side comprises a master control veneer 200 at least; Master control veneer 200 comprises: network element interface module 210, database member 220, authentication module 230.
User cipher is provided with module 110 and is used to be provided with the user cipher message, comprising unit 111 being set and revising unit 112, unit 111 is set is used for the user cipher message is provided with, and revises unit 112 and is used for the user cipher message is made amendment; Login password is provided with module 120 and is used to be provided with login password; Network element data configuration module 130 is used for the user cipher message is converted to the user cipher configuration file, and the user cipher configuration file write database member 220, network element data configuration module 130 comprises converting unit 131 and writing unit 132, converting unit 131 is used for the user cipher message is converted to the user cipher configuration file, and writing unit 132 is used for the user cipher configuration file is write database member 220; When network side had a plurality of master control veneer 100, building blocks of function 140 was used for described user cipher configuration file split and is issued to selected master control veneer 100.
Network element interface module 210 is used to provide internally and external interface, is responsible for interface conversion; Database member 220 is used to store described user cipher configuration file; Authentication module 230 is used for the user cipher configuration file of network element login password and database member 220 stored is carried out authentication.As preferably, authentication module 230 can be integrated in the inside of database member 220.
Master control veneer 200 in this execution mode, initial configuration to network element is provided, receives the order of webmaster side and analyzed, by the intercommunication interface to each veneer issuing command of network element, carry out corresponding operating, the reporting message with each veneer is transmitted to the webmaster side simultaneously; Database member 220 is responsible for the access of interface command to database table, database management function.During work, the network element login password of user's input is consistent with the password in being kept at network element master control veneer database member, the authentication success, and the demonstration network element is successfully logined in network management topological figure; Failed authentication sends the chain rupture message by the network element interface module to webmaster, and the network element in the webmaster shows the login failure information, and network element connects disconnection; By this system, the NE User password can be carried out authentification of message in the network element side, can carry out many NE User password setting, network element authority authentication simultaneously, improved NE management efficient, increased the fail safe of NE management.
Further, network side also comprises with master control veneer 200 controls veneer 300 accordingly fully, controls veneer 300 fully and is used to preserve described user cipher configuration file.Master control veneer 200 and the veneer 300 of controlling fully correspondingly all are provided with active and standby control board data simultaneous module 400, be used for the user cipher configuration file that master control veneer 200 is preserved write and control veneer 300 accordingly fully, to realize active and standby control veneer NE User code data unanimity.
The structure that is equipped with Be Controlled veneer 300 is identical with master control Be Controlled veneer 200, controls fully in the veneer 300 also to comprise: control fully veneer network element interface module 210, fully control veneer database member 220, control veneer authentication module 230 fully.This design of Be Controlled veneer makes the network element side form the single-chip protection function of master control veneer and standby control veneer one-plus-one, realizes the master control veneer, controls single-chip protection mechanism fully.
The present invention also provides a kind of managing network element authority method, as shown in Figure 3, may further comprise the steps:
10, the NE management side joint is received the user cipher message, and is saved to the network element side after being converted to configuration file; This step comprises:
11, NE User password (hereinafter to be referred as user cipher) is set; This flow process may further include the step of revising user cipher, when revising user cipher, has limited the login user information of having only NMS user can revise network element, and this step has limited and can only revise the operated network element of current login user.
12, whether break and be issued to the network element that the user selectes; Be execution in step 13 then, otherwise execution in step 14;
13, carry out partition and be issued to the network element that the user selectes, the NE User password is issued to selected a plurality of network element devices, execution in step 15;
14, carry out to be regardless of to pull down and be dealt into each element of installation, the NE User password is issued to the single network element device of appointment, execution in step 15;
15, building blocks of function is provided with the user cipher message that module issues with user cipher, is converted to configuration file, and writes network element master control veneer database member.
20, described network element side is received login password from described NE management side joint, and this login password and described configuration file are carried out authentication.
21, the user imports the network element login password;
22, after master control borad is received this order, carry out authentication, judge whether this network element allows to insert according to the configuration file of user cipher.Carry out authentication promptly,, judged whether the execution authority according to the comparing result of login password and configuration file; Consistent authentication success, the execution in step 23 of then being judged as of login password with configuration file; Otherwise execution in step 30;
23, the execution authority is arranged, i.e. inquiry or configuration operation to this network element are carried out in authentication success; If NE User password configuration file is an initial condition is empty, then can login network element; This step may further include following processing:
24, carry out Telnet inquiring user password, this step produces two kinds of results, if success then execution in step 25, otherwise redirect finishes, and directly logs off;
25, carry out Telnet inquiring user password, the password for inquiry success.
26, the active and standby control board NE User code data of execution is synchronous; This step produces two kinds of results, if success then execution in step 27, otherwise redirect finishes, and directly logs off;
27, carry out active and standby control board user cipher data sync, with the user cipher data sync between the active and standby control board.The user cipher configuration file that master control veneer 200 is preserved writes controls veneer 300 accordingly fully, to realize active and standby control veneer NE User code data unanimity.This design makes the network element side form the single-chip protection function of master control veneer and standby control veneer one-plus-one, realizes the master control veneer, controls single-chip protection mechanism fully.
30, do not carry out authority, return the failed authentication information to the webmaster side, redirect finishes, and returns error code " failed authentication does not allow login ".
The invention provides a kind of managing network element authority system and method, the NE User password can be carried out authentification of message in the network element side, and can carry out many NE User password setting, network element authority authentication simultaneously, improved efficient, the present invention transmits network management technical specification-EMS systemic-function to TDS0225 People's Republic of China (PRC) communication industry standard _ SDH, and the network element safety management function expands.In addition, native system simple in structure, reliability height; Implement simply have actual application value in actual applications.
Should be understood that; the above embodiment that provides is just to explanation of the present invention; and not should be understood to limitation of the present invention; to those skilled in the art; can be improved according to the above description or conversion; and all these improve and conversion all should be disclosed principle and feature, all belong to protection scope of the present invention.
Claims (7)
1, a kind of managing network element authority system, the network element side that comprises the NE management side and be attached thereto,
This NE management side is provided with: be respectively applied for that the user cipher that user cipher message and login password are set is provided with module and login password is provided with module; Be used for described user cipher message is converted to the data configuration module of user cipher configuration file;
It is characterized in that this network element side is provided with: the database member that is used to store described user cipher configuration file; Be used for described network element login password and described user cipher configuration file are carried out the authentication module of authentication.
2, system according to claim 1 is characterized in that, described network side also comprises with described master control veneer controls veneer accordingly fully, is used to preserve described user cipher configuration file.
3, system according to claim 2, it is characterized in that, described master control veneer and the described veneer of controlling fully correspondingly all are provided with active and standby control board data simultaneous module, are used for the described user cipher configuration file that described master control veneer is preserved write controlling veneer accordingly fully.
4, system according to claim 1 is characterized in that, described authentication module is arranged in the described database member.
5, a kind of managing network element authority method may further comprise the steps:
S1, NE management side joint are received the user cipher message, and be saved to the network element side after being converted to configuration file;
S2, described network element side are received login password from described NE management side joint, and this login password and described configuration file are carried out authentication.
6, method according to claim 5 is characterized in that, described step S1 comprises: described configuration file is saved to one or more selected master control veneers.
7, method according to claim 5 is characterized in that, described step S1 comprises: described master control veneer is synchronized to described configuration file and controls veneer accordingly fully.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008102161784A CN101677275B (en) | 2008-09-19 | 2008-09-19 | System and method of managing network element authority |
PCT/CN2008/073874 WO2010031234A1 (en) | 2008-09-19 | 2008-12-30 | System and method for managing network element right |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008102161784A CN101677275B (en) | 2008-09-19 | 2008-09-19 | System and method of managing network element authority |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101677275A true CN101677275A (en) | 2010-03-24 |
CN101677275B CN101677275B (en) | 2012-05-23 |
Family
ID=42029699
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2008102161784A Expired - Fee Related CN101677275B (en) | 2008-09-19 | 2008-09-19 | System and method of managing network element authority |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101677275B (en) |
WO (1) | WO2010031234A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102752780A (en) * | 2012-06-11 | 2012-10-24 | 中兴通讯股份有限公司 | Method and device for managing system user |
CN103078757A (en) * | 2013-01-04 | 2013-05-01 | 中兴通讯股份有限公司 | Near field communication-based network element management method and system, inspection terminal, network manager and network element |
CN112671565A (en) * | 2020-12-16 | 2021-04-16 | 中盈优创资讯科技有限公司 | 5G core network topology discovery method and device based on signaling link |
CN114500034A (en) * | 2022-01-24 | 2022-05-13 | 北京新桥信通科技股份有限公司 | Data service safety management and control method and system |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100492991C (en) * | 2007-02-08 | 2009-05-27 | 华为技术有限公司 | Network element management method, system and network element |
CN101197711B (en) * | 2007-12-06 | 2012-04-04 | 华为技术有限公司 | Method, device and system for implementing unified authentication management |
CN101247239A (en) * | 2008-03-10 | 2008-08-20 | 中兴通讯股份有限公司 | Authenticated authorization accounting system and implementing method thereof |
-
2008
- 2008-09-19 CN CN2008102161784A patent/CN101677275B/en not_active Expired - Fee Related
- 2008-12-30 WO PCT/CN2008/073874 patent/WO2010031234A1/en active Application Filing
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102752780A (en) * | 2012-06-11 | 2012-10-24 | 中兴通讯股份有限公司 | Method and device for managing system user |
CN103078757A (en) * | 2013-01-04 | 2013-05-01 | 中兴通讯股份有限公司 | Near field communication-based network element management method and system, inspection terminal, network manager and network element |
CN103078757B (en) * | 2013-01-04 | 2016-06-15 | 中兴通讯股份有限公司 | Based on the network element managing method and system of near-field communication, inspection terminal, webmaster and network element device |
CN112671565A (en) * | 2020-12-16 | 2021-04-16 | 中盈优创资讯科技有限公司 | 5G core network topology discovery method and device based on signaling link |
CN114500034A (en) * | 2022-01-24 | 2022-05-13 | 北京新桥信通科技股份有限公司 | Data service safety management and control method and system |
CN114500034B (en) * | 2022-01-24 | 2023-01-31 | 北京新桥信通科技股份有限公司 | Data service security management and control method and system |
Also Published As
Publication number | Publication date |
---|---|
CN101677275B (en) | 2012-05-23 |
WO2010031234A1 (en) | 2010-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3010114B1 (en) | Method for controlling automatic identification of application network topology by power distribution network | |
CN101262376B (en) | A method and system for modifying configuration of network device in batch mode | |
CN101616031B (en) | Method for setting single-plate parameters of advanced telecommunication computing structure | |
CN103281197A (en) | ForCES configuration method based on NETCONF | |
CN101677275B (en) | System and method of managing network element authority | |
CN103235558A (en) | Intelligent communication terminal for numerical control machine tool | |
CN101150451B (en) | A monitoring system for single board status of network device and its monitoring method | |
USRE46770E1 (en) | Computer managing method | |
CN106453541A (en) | Data synchronization method, server and data synchronization system | |
CN103378979A (en) | Passive optical network management method, device and system | |
CN101958939A (en) | Automatic distribution method and system for multi-machine communication node equipment key address | |
CN102752148B (en) | Management system and management method based on network element adaption subsystem | |
CN103200067A (en) | Dynamic virtual LANs to segregate data | |
CN101212346B (en) | Software version management method and device for network element management system | |
CN106713024A (en) | Batch cluster node management method and system and computer cluster management node | |
CN110086678A (en) | Binary channels real-time data acquisition system and acquisition method based on Redis | |
WO2015154588A1 (en) | Serial port information transmission method, single board device and common single board | |
CN102866698A (en) | Human machine interface (HMI) redundant communication method for distributed control system controller | |
CN101459543A (en) | System for telecommunication equipment centralized login and implementing method thereof | |
CN108268324A (en) | A kind of long-range multi-service management method and system | |
CN104753714A (en) | Network device and network service handling method | |
CN103036668A (en) | Rack-mounted equipment tab configuration synchronization method based on a command line | |
CN101207509B (en) | System and method of implementation for independently translating business plate port speed | |
CN102215129B (en) | The external method of business module, apparatus and system | |
CN104125099A (en) | EPON (Ethernet passive optical network) system remote configuration management method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120523 Termination date: 20170919 |