CN104753774A - Distributed enterprise integrated access gateway - Google Patents
Distributed enterprise integrated access gateway Download PDFInfo
- Publication number
- CN104753774A CN104753774A CN201310739420.7A CN201310739420A CN104753774A CN 104753774 A CN104753774 A CN 104753774A CN 201310739420 A CN201310739420 A CN 201310739420A CN 104753774 A CN104753774 A CN 104753774A
- Authority
- CN
- China
- Prior art keywords
- subsystem
- message
- unified
- access gate
- comprehensive access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a distributed enterprise integrated access gateway comprising a unified management subsystem, a unified message scheduling subsystem, and a network drive subsystem. The unified management subsystem is used for monitoring the operation of other subsystems of the distributed enterprise integrated access gateway, performing unified registration management on external application systems, performing unified user authentication on initiators requesting access to the application systems, and performing permission assignment for the corresponding application systems. The unified message scheduling subsystem is used for providing a unified service message interface for the external application systems. The network drive subsystem is used for being docked with a mobile communication network and a mobile Internet. In the invention, unified management on the access to the external application systems is realized, and support is provided for online capacity expansion of service.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of distributed enterprise comprehensive access gate.
Background technology
Along with IT(Information Technology, information technology) the deep fusion of technology and the communication technology, various enterprise application system from traditional PC(Personal Computer, personal computer), also gradually extend to mobile terminal.The middleware Technology such as Mobile Agent Server, play vital effect wherein.
With Mobile Agent Server (Mobile Agent Server is called for short MAS) for the implementation of the middleware of representative is as follows:
1, Mobile Agent Server position in a network: Mobile Agent Server is between Enterprise IT System and mobile communications network;
2, downlink business: multiple application system submits message to Mobile Agent Server, message according to type of message, is forwarded to mobile communications network after carrying out protocol conversion after receiving message by Mobile Agent Server, thus arrives user mobile phone;
3, uplink service: after Mobile Agent Server receives the message of mobile communications network, carries out protocol conversion by message, and is forwarded to operation system;
4, Mobile Agent Server accessing mobile communication network, such as during industry gateway, unique service code, SPID and service code can only be used, when user has multiple service code (or service code), multiple Mobile Agent Server can only be affixed one's name at enterprise's sidepiece;
5, Mobile Agent Server, mainly provides the protocol translation service of data communication;
6, existing Mobile Agent Server, is generally single device, can not independently dispose between each module, when performance bottleneck appears in system, again can only open an account, redeploy a set of Mobile Agent Server.
7, Mobile Agent Server adopts pedestal to add the form of plug-in unit, pedestal provides all network communications capability and managerial ability, plug-in unit can be operation system, also can be the interface card of adaptation service system: such as DB(Data Base, database) plug-in unit, PushMail(cell phone mailbox) plug-in unit etc.Managerial ability comprises: the services such as the access of plug-in unit.
Realizing in process of the present invention, inventor finds at least there is following problem in prior art:
1, in an enterprise, because multiple application needs from mobile proxy system access to mobile network, therefore there is largely coupling in its data such as address list and user data, fails to share address list data and user data in existing scheme;
2, based on the operation system of mobile agent service system exploitation, user cannot accomplish single-sign-on between multiple system, needs again to log in when user is switched to operation system B from operation system A;
3, when enterprise exists multiple-limb mechanism, when having different service Numbers for access, traditional mobile proxy system solution disposes many cover systems, and this uses the waste brought to a certain degree to resource;
4, when bottleneck appears in performance, traditional mobile agent service system cannot accomplish business on-line rapid estimation;
5, the pedestal of Mobile Agent Server, dynamically cannot increase communication capacity.
Summary of the invention
The embodiment of the present invention provides a kind of distributed enterprise comprehensive access gate, for realizing the unified management of the access to outer application system, and provides support for business on-line rapid estimation.
In order to achieve the above object, the embodiment of the present invention provides a kind of distributed enterprise comprehensive access gate, be applied to the system comprising the unitary service platform being deployed in carrier side, described unitary service platform is used for carrying out telesecurity management and control to the described distributed enterprise comprehensive access gate being deployed in enterprise side; Described distributed enterprise comprehensive access gate comprises: unified management subsystem, unified message scheduler subsystem, network-driven subsystem; Wherein:
Described unified management subsystem, for carrying out operation monitoring to other subsystem of described distributed enterprise comprehensive access gate, and carries out uniform registration management to the application system of outside; Unified subscription authentication is carried out to the initiator of request access application system, and the right assignment of corresponding application system;
Described unified message scheduler subsystem, for providing unified service message interface to the application system of outside; Described message is forwarded to the corresponding application system of outside or the drive plug of network-driven subsystem by the up-downgoing type of message according to the message received;
Described network-driven subsystem, for docking with mobile radio communication and mobile internet, the message conversion that unified message scheduler subsystem sends is become the message of the form required for mobile communications network or mobile internet, or the upstream message of mobile radio communication or mobile Internet is carried out transcoding according to the agreement of described distributed enterprise comprehensive access gate and is forwarded to described unified message scheduler subsystem.
In the above embodiment of the present invention, by disposing distributed enterprise comprehensive access gate, achieve the unified management of the access to outer application system, and provide support for business on-line rapid estimation.
Accompanying drawing explanation
The structural representation of a kind of distributed enterprise comprehensive access gate that Fig. 1 provides for the embodiment of the present invention;
The schematic flow sheet that a kind of service message that Fig. 2 provides for the embodiment of the present invention calls.
Embodiment
For above-mentioned the problems of the prior art, embodiments provide a kind of distributed enterprise comprehensive access gate.In embodiments of the present invention, distributed enterprise comprehensive access gate provides the access service that communicates, data sharing service and management service to enterprise's side IT system with other third party's operation systems.Wherein:
Communication access service: comprehensive access gate application system externally provides the service interface of standard, by the communication request that the application system of outside is submitted to, converts the interface packets meeting mobile communications network or mobile internet requirement to; The distributed structure/architecture of Enterprise Integrated IAD, is divided into one by one independently drive plug by communication capacity system, and when there being new ability need, an online increase drive plug, other existing part is without the need to change.
Data sharing service: comprehensive access gate provides data, services to comprise to operation system: address list service, index service, communications records inquiry service and log query service; Data can be shared between multiple operation system.
Management service: the management service that comprehensive access gate provides comprises: user management, access-in management, alarm management and remote control service.User easily can realize single-sign-on.
Below in conjunction with the accompanying drawing in embodiments of the invention, carry out clear, complete description to the technical scheme in embodiments of the invention, obviously, the embodiments described below are only the present invention's part embodiments, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not paying the every other embodiment obtained under creative work prerequisite, all belong to the scope of embodiments of the invention protection.
See Fig. 1, for the configuration diagram of a kind of distributed enterprise comprehensive access gate that the embodiment of the present invention provides, this distributed enterprise comprehensive access gate is applied to the unitary service platform comprising and be deployed in carrier side, this unitary service platform is used for carrying out telesecurity management and control to this Distributed Integration IAD being deployed in enterprise side, and this distributed enterprise comprehensive access gate can comprise: unified management subsystem 11, unified message scheduler subsystem 12, network-driven subsystem 13; Wherein:
Unified management subsystem 11, for carrying out operation monitoring to other subsystem of distributed enterprise Integrated access network (hereinafter referred to as comprehensive access gate), and carries out uniform registration management to the application system of outside; Unified subscription authentication is carried out to the initiator of request access application system, and the right assignment of corresponding application system;
Unified message scheduler subsystem 12, for providing unified service message interface to the application system of outside; Described message is forwarded to the corresponding application system of outside or the drive plug of network-driven subsystem 13 by the up-downgoing type of message according to the message received;
Network-driven subsystem 13, for docking with mobile radio communication and mobile internet, the message conversion that unified message scheduler subsystem 12 sends is become the message of the form required for mobile communications network or mobile internet, or the upstream message of mobile radio communication or mobile Internet is carried out transcoding according to the agreement of described distributed enterprise comprehensive access gate and is forwarded to described unified message scheduler subsystem 12.
Concrete, in the embodiment of the present invention, system for unified management 11 belongs to the administrative center of comprehensive access gate, and the function of this unified management subsystem 11 can comprise:
1, system management function, as user management, Role Management, rights management and safety management etc.
Wherein, for user management.In enterprise, each user can use multiple application system usually, if now application system distinguishes leading subscriber, then user data has mass of redundancy data usually.In embodiments of the present invention, by the unified management subsystem 11 unified management user data in the synthesis access network Central Shanxi Plain.Based on the application system that this comprehensive access gate is developed, the user data of this comprehensive access gate can be used, carry out unified subscription authentication by the unified management subsystem 12 in this synthesis access network Central Shanxi Plain, and the right assignment of corresponding application system.
2, the registration management function of business plug-in unit
Concrete, in embodiments of the present invention, the application system of all outsides is considered as business plug-in unit by comprehensive access gate.When the application system of outside needs to use the communication capacity of comprehensive access gate, data service capabilities and managerial ability, need unified management subsystem 11 application for registration to comprehensive access gate.After application for registration is passed through, business plug-in unit (namely outside application system) can use every ability of comprehensive access gate, and long-range unitary service platform can be controlled business plug-in unit initiating capacity by comprehensive access gate.
Wherein, can safeguard in unified management subsystem 11 and register register list information corresponding to the business plug-in unit that passes through.
3, to the monitoring management function of other subsystem (unified message scheduler subsystem 12, network-driven subsystem 13 etc.)
Concrete, in embodiments of the present invention, unified management subsystem 11 is the control axis of comprehensive access gate, and timing sends heartbeat detection message to other subsystem of comprehensive access gate, when heartbeat detection is abnormal, determines that corresponding subsystem is abnormal.
4, alarm management function
Concrete, in embodiments of the present invention, unified management subsystem 11 can also be used for receiving the warning information that each subsystem and outer application system report, and carries out respective handling according to this warning information to the subsystem of correspondence or outer application system.
5, with unitary service platform interactive function
Concrete, in embodiments of the present invention, unified management subsystem 11 can be mutual with unitary service platform, receives the instruction of unitary service platform, control according to this instruction to other subsystems in the synthesis access network Central Shanxi Plain and outer application system.
6, door function
Unified management subsystem 11 also provides the united portal function of comprehensive access gate and the application system based on comprehensive access gate exploitation.
In actual applications, user inputs portal address, and after logging in door success, first see an enterprise work platform, user listed by workbench can use plug-in unit.The icon of user's click-to-call service plug-in unit can enter corresponding function.Click comprehensive access gate icon, then can carry out into the comprehensive access gate page, carry out administering and maintaining operation
Wherein, in embodiments of the present invention, unified message scheduler subsystem 12 can also provide initiates the examination & verification of business plug-in content to unitary service platform, and business plug-in unit APID, IP, ability authentication (whether namely corresponding business plug-in unit possesses the authority of this comprehensive access gate of use) function.
Preferably, in embodiments of the present invention.Can according to enterprise need dispose multiple network-driven subsystem 13.
In actual applications, network-driven subsystem can be made up of all kinds of drive plug that can independently dispose, wherein:
Note plug-in unit: dock with the note service system of mobile communications network, makes comprehensive access gate possess short message service ability;
Multimedia message plug-in unit: with the multimedia message service system docking of mobile communications network, make comprehensive access gate possess multimedia message service ability;
Internet of Things plug-in unit: dock with the internet of things service system of mobile communications network, makes comprehensive access gate possess Internet of Things service ability;
Position plug-in unit: dock with the position service system of mobile communications network, makes comprehensive access gate possess location services capability;
The Internet plug-in unit: with mobile internet service system docking, makes comprehensive access gate possess mobile internet service ability.
According to foregoing description, in embodiments of the present invention, when needs carry out business on-line rapid estimation, can be realized by the drive plug increasing corresponding function in network-driven subsystem 13.
Such as, when in certain period, short message service data amount is excessive, when performance bottleneck appears in existing note plug-in unit in network-driven subsystem 13, can increase new note plug-in unit in real time in network-driven subsystem.
On the other hand, enterprise is existed to the scene of multiple-limb mechanism, if certain enterprise is in Beijing and Shanghai Jun You branch company, for the same business of different branch company of this enterprise, as short message service, in embodiments of the present invention, do not need to dispose respectively the comprehensive access gate of the corresponding Beijing of two covers and Shanghai branch company, and only need to arrange in network-driven subsystem respectively to should the drive plug (note plug-in unit) of Beijing and Shanghai branch company.
Further, in embodiments of the present invention, comprehensive access gate can also comprise: statistical fractals subsystem 14.Wherein:
Statistical fractals subsystem 14, for gathering the data (journal file, communications records) that other subsystem of comprehensive access gate produces, is supplied to business plug-in unit and unitary service platform collection; The data that comprehensive access gate produces simply are analyzed, for user and business plug-in unit query statistic.
Further, in embodiments of the present invention, comprehensive access gate can also comprise: address list service subsystem 15.Wherein:
Address list service subsystem 15, for providing unified address list function to the application system of each outside, the application system of each outside is without the need to developing the address list function of oneself.
Further, in embodiments of the present invention, comprehensive access gate can also comprise: index service subsystem 16.Wherein:
Index subsystem 16, for providing index service to the drive plug of business plug-in unit and network-driven subsystem 13.
It should be noted that the comprehensive access gate that the embodiment of the present invention provides is an open system, when there being new functional requirement, requiring to increase new subsystem according to the standard interface of comprehensive access gate, externally providing service.
Below in conjunction with concrete application scenarios, the Integrated access network that the embodiment of the present invention provides is described below in greater detail.
Embodiment one, System Expansion embodiment
In embodiments of the present invention, when drive system and scheduling performance deficiency, dynamic on-line rapid estimation can be realized, and on business without impact.
Network-driven subsystem dilatation implementation is as follows:
1, corporate client is on unitary service platform, fills in business demand;
2, keeper audits demand, preset newly-increased network-driven subsystem data on unitary service platform;
3, this newly-increased network-driven subsystem is disposed;
4, run this newly-increased network-driven subsystem, this newly-increased network-driven subsystem initiates registration from trend unified management subsystem;
5, unified management subsystem forwards registration request to unitary service platform;
6, unitary service platform examination & verification registration request, and result is transmitted to unified management subsystem;
7, registering result is informed to unified message scheduler subsystem by unified management subsystem;
8, the interface message of unified management subsystem automatic generating network driver sub-system and unified message scheduler subsystem, and inform newly-increased network-driven subsystem;
9, network-driven subsystem is increased newly according to interface message from being dynamically connected unified message scheduler subsystem;
10, unified message scheduler subsystem is audited newly-increased network-driven subsystem, completes newly-increased network-driven subsystem and is connected with unified message scheduler subsystem.
Unified message scheduler subsystem dilatation implementation is as follows:
1, corporate client is on unitary service platform, fills in business demand;
2, keeper audits demand, preset newly-increased unified message scheduler subsystem data on unitary service platform;
3, this newly-increased unified message scheduler subsystem is disposed;
4, run this newly-increased unified message scheduler subsystem, this newly-increased unified message scheduler subsystem initiates registration from trend unified management subsystem;
5, unified management subsystem forwards registration request to unitary service platform;
6, unitary service platform examination & verification registration request, and result is transmitted to unified management subsystem;
7, registering result is informed to newly-increased unified message scheduler subsystem by unified management subsystem;
8, the interface message of unified management subsystem automatic generating network driver sub-system and newly-increased unified message scheduler subsystem, and informing network driver sub-system;
9, driver sub-system according to interface message to be dynamically connected newly-increased unified message scheduler subsystem;
10, newly-increased unified message scheduler subsystem is audited network-driven subsystem, completes network-driven subsystem and is connected with newly-increased unified message scheduler subsystem.
Embodiment two, address list service use embodiment
The address list service that this embodiment of the present invention provides comprises: increase, revise, delete group and contact data service, and searching for contact persons service.Use procedure is as follows:
1, business plug-in unit initiates calling communication record service to comprehensive access gate, comprises id information and the user ID information of business plug-in unit in call request;
2, the ID of address list service subsystem to business plug-in unit tests, and inspection content comprises: whether this ID exists, whether have corresponding rights of using, if inspection is not passed through, then refusal provides service; If upcheck, then carry out next step;
3, test in the IP address of address list service subsystem to business plug-in unit, if inspection is not passed through, then and denial of service; If upcheck, then carry out next step;
4, address list service subsystem is tested to user ID, if ID does not exist, then and denial of service; If ID exists, then whether inspection user has respective contacts access rights, if there is no authority, then and denial of service; If have permission, then carry out next step;
5, address list service subsystem is according to the request of business plug-in unit, operates, and returns results.
Embodiment three, index service use embodiment
In the embodiment of the present invention, index service subsystem provides index service to the drive plug of business plug-in unit and network-driven subsystem.Use procedure is as follows:
1, business plug-in unit initiates to arrange index request to index service subsystem, and indexed format comprises:
IndexID is unique index value,
Value, the key message that the index value for the setting of business plug-in unit is corresponding;
2, index service subsystem arranges index relative;
3, index service subsystem returns successful respond to business plug-in unit;
4, business plug-in unit initiates indexed search request to index service subsystem, carries the IndexID that the index of request retrieval is corresponding in this indexed search request;
5, index service subsystem is retrieved according to IndexID, and the Value searched is returned to business plug-in unit.
Embodiment four, plug-in registration management service embodiment
Initialization operation: when first time runs comprehensive access gate equipment, in comprehensive access gate equipment, each subsystem must perform initialization, completes the registration on unitary service platform.
Registration service feature condition stub:
If 1, unified management subsystem registration failure, then comprehensive access gate entirety can not be run;
2, other subsystem plug-in unit, completes registration as far as possible;
3, other business plug-in unit and subsystem plug-in registration success after, unified management subsystem need can identify package types, and generate acquiescence configuration data; Unified management subsystem needs can the registration reply information that returns of analyzing platform, and by information displaying such as plug-in unit ID wherein, plug-in unit description, package types at front page layout;
4, unified management subsystem register message comprises: current time in system, MASID, plug-in unit mark, plug-in version, plug-in unit IP address;
5, comprehensive access gate is when having installed new plug-in unit, amendment plug-in parameter or when changing machine device reinstalls, and to initiate registration to platform in real time.The KEY of registration is APID.After registration is initiated, MAS unitary service platform response registering result.After succeeding in registration, business plug-in unit can open communication capacity, does not have the business plug-in unit registered, cannot use;
6, after the success of business plug-in registration, if enterprise has applied for multiple mobile network's Number for access, at comprehensive access gate based on different business, different Numbers for access can have been configured;
7, during registration, unified management subsystem, needs the APID of checking business plug-in unit and the encrypted message through encryption.Cryptographic algorithm is as follows:
When business plug-in unit is registered first, the APID that password default (password) is business plug-in unit.After business plug-in registration completes, password can be modified at comprehensive access gate.Business plug-in unit is non-to be registered first, and password needs consistent with the Configuration Values of comprehensive access gate.
Password does not transmit at network plaintext.Password encryption mode is as follows
Identifying code algorithm is:
AuthCode=MD5(APID+password+ plug-in unit IP)
Comprehensive access gate after the requests have been received, needs according to the APID in message, the IP address of opposite end, and the password configured, and calculates AuthCode.Only have AuthCode consistent, comprehensive access gate just receives call request.
Embodiment five, service message call embodiment
See Fig. 2, the service message call flow that the embodiment of the present invention provides can comprise the following steps:
1, business plug-in unit submits request message to unified message scheduler subsystem, carries the APID of business plug-in unit and use message type information in this request message;
Wherein, the function that this use message type information is called for identifying this business plug-in request, the drive plug namely in network-driven subsystem, as note plug-in unit, multimedia message plug-in unit etc.
2, unified message scheduler subsystem judges whether to provide service to this business plug-in unit, and whether carries out flow control;
Wherein, according to the APID of business plug-in unit, unified message scheduler subsystem can determine whether this business plug-in unit is register the business plug-in unit passed through, and when determine this business plug-in registration by time, determine whether this business plug-in unit possesses the authority calling corresponding function according to this use type of message message further.
3, unified message scheduler subsystem distributes MASMsgID to request message, and MASMsgID is the unique identification of this request message inside the Pass synthesis access network;
4, unified message scheduler subsystem returns submission acknowledgement messaging to business plug-in unit, wherein carries MASMsgID information;
5, unified message scheduler subsystem fills enterprise attributes information in the message;
Wherein, enterprise attributes information is used for the business plug-in unit of network-driven subsystem to correspondence and carries out authentication, namely determines whether this enterprise attributes information has the authority calling corresponding function (drive plug).
6, unified message scheduler subsystem is according to routing policy to network-driven subsystem forwarding messages, wherein carries the APID information of business plug-in unit, the APID information of unified message scheduler subsystem, MASMsgID information;
7, network-driven subsystem returns reception response message to unified message scheduler subsystem, and unified message scheduler subsystem goes out former message according to SeqID information matches.Unified message scheduler subsystem generates a statistics metadata, and is sent to statistical fractals subsystem;
Wherein, in this embodiment, unified message scheduler subsystem sends message to networking driver sub-system and adopts asynchronous mode, namely after unified message scheduler subsystem sends message to driver sub-system to network-driven subsystem, do not need to wait for that network-driven subsystem returns the reception response of this message, next message can be sent.Wherein, need to carry SeqID in this message, when network-driven subsystem receives message, to the reception response message that unified message scheduler subsystem returns, unified message scheduler subsystem inquires corresponding (SeqID is identical) former message (namely unified message scheduler subsystem sends to the message of network-driven subsystem) according to the SeqID received in response message, and generate should the statistics metadata of former message, as message send successfully, message sends unsuccessfully etc.
8, the message recompile that unified message scheduler subsystem forwarded of network-driven subsystem, initiates to submit request message to mobile communication system (such as: Short Message Service Gateway);
9, mobile communication system returns and accepts result;
Wherein, after mobile communication system receives the request message of network-driven subsystem forwarding, need for this request message distributes GWMsgID, this GWMsgID is this request message unique identification in mobile communication system, and this GWMsgID is returned to unified message scheduler subsystem, by the corresponding relation of corresponding GWMsgID and MASMsgID of unified message scheduler subsystem record.
10, network-driven subsystem, accepts result feedback to unified message scheduler subsystem, wherein carries APID and GWMsgID of business plug-in unit by message;
Wherein, after unified message scheduler subsystem receives and accepts result, determine corresponding MASMsgID according to the GWMsgID wherein carried, so determine corresponding request message accept result.
11, status report is sent to network-driven subsystem by mobile communication system, carries GWMsgID in this status report;
Wherein, status report comprise that message sends successfully, subscriber absent etc.
12, status report is forwarded to unified message scheduler subsystem by network-driven subsystem;
13, upstream message is forwarded to business plug-in unit by unified message scheduler subsystem.
By describing above and can finding out, compared with prior art, the comprehensive access gate that the embodiment of the present invention provides has the following advantages:
1, unified management subsystem provides the management service that application system externally provides unified: based on the application system of the outside that comprehensive access gate provided by the invention is developed, again need not manage by development of user, carry out unified customer management and authentication by comprehensive access gate;
2, unified address list service: comprehensive access gate application system plug-in unit externally provides unified address list service; The application system of the outside of obtaining the authorization can carry out address list increase, amendment, delete, browse;
The application system of the outside 3, developed based on comprehensive access gate provided by the invention, can based on the index service subsystem of comprehensive access gate, secondary development index related application;
4, based on comprehensive access gate provided by the invention, the System Interface Protocol of carrier side need not be paid close attention to, provide simply consistent Webservice interface by comprehensive access gate; And the driver sub-system of comprehensive access gate arbitrarily can increase the drive plug of new ability online;
5, comprehensive access gate can distributed deployment, and on-line rapid estimation, as increased network-driven subsystem, unified message scheduler subsystem etc. in real time;
6, different business is used for for enterprise's multiple mobile Number for access of application, before being forwarded to network-driven subsystem, filling in of business information is carried out by unified message scheduler subsystem, avoid and bind with the pressure of network interface, easily can realize a gateway and use multiple Number for access accessing mobile communication network.
By the description of above execution mode, those skilled in the art can be well understood to the mode that the present invention can add required general hardware platform by software and realize, and can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform method described in each embodiment of the present invention.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device in embodiment can be distributed in the device of embodiment according to embodiment description, also can carry out respective change and be arranged in the one or more devices being different from the present embodiment.The module of above-described embodiment can merge into a module, also can split into multiple submodule further.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
Be only several specific embodiment of the present invention above, but the present invention is not limited thereto, the changes that any person skilled in the art can think of all should fall into protection scope of the present invention.
Claims (9)
1. a distributed enterprise comprehensive access gate, it is characterized in that, be applied to the system comprising the unitary service platform being deployed in carrier side, described unitary service platform is used for carrying out telesecurity management and control to the described distributed enterprise comprehensive access gate being deployed in enterprise side; Described distributed enterprise comprehensive access gate comprises: unified management subsystem, unified message scheduler subsystem, network-driven subsystem; Wherein:
Described unified management subsystem, for carrying out operation monitoring to other subsystem of described distributed enterprise comprehensive access gate, and carries out uniform registration management to the application system of outside; Unified subscription authentication is carried out to the initiator of request access application system, and the right assignment of corresponding application system;
Described unified message scheduler subsystem, for providing unified service message interface to the application system of outside; Described message is forwarded to the corresponding application system of outside or the drive plug of network-driven subsystem by the up-downgoing type of message according to the message received;
Described network-driven subsystem, for docking with mobile radio communication and mobile internet, the message conversion that unified message scheduler subsystem sends is become the message of the form required for mobile communications network or mobile internet, or the upstream message of mobile radio communication or mobile Internet is carried out transcoding according to the agreement of described distributed enterprise comprehensive access gate and is forwarded to described unified message scheduler subsystem.
2. distributed enterprise comprehensive access gate as claimed in claim 1, is characterized in that,
Described unified management subsystem specifically for, timing sends heartbeat detection message, to determine whether other subsystems of described distributed enterprise comprehensive access gate exception occur to other subsystems of described distributed enterprise comprehensive access gate.
3. distributed enterprise comprehensive access gate as claimed in claim 1, is characterized in that,
Described unified management subsystem specifically for, receive the control command that described unitary service platform sends, and to control according to described control command other subsystems to described distributed enterprise comprehensive access gate.
4. distributed enterprise comprehensive access gate as claimed in claim 1, is characterized in that,
Described unified management subsystem specifically for, safeguard the register list information registering the application system of outside passed through.
5. distributed enterprise comprehensive access gate as claimed in claim 1, is characterized in that,
Described unified message scheduler subsystem specifically for, when receiving the downstream message that outside application system sends, described downstream message is sent to the drive plug of corresponding network-driven subsystem;
Described network-driven subsystem specifically for, when receiving the message that described unified message scheduler subsystem sends, described down conversion is become the message of the form required for corresponding mobile communications network or mobile internet, and be transmitted to corresponding mobile communications network or mobile internet.
6. distributed enterprise comprehensive access gate as claimed in claim 1, is characterized in that,
Described network-driven subsystem specifically for, when receiving the upstream message of mobile communications network or mobile internet transmission, agreement according to described distributed enterprise comprehensive access gate carries out transcoding to this upstream message, and is forwarded to described unified message scheduler subsystem;
Described unified message scheduler subsystem specifically for, when receiving the message that described network-driven subsystem forwards, described message is transmitted to the application system of corresponding outside.
7. distributed enterprise comprehensive access gate as claimed in claim 1, is characterized in that, also comprise:
Statistical fractals subsystem, the data that other subsystem for gathering described distributed enterprise comprehensive access gate produces, are supplied to outside application system and unitary service platform collection; To the data analysis that described distributed enterprise comprehensive access gate produces, for user and outside application system query statistic.
8. distributed enterprise comprehensive access gate as claimed in claim 1, is characterized in that, also comprise:
Address list service subsystem, provides unified address list function for application system externally.
9. distributed enterprise comprehensive access gate as claimed in claim 1, is characterized in that, also comprise:
Index service subsystem, the drive plug for application system externally and network-driven subsystem provides index service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310739420.7A CN104753774B (en) | 2013-12-26 | 2013-12-26 | A kind of distributed enterprise comprehensive access gate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310739420.7A CN104753774B (en) | 2013-12-26 | 2013-12-26 | A kind of distributed enterprise comprehensive access gate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104753774A true CN104753774A (en) | 2015-07-01 |
| CN104753774B CN104753774B (en) | 2018-07-24 |
Family
ID=53592916
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310739420.7A Active CN104753774B (en) | 2013-12-26 | 2013-12-26 | A kind of distributed enterprise comprehensive access gate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104753774B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105376155A (en) * | 2015-10-14 | 2016-03-02 | 北京无线天利移动信息技术股份有限公司 | Intelligent route system and method based on distributed cluster framework |
| CN108390917A (en) * | 2018-01-25 | 2018-08-10 | 珠海金山网络游戏科技有限公司 | Intelligence sends message approach and device |
| CN111464509A (en) * | 2020-03-18 | 2020-07-28 | 珠海市鸿瑞信息技术股份有限公司 | Network security isolation system for double-processing system |
| CN116208593A (en) * | 2021-11-30 | 2023-06-02 | 比亚迪股份有限公司 | Integrated monitoring system comprising interactive gateway and data interaction method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101072129A (en) * | 2007-06-25 | 2007-11-14 | 北京邮电大学 | JMX based network service management method and its application system |
| CN101227470A (en) * | 2008-01-30 | 2008-07-23 | 中兴通讯股份有限公司 | System and method of business management |
| CN101415144A (en) * | 2008-12-10 | 2009-04-22 | 中国电信股份有限公司 | Mobile medium information synthesis business platform system and implementing method thereof |
| CN101437002A (en) * | 2007-11-16 | 2009-05-20 | 中国移动通信集团公司 | Mobile proxy server system |
| CN102694926A (en) * | 2011-03-22 | 2012-09-26 | 中兴通讯股份有限公司 | Comprehensive value-added service system supporting multi-service integration and method thereof |
| CN103312766A (en) * | 2011-11-15 | 2013-09-18 | 华为技术有限公司 | Method, system and device for supporting permanent online of application client |
| US8549300B1 (en) * | 2010-02-23 | 2013-10-01 | Juniper Networks, Inc. | Virtual single sign-on for certificate-protected resources |
-
2013
- 2013-12-26 CN CN201310739420.7A patent/CN104753774B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101072129A (en) * | 2007-06-25 | 2007-11-14 | 北京邮电大学 | JMX based network service management method and its application system |
| CN101437002A (en) * | 2007-11-16 | 2009-05-20 | 中国移动通信集团公司 | Mobile proxy server system |
| CN101227470A (en) * | 2008-01-30 | 2008-07-23 | 中兴通讯股份有限公司 | System and method of business management |
| CN101415144A (en) * | 2008-12-10 | 2009-04-22 | 中国电信股份有限公司 | Mobile medium information synthesis business platform system and implementing method thereof |
| US8549300B1 (en) * | 2010-02-23 | 2013-10-01 | Juniper Networks, Inc. | Virtual single sign-on for certificate-protected resources |
| CN102694926A (en) * | 2011-03-22 | 2012-09-26 | 中兴通讯股份有限公司 | Comprehensive value-added service system supporting multi-service integration and method thereof |
| CN103312766A (en) * | 2011-11-15 | 2013-09-18 | 华为技术有限公司 | Method, system and device for supporting permanent online of application client |
Non-Patent Citations (2)
| Title |
|---|
| 高超: "基于移动网络的聚合应用的研究与设计", 《中国优秀硕士学位论文全文数据库》 * |
| 黄旭: "综合业务接入网关(ISAG)Web Service接口研究", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105376155A (en) * | 2015-10-14 | 2016-03-02 | 北京无线天利移动信息技术股份有限公司 | Intelligent route system and method based on distributed cluster framework |
| CN105376155B (en) * | 2015-10-14 | 2018-11-02 | 北京无线天利移动信息技术股份有限公司 | A kind of Intelligent routing system and method based on distributed type assemblies framework |
| CN108390917A (en) * | 2018-01-25 | 2018-08-10 | 珠海金山网络游戏科技有限公司 | Intelligence sends message approach and device |
| CN108390917B (en) * | 2018-01-25 | 2021-02-02 | 珠海金山网络游戏科技有限公司 | Intelligent message sending method and device |
| CN111464509A (en) * | 2020-03-18 | 2020-07-28 | 珠海市鸿瑞信息技术股份有限公司 | Network security isolation system for double-processing system |
| CN111464509B (en) * | 2020-03-18 | 2022-02-01 | 珠海市鸿瑞信息技术股份有限公司 | Network security isolation system for double-processing system |
| CN116208593A (en) * | 2021-11-30 | 2023-06-02 | 比亚迪股份有限公司 | Integrated monitoring system comprising interactive gateway and data interaction method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104753774B (en) | 2018-07-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110839087B (en) | Interface calling method and device, electronic equipment and computer readable storage medium | |
| WO2023165150A1 (en) | Communication method and apparatus, and satellite convergence gateway and readable storage medium | |
| CN101005503A (en) | Method and data processing system for intercepting communication between a client and a service | |
| EP3017390B1 (en) | Method and system related to authentication of users for accessing data networks | |
| CN109361753A (en) | A kind of Internet of things system framework and encryption method | |
| US7523492B2 (en) | Secure gateway with proxy service capability servers for service level agreement checking | |
| CN112073923A (en) | Communication method, device, gateway and readable storage medium compatible with multiple operators | |
| CN104753774A (en) | Distributed enterprise integrated access gateway | |
| WO2015027931A1 (en) | Method and system for realizing cross-domain remote command | |
| US8731532B2 (en) | Method for delivering electronic documents using mobile telephony identifiers in a secure manner in conjunction with internet protocols and address systems | |
| CN115174592A (en) | Enterprise-level data request forwarding system and method | |
| CN110636071B (en) | Interface docking method | |
| CN112350982B (en) | Resource authentication method and device | |
| CN110933016B (en) | Login authentication method and device for call center system | |
| CN111935125B (en) | Authentication method and device based on distributed architecture and micro-service system | |
| CN108632090B (en) | Network management method and system | |
| CN112637316B (en) | Communication method and device | |
| CN115550322B (en) | User registration method and device based on network security protocol, electronic equipment and medium | |
| CN116151903B (en) | Service processing method and device based on sales promotion management system | |
| CN113905021B (en) | Communication method and device of fixed telephone, electronic equipment and storage medium | |
| US8422989B1 (en) | Method and system for encoding telecommunications user information | |
| CN116074024A (en) | Monitoring plug-in authentication method and system based on cloud computing technology | |
| CN117062075A (en) | Private network security authentication method, device and system | |
| CN114070830A (en) | Internet agent single-arm deployment architecture and internet agent remote deployment system | |
| CN111556483A (en) | Card writing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |