CN112541170A - System maintenance method, device, computer equipment and storage medium - Google Patents
System maintenance method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN112541170A CN112541170A CN202011521241.2A CN202011521241A CN112541170A CN 112541170 A CN112541170 A CN 112541170A CN 202011521241 A CN202011521241 A CN 202011521241A CN 112541170 A CN112541170 A CN 112541170A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- monitoring
- identity authentication
- authentication
- monitoring server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
Abstract
The application relates to a system maintenance method, a system maintenance device, computer equipment and a storage medium. The method comprises the following steps: the system comprises the bastion machine, the monitoring server and a plurality of user terminals, and the method comprises the following steps: receiving an authentication instruction, and performing identity authentication according to identity authentication information carried in the authentication instruction; if the identity authentication is determined to pass, acquiring historical monitoring information of each user terminal from the monitoring server; the historical monitoring information comprises the running state of the user terminal in a preset historical time period; maintaining the target user terminal through the fort machine; and the target user terminal is a user terminal which is determined by the user according to the historical monitoring information and has a fault. By adopting the method, the problem solving efficiency can be improved.
Description
Technical Field
The present application relates to the field of system maintenance technologies, and in particular, to a system maintenance method, an apparatus, a computer device, and a storage medium.
Background
In recent years, with the increasing importance of people on medical health, the demand for medical services is increasing, and the degree of medical informatization is gradually increasing with the rapid development of various technologies of the internet.
Due to the popularization of informatization, terminal devices in hospitals are increasing. When the terminal equipment breaks down, the situation known in advance may come in and go out with the actual fault, so the situation is often checked one by one after the terminal equipment arrives at the site, and the problem solving efficiency is low.
Disclosure of Invention
In view of the above, it is necessary to provide a system maintenance method, apparatus, computer device, and storage medium capable of improving the problem solving efficiency.
A system maintenance method, the system comprising a bastion machine, a monitoring server and a plurality of user terminals, the method comprising:
receiving an authentication instruction, and performing identity authentication according to identity authentication information carried in the authentication instruction;
if the identity authentication is determined to pass, acquiring historical monitoring information of each user terminal from the monitoring server; the historical monitoring information comprises the running state of the user terminal in a preset historical time period;
maintaining the target user terminal through the fort machine; and the target user terminal is the user terminal with the fault determined by the user according to the historical monitoring information.
In one embodiment, the system further comprises a VPN server; before the receiving the authentication instruction, the method further includes:
virtual network addresses are distributed to the bastion machine, the monitoring server and the user terminals through the VPN server, and the virtual network addresses corresponding to the user terminals are stored in the bastion machine and the monitoring server.
In one embodiment, the maintaining the target user terminal through the bastion machine includes:
receiving a maintenance instruction input by a user; the maintenance instruction comprises a terminal identifier and maintenance operation of the target user terminal;
and remotely accessing the target user terminal through the bastion machine and executing maintenance operation.
In one embodiment, the method further comprises:
and recording the maintenance process of the target user terminal by adopting a fortress machine, and generating a system log.
In one embodiment, the method further comprises:
and monitoring the running state of each user terminal through the monitoring server to obtain the monitoring information corresponding to each user terminal.
In one embodiment, the monitoring the operating state of each user terminal by the monitoring server to obtain the monitoring information corresponding to each user terminal includes:
operating a first monitoring program pre-installed in a monitoring server; the first monitoring program is used for controlling the monitoring server to poll each user terminal to obtain monitoring information collected by each user terminal in real time;
or, operating a second monitoring program pre-installed in each user terminal; the second monitoring program is used for controlling the user terminal to send the monitoring information acquired in real time to the monitoring server.
In one embodiment, the performing identity authentication according to the identity authentication information carried in the authentication instruction includes:
performing dual identity authentication according to identity authentication information carried by the authentication instruction; the dual identity authentication comprises AD domain authentication and multi-factor authentication;
and if the identity authentication information is matched with the reserved authentication information, determining that the identity authentication is passed.
In one embodiment, the system is a medical system, and the bastion machine, the monitoring server and the user terminal are all disposed in a hospital.
A system maintenance apparatus, the system including a bastion machine, a monitoring server and a plurality of user terminals, the apparatus comprising:
the identity authentication module is used for receiving the authentication instruction and authenticating the identity according to identity authentication information carried in the authentication instruction;
the monitoring information acquisition module is used for acquiring historical monitoring information of each user terminal from the monitoring server if the identity authentication is determined to pass; the historical monitoring information comprises the running state of the user terminal in a preset historical time period;
the maintenance module is used for maintaining the target user terminal through the bastion machine; and the target user terminal is the user terminal with the fault determined by the user according to the historical monitoring information.
In one embodiment, the system further comprises a VPN server; the device also includes:
and the address distribution module is used for distributing virtual network addresses to the bastion machine, the monitoring server and each user terminal through the VPN server and storing the virtual network addresses corresponding to each user terminal into the bastion machine and the monitoring server.
In one embodiment, the maintenance module is specifically configured to receive a maintenance instruction input by a user; the maintenance instruction comprises a terminal identifier and maintenance operation of the target user terminal; and remotely accessing the target user terminal through the bastion machine and executing maintenance operation.
In one embodiment, the apparatus further comprises:
and the recording module is used for recording the maintenance process of the target user terminal by adopting the bastion machine and generating a system log.
In one embodiment, the apparatus further comprises:
and the monitoring module is used for monitoring the running state of each user terminal through the monitoring server to obtain the monitoring information corresponding to each user terminal.
In one embodiment, the monitoring module is specifically configured to run a first monitoring program pre-installed in a monitoring server; the first monitoring program is used for controlling the monitoring server to poll each user terminal to obtain monitoring information collected by each user terminal in real time; or, operating a second monitoring program pre-installed in each user terminal; the second monitoring program is used for controlling the user terminal to send the monitoring information acquired in real time to the monitoring server.
In one embodiment, the identity authentication module is specifically configured to perform dual identity authentication according to identity authentication information carried in an authentication instruction; the dual identity authentication comprises AD domain authentication and multi-factor authentication; and if the identity authentication information is matched with the reserved authentication information, determining that the identity authentication is passed.
In one embodiment, the system is a medical system, and the bastion machine, the monitoring server and the user terminal are all disposed in a hospital.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
receiving an authentication instruction, and performing identity authentication according to identity authentication information carried in the authentication instruction;
if the identity authentication is determined to pass, acquiring historical monitoring information of each user terminal from the monitoring server; the historical monitoring information comprises the running state of the user terminal in a preset historical time period;
maintaining the target user terminal through the fort machine; and the target user terminal is the user terminal with the fault determined by the user according to the historical monitoring information.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
receiving an authentication instruction, and performing identity authentication according to identity authentication information carried in the authentication instruction;
if the identity authentication is determined to pass, acquiring historical monitoring information of each user terminal from the monitoring server; the historical monitoring information comprises the running state of the user terminal in a preset historical time period;
maintaining the target user terminal through the fort machine; and the target user terminal is the user terminal with the fault determined by the user according to the historical monitoring information.
The system maintenance method, the device, the computer equipment and the storage medium receive the authentication instruction and perform identity authentication according to the identity authentication information carried in the authentication instruction; if the identity authentication is determined to pass, acquiring historical monitoring information of each user terminal from the monitoring server; and maintaining the target user terminal through the fort machine. In the embodiment of the disclosure, the user can know the operation condition of each user terminal through the monitoring server without arriving at the site, and the failed user terminal is maintained through the bastion machine.
Drawings
FIG. 1 is a diagram of an application environment of a system maintenance method according to an embodiment;
FIG. 2 is a schematic flow chart diagram illustrating a system maintenance method according to one embodiment;
figure 3 is a flow diagram illustrating the maintenance steps performed by the bastion machine on the target user terminal in one embodiment;
FIG. 4 is a flowchart illustrating an embodiment of performing an identity authentication procedure according to identity authentication information carried in an authentication command;
FIG. 5 is a block diagram showing the structure of a system maintenance apparatus according to an embodiment;
FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The system maintenance method provided by the application can be applied to the application environment shown in fig. 1. The application environment includes a system composed of a bastion machine 101, a monitoring server 102 and a plurality of user terminals 103, and a remote terminal 104; the bastion machine 101 and the monitoring server 102 can communicate with the user terminal 103 through a network, and the remote terminal 104 can communicate with the bastion machine 101 and the monitoring server 102 through the network to maintain the user terminal in the system. The user terminal 103 and the remote terminal 104 can be, but not limited to, various personal computers and notebook computers, and the bastion machine 101 and the monitoring server 102 can be implemented by a separate server or a server cluster composed of a plurality of servers.
In one embodiment, as shown in fig. 2, a system maintenance method is provided, which is described by taking the example that the method is applied to the remote terminal in fig. 1, and includes the following steps:
And the user opens an identity authentication interface in the remote terminal, and the remote terminal receives an authentication instruction through the identity authentication interface and performs identity authentication according to identity authentication information carried in the authentication instruction.
For example, the user opens a browser in the remote terminal and opens an authentication interface in the browser. Then, the user inputs a user name and a password in an identity authentication interface; and the remote terminal receives the user name and the password and carries out identity authentication according to the user name and the password. The embodiment of the present disclosure does not limit the identity authentication information.
The process of identity authentication of the remote terminal may include: acquiring and storing identity authentication information in advance; comparing the identity authentication information in the authentication instruction with the reserved identity authentication information, and if the identity authentication information is matched with the reserved identity, determining that the identity authentication is passed; and if the identity authentication information does not match the reserved identity information, determining that the identity authentication fails. If the identity authentication is determined to pass, executing step 202; if the identity authentication is determined to be failed, the identity authentication failure information can be fed back, and the user is prompted to input the identity authentication information again.
The historical monitoring information comprises the running state of the user terminal in a preset historical time period.
Each user terminal monitors the running state of the user terminal in real time to obtain monitoring information, and the monitoring server acquires and stores the monitoring information of each user terminal. When the user terminal needs to be maintained, if the identity authentication is determined to pass, the remote terminal acquires the running state of each user terminal in a preset historical time period from the monitoring server.
For example, the remote terminal acquires the previous 24-hour operating state of each user terminal from the monitoring server; or the remote terminal acquires the operation state of each user terminal in the previous week from the monitoring server. The embodiment of the present disclosure does not limit the preset history period.
And step 203, maintaining the target user terminal through the bastion machine.
And the target user terminal is the user terminal with the fault determined by the user according to the historical monitoring information.
After the historical monitoring information of each user terminal is obtained, the remote terminal can display the historical monitoring information of each user terminal. And browsing the historical monitoring information of each user terminal by the user, and determining the target user terminal with the fault. The remote terminal is connected to the target user terminal through the bastion machine, so that a user carries out maintenance operation on the remote terminal, the maintenance operation can be transmitted to the target user terminal through the bastion machine, and maintenance of the target user terminal is achieved.
For example, the user performs a fault debugging operation at the remote terminal, and the fault debugging operation is transmitted to the target user terminal through the bastion machine, so that the fault of the target user terminal is eliminated.
As can be appreciated, the bastion machine is deployed in the system, and can be automatically deployed through the bastion machine when the terminal part is upgraded or maintained, so that the workload of configuration one by one is greatly reduced.
In one embodiment, the system is a medical system, and the bastion machine, the monitoring server and the user terminal are all disposed in a hospital. The system is easy to deploy, low in implementation cost and small in influence on the existing medical system.
In one embodiment, the Zabbix server has the advantages of easy deployment, friendly interactive interface and the like, so the monitoring server can adopt the Zabbix server. The monitoring server may also be a Promishs server, which is not limited in the embodiment of the present disclosure.
In the system maintenance method, an authentication instruction is received, and identity authentication is carried out according to identity authentication information carried in the authentication instruction; if the identity authentication is determined to pass, acquiring historical monitoring information of each user terminal from the monitoring server; and maintaining the target user terminal through the fort machine. In the embodiment of the disclosure, the user can know the operation condition of each user terminal through the monitoring server without arriving at the site, and the failed user terminal is maintained through the bastion machine.
In one embodiment, the system further comprises a VPN server, the VPN server being in communication with the bastion machine, the monitoring server and each of the user terminals over a network. Before the receiving the authentication instruction, the method may further include: virtual network addresses are distributed to the bastion machine, the monitoring server and the user terminals through the VPN server, and the virtual network addresses corresponding to the user terminals are stored in the bastion machine and the monitoring server.
In practical application, a VPN server is built on a public cloud server through Openvpn, and a specific port is opened for access; meanwhile, the certificate of each user terminal is configured in the VPN server, and virtual network addresses are configured for the bastion machine, the monitoring server and each user terminal. And the bastion machine, the monitoring server and the user terminal can communicate with the VPN server through the VPN client. Further, the communication between the bastion machine and the user terminal can be forwarded through the VPN server, and the communication between the monitoring server and the user can also be forwarded through the VPN server.
In the embodiment, the virtual network addresses are distributed to the bastion machine, the monitoring server and each user terminal through the VPN server, and the monitoring server can communicate with the user terminals according to the virtual network addresses, so that the monitoring information of the user terminals is obtained; the bastion machine can communicate with the user terminal according to the virtual network address, so that maintenance operation is carried out on the user terminal. Because each user terminal has a fixed virtual network address, the user terminals are convenient to manage, and monitoring and maintenance work is prevented from being influenced by network address change.
In one embodiment, as shown in fig. 3, the step of performing maintenance on the target user terminal through the bastion machine may include:
The maintenance instruction comprises a terminal identifier and a maintenance operation of the target user terminal.
And the remote terminal receives the terminal identification and the maintenance operation of the target user terminal input by the user.
And step 302, remotely accessing the target user terminal through the bastion machine and executing maintenance operation.
After receiving a terminal identifier of a target user terminal, a remote terminal determines a target virtual network address corresponding to the target user terminal according to the terminal identifier; and then, according to the target virtual network address, the remote terminal accesses the target user terminal through the bastion machine and controls the target user terminal to execute maintenance operation.
And the bastion machine remotely accesses the user terminal through protocols such as RDP, SSH and the like. Among them, RDP (remote desktop protocol) is a multi-channel protocol, which allows users to connect to computers providing microsoft terminal services. The SSH is a security protocol established on the basis of an application layer, and the SSH protocol can effectively prevent the problem of information leakage in the remote management process.
In one embodiment, the method may further include: and recording the maintenance process of the target user terminal by adopting a fortress machine, and generating a system log. The bastion machine can be understood to record the maintenance process of the target user terminal, so that the maintenance process can be traced and audited, and the normalization of maintenance operation is ensured. The generated system log can be subjected to big data analysis, and the safety and the stability of the system can be improved according to the analysis result.
In the step of maintaining the target user terminal through the bastion machine, receiving a maintenance instruction input by a user; and remotely accessing the target user terminal through the bastion machine and executing maintenance operation. In the embodiment of the disclosure, the user terminal is maintained through the bastion machine, and the remote terminal can be prevented from directly communicating with the user terminal, so that the safety and stability of the system are improved.
In one embodiment, the method may further include: and monitoring the running state of each user terminal through the monitoring server to obtain the monitoring information corresponding to each user terminal. Each user terminal monitors the running state of the user terminal in real time, such as CPU occupancy rate, memory occupancy rate and the like. The following method can be adopted for the monitoring server to acquire the monitoring information from each user terminal:
the first method is as follows: operating a first monitoring program pre-installed in a monitoring server; the first monitoring program is used for controlling the monitoring server to poll each user terminal to obtain monitoring information collected by each user terminal in real time.
A first monitoring program is pre-installed in a monitoring server. When the monitoring information needs to be acquired, the first monitoring program is operated, and the first monitoring program controls the monitoring server to poll each user terminal and acquire the monitoring information from each user terminal.
The second method comprises the following steps: operating a second monitoring program pre-installed in each user terminal; and the second monitoring program is used for controlling the user terminal to send the monitoring information acquired in real time to the monitoring server.
And a second monitoring program is pre-installed in each user terminal. When the monitoring information needs to be acquired, the second monitoring program in each user terminal is operated, and the second monitoring program controls each user terminal to send the monitoring information to the monitoring server.
In one embodiment, an alarm condition is preset in the monitoring server; and after the monitoring server acquires the monitoring information of each user terminal, matching the monitoring information with the alarm condition, and outputting alarm information if the monitoring information accords with the alarm condition. The monitoring server gives an alarm, so that the user can take corresponding measures in time, and the problem is avoided.
In the above embodiment, the monitoring server monitors the operating state of each user terminal to obtain the monitoring information corresponding to each user terminal, so that the remote terminal can obtain the historical monitoring information of each user terminal from the monitoring server, and a user can know the operating condition of each user terminal without arriving at the site, thereby solving the problem in time and improving the efficiency of solving the problem.
In an embodiment, as shown in fig. 4, the step of performing identity authentication according to the identity authentication information carried in the authentication instruction may include:
and step 401, performing dual identity authentication according to the identity authentication information carried by the authentication instruction.
The dual identity authentication comprises AD domain authentication and multi-factor authentication. The AD domain authentication is to verify whether the user is a domain user by verifying the connection domain server according to the user name and the password. The multi-factor authentication is a method for authenticating the identity of a user by using two or more conditions, and generally combines a password and an object (such as a U shield, a scrambler, a mobile phone short message, a fingerprint and the like) to effectively improve the security.
After receiving the authentication instruction, the remote terminal can perform AD domain authentication and multi-factor authentication simultaneously according to the identity authentication information in the authentication instruction, and can also perform other identity authentications. The authentication method is not limited in the embodiments of the present disclosure.
And step 402, if the identity authentication information is matched with the reserved authentication information, determining that the identity authentication is passed.
Wherein, the reserved authentication information may include at least one of a user name, a password, fingerprint information, and face information.
In the identity authentication process, the remote terminal compares the identity authentication information carried in the authentication instruction with the reserved authentication information, and if the identity authentication information is matched with the reserved authentication information, the identity authentication is determined to be passed. And if the identity authentication information does not match the reserved authentication information, determining that the identity authentication fails. If the authentication fails, the user may be prompted to enter authentication information again. The embodiments of the present disclosure do not limit this.
In the step of performing identity authentication according to the identity authentication information carried in the authentication instruction, performing dual identity authentication according to the identity authentication information carried in the authentication instruction; and if the identity authentication information is matched with the reserved authentication information, determining that the identity authentication is passed. The embodiment of the disclosure adopts dual identity authentication, provides dual guarantee for the identity of the login user, and reduces the risk of data leakage.
It should be understood that although the various steps in the flowcharts of fig. 2-4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-4 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps or stages.
In one embodiment, as shown in fig. 5, there is provided a system maintenance apparatus, including:
the identity authentication module 501 is configured to receive an authentication instruction and perform identity authentication according to identity authentication information carried in the authentication instruction;
a monitoring information obtaining module 502, configured to obtain historical monitoring information of each user terminal from the monitoring server if it is determined that the identity authentication passes; the historical monitoring information comprises the running state of the user terminal in a preset historical time period;
a maintenance module 503, configured to maintain the target user terminal through the bastion machine; and the target user terminal is the user terminal with the fault determined by the user according to the historical monitoring information.
In one embodiment, the system further comprises a VPN server; the device also includes:
and the address distribution module is used for distributing virtual network addresses to the bastion machine, the monitoring server and each user terminal through the VPN server and storing the virtual network addresses corresponding to each user terminal into the bastion machine and the monitoring server.
In one embodiment, the maintenance module 503 is specifically configured to receive a maintenance instruction input by a user; the maintenance instruction comprises a terminal identifier and maintenance operation of the target user terminal; and remotely accessing the target user terminal through the bastion machine and executing maintenance operation.
In one embodiment, the apparatus further comprises:
and the recording module is used for recording the maintenance process of the target user terminal by adopting the bastion machine and generating a system log.
In one embodiment, the apparatus further comprises:
and the monitoring module is used for monitoring the running state of each user terminal through the monitoring server to obtain the monitoring information corresponding to each user terminal.
In one embodiment, the monitoring module is specifically configured to run a first monitoring program pre-installed in a monitoring server; the first monitoring program is used for controlling the monitoring server to poll each user terminal to obtain monitoring information collected by each user terminal in real time; or, operating a second monitoring program pre-installed in each user terminal; the second monitoring program is used for controlling the user terminal to send the monitoring information acquired in real time to the monitoring server.
In one embodiment, the identity authentication module is specifically configured to perform dual identity authentication according to identity authentication information carried in an authentication instruction; the dual identity authentication comprises AD domain authentication and multi-factor authentication; and if the identity authentication information is matched with the reserved authentication information, determining that the identity authentication is passed.
In one embodiment, the system is a medical system, and the bastion machine, the monitoring server and the user terminal are all disposed in a hospital.
For specific limitations of the system maintenance device, reference may be made to the above limitations of the system maintenance method, which are not described herein again. The various modules in the system maintenance device described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 6. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a system maintenance method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
receiving an authentication instruction, and performing identity authentication according to identity authentication information carried in the authentication instruction;
if the identity authentication is determined to pass, acquiring historical monitoring information of each user terminal from the monitoring server; the historical monitoring information comprises the running state of the user terminal in a preset historical time period;
maintaining the target user terminal through the fort machine; and the target user terminal is the user terminal with the fault determined by the user according to the historical monitoring information.
In one embodiment, the system further comprises a VPN server; the processor, when executing the computer program, further performs the steps of:
virtual network addresses are distributed to the bastion machine, the monitoring server and the user terminals through the VPN server, and the virtual network addresses corresponding to the user terminals are stored in the bastion machine and the monitoring server.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
receiving a maintenance instruction input by a user; the maintenance instruction comprises a terminal identifier and maintenance operation of the target user terminal;
and remotely accessing the target user terminal through the bastion machine and executing maintenance operation.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and recording the maintenance process of the target user terminal by adopting a fortress machine, and generating a system log.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and monitoring the running state of each user terminal through the monitoring server to obtain the monitoring information corresponding to each user terminal.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
operating a first monitoring program pre-installed in a monitoring server; the first monitoring program is used for controlling the monitoring server to poll each user terminal to obtain monitoring information collected by each user terminal in real time;
or, operating a second monitoring program pre-installed in each user terminal; the second monitoring program is used for controlling the user terminal to send the monitoring information acquired in real time to the monitoring server.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
performing dual identity authentication according to identity authentication information carried by the authentication instruction; the dual identity authentication comprises AD domain authentication and multi-factor authentication;
and if the identity authentication information is matched with the reserved authentication information, determining that the identity authentication is passed.
In one embodiment, the system is a medical system, and the bastion machine, the monitoring server and the user terminal are all located in a hospital.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
receiving an authentication instruction, and performing identity authentication according to identity authentication information carried in the authentication instruction;
if the identity authentication is determined to pass, acquiring historical monitoring information of each user terminal from the monitoring server; the historical monitoring information comprises the running state of the user terminal in a preset historical time period;
maintaining the target user terminal through the fort machine; and the target user terminal is the user terminal with the fault determined by the user according to the historical monitoring information.
In one embodiment, the system further comprises a VPN server; the computer program when executed by the processor further realizes the steps of:
virtual network addresses are distributed to the bastion machine, the monitoring server and the user terminals through the VPN server, and the virtual network addresses corresponding to the user terminals are stored in the bastion machine and the monitoring server.
In one embodiment, the computer program when executed by the processor further performs the steps of:
receiving a maintenance instruction input by a user; the maintenance instruction comprises a terminal identifier and maintenance operation of the target user terminal;
and remotely accessing the target user terminal through the bastion machine and executing maintenance operation.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and recording the maintenance process of the target user terminal by adopting a fortress machine, and generating a system log.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and monitoring the running state of each user terminal through the monitoring server to obtain the monitoring information corresponding to each user terminal.
In one embodiment, the computer program when executed by the processor further performs the steps of:
operating a first monitoring program pre-installed in a monitoring server; the first monitoring program is used for controlling the monitoring server to poll each user terminal to obtain monitoring information collected by each user terminal in real time;
or, operating a second monitoring program pre-installed in each user terminal; the second monitoring program is used for controlling the user terminal to send the monitoring information acquired in real time to the monitoring server.
In one embodiment, the computer program when executed by the processor further performs the steps of:
performing dual identity authentication according to identity authentication information carried by the authentication instruction; the dual identity authentication comprises AD domain authentication and multi-factor authentication;
and if the identity authentication information is matched with the reserved authentication information, determining that the identity authentication is passed.
In one embodiment, the system is a medical system, and the bastion machine, the monitoring server and the user terminal are all located in a hospital.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (11)
1. A system maintenance method, wherein the system includes a bastion machine, a monitoring server, and a plurality of user terminals, the method comprising:
receiving an authentication instruction, and performing identity authentication according to identity authentication information carried in the authentication instruction;
if the identity authentication is determined to pass, acquiring historical monitoring information of each user terminal from the monitoring server; the historical monitoring information comprises the running state of the user terminal in a preset historical time period;
maintaining the target user terminal through the fort machine; and the target user terminal is a user terminal which is determined by the user according to the historical monitoring information and has a fault.
2. The method of claim 1, wherein the system further comprises a VPN server; prior to the receiving the authentication instruction, the method further comprises:
distributing virtual network addresses for the bastion machine, the monitoring server and the user terminals through the VPN server, and storing the virtual network addresses corresponding to the user terminals into the bastion machine and the monitoring server.
3. The method of claim 2, wherein the performing maintenance on the target user terminal by the bastion machine comprises:
receiving a maintenance instruction input by a user; the maintenance instruction comprises a terminal identifier and maintenance operation of the target user terminal;
and remotely accessing the target user terminal through the bastion machine and executing the maintenance operation.
4. The method of claim 3, further comprising:
and recording the maintenance process of the target user terminal by adopting the bastion machine, and generating a system log.
5. The method of claim 2, further comprising:
and monitoring the running state of each user terminal through the monitoring server to obtain the monitoring information corresponding to each user terminal.
6. The method according to claim 5, wherein the monitoring the operation state of each of the user terminals by the monitoring server to obtain the monitoring information corresponding to each of the user terminals comprises:
operating a first monitoring program pre-installed in the monitoring server; the first monitoring program is used for controlling the monitoring server to poll each user terminal to obtain monitoring information acquired by each user terminal in real time;
or, operating a second monitoring program pre-installed in each user terminal; and the second monitoring program is used for controlling the user terminal to send the monitoring information acquired in real time to the monitoring server.
7. The method according to claim 1, wherein the performing identity authentication according to the identity authentication information carried in the authentication instruction comprises:
performing dual identity authentication according to identity authentication information carried by the authentication instruction; the dual identity authentication comprises AD domain authentication and multi-factor authentication;
and if the identity authentication information is matched with the reserved authentication information, determining that the identity authentication is passed.
8. The method of any one of claims 1-7, wherein the system is a medical system, and the bastion machine, the monitoring server and the user terminal are all located in a hospital.
9. A system maintenance apparatus, the system including a bastion machine, a monitoring server and a plurality of user terminals, the apparatus comprising:
the identity authentication module is used for receiving an authentication instruction and authenticating the identity according to identity authentication information carried in the authentication instruction;
a monitoring information obtaining module, configured to obtain, from the monitoring server, historical monitoring information of each user terminal if it is determined that the identity authentication is passed; the historical monitoring information comprises the running state of the user terminal in a preset historical time period;
the maintenance module is used for maintaining the target user terminal through the bastion machine; and the target user terminal is a user terminal which is determined by the user according to the historical monitoring information and has a fault.
10. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 8.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011521241.2A CN112541170A (en) | 2020-12-21 | 2020-12-21 | System maintenance method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011521241.2A CN112541170A (en) | 2020-12-21 | 2020-12-21 | System maintenance method, device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112541170A true CN112541170A (en) | 2021-03-23 |
Family
ID=75019445
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011521241.2A Pending CN112541170A (en) | 2020-12-21 | 2020-12-21 | System maintenance method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112541170A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105967063A (en) * | 2016-05-16 | 2016-09-28 | 上海振华重工电气有限公司 | Failure analyzing and handling system and method of maintenance platform |
| CN107547229A (en) * | 2016-06-29 | 2018-01-05 | 南京联成科技发展股份有限公司 | A kind of implementation method of the safe operation management platform intelligent control based on big data |
| CN109283866A (en) * | 2018-08-14 | 2019-01-29 | 上海市浦东新区公利医院 | Hospital equipment informationization monitoring system |
| CN209250686U (en) * | 2018-12-03 | 2019-08-13 | 贵州电网有限责任公司 | The long-range management and monitoring device of secondary device |
| CN110719276A (en) * | 2019-09-30 | 2020-01-21 | 北京网瑞达科技有限公司 | Network equipment safety access system based on cache password and working method thereof |
| CN210466120U (en) * | 2019-11-05 | 2020-05-05 | 天津安邦科技有限公司 | Secondary water supply grading monitoring system |
-
2020
- 2020-12-21 CN CN202011521241.2A patent/CN112541170A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105967063A (en) * | 2016-05-16 | 2016-09-28 | 上海振华重工电气有限公司 | Failure analyzing and handling system and method of maintenance platform |
| CN107547229A (en) * | 2016-06-29 | 2018-01-05 | 南京联成科技发展股份有限公司 | A kind of implementation method of the safe operation management platform intelligent control based on big data |
| CN109283866A (en) * | 2018-08-14 | 2019-01-29 | 上海市浦东新区公利医院 | Hospital equipment informationization monitoring system |
| CN209250686U (en) * | 2018-12-03 | 2019-08-13 | 贵州电网有限责任公司 | The long-range management and monitoring device of secondary device |
| CN110719276A (en) * | 2019-09-30 | 2020-01-21 | 北京网瑞达科技有限公司 | Network equipment safety access system based on cache password and working method thereof |
| CN210466120U (en) * | 2019-11-05 | 2020-05-05 | 天津安邦科技有限公司 | Secondary water supply grading monitoring system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020259268A1 (en) | Information sharing method, platform, and computing device | |
| US10182078B2 (en) | Selectively enabling and disabling biometric authentication based on mobile device state information | |
| KR101644353B1 (en) | Device, method, and system for controlling access to web objects of a webpage or web-brower application | |
| US9654480B2 (en) | Systems and methods for profiling client devices | |
| CN109150907B (en) | Vehicle-mounted industrial personal computer login method, device, system, computer equipment and medium | |
| US8590025B2 (en) | Techniques for accessing a backup system | |
| EP3876499B1 (en) | Native remote access to target resources using secretless connections | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN105188060A (en) | Mobile terminal-oriented single sign-on (SSO) authentication method and system | |
| CN113079134B (en) | Mobile terminal access method, mobile terminal access device, computer equipment and medium | |
| EP2798774A1 (en) | Method, device, and system for managing user authentication | |
| WO2022247359A1 (en) | Cluster access method and apparatus, electronic device, and medium | |
| CN111901357B (en) | Remote network connection method, system, computer device and storage medium | |
| US9332433B1 (en) | Distributing access and identification tokens in a mobile environment | |
| EP3973423A1 (en) | Computing system and methods providing session access based upon authentication token with different authentication credentials | |
| WO2022035515A1 (en) | Workspace resiliency with multi-feed status resource caching | |
| US20220286435A1 (en) | Dynamic variance mechanism for securing enterprise resources using a virtual private network | |
| US9912520B2 (en) | Techniques for accessing local networks via a virtualized gateway | |
| CN114553571A (en) | Server management method and device, electronic equipment and storage medium | |
| CN112685719B (en) | Single sign-on method, device, system, computer equipment and storage medium | |
| CN112838951B (en) | Operation and maintenance method, device and system of terminal equipment and storage medium | |
| CN113032805A (en) | Data access method and device, electronic equipment and storage medium | |
| CN112560006A (en) | Single sign-on method and system under multi-application system | |
| CN112541170A (en) | System maintenance method, device, computer equipment and storage medium | |
| KR102362327B1 (en) | Method and apparatus for providing virtual desktop environment based on biometric information of user |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |