CN113259372A - Method for dynamic allocation channel to penetrate intranet to access local system - Google Patents
Method for dynamic allocation channel to penetrate intranet to access local system Download PDFInfo
- Publication number
- CN113259372A CN113259372A CN202110620951.9A CN202110620951A CN113259372A CN 113259372 A CN113259372 A CN 113259372A CN 202110620951 A CN202110620951 A CN 202110620951A CN 113259372 A CN113259372 A CN 113259372A
- Authority
- CN
- China
- Prior art keywords
- channel
- server
- client
- websocket
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a method for dynamically allocating channels to access a local system through an intranet, which comprises the following steps: s100, deploying a server on a public cloud platform, and deploying a client on a local virtualization server; the server side comprises an MQTT server side and a WebSocket server side, wherein the MQTT server side is used for receiving a connection request of a client side, and the WebSocket server side is used for a user to access and configure local network environment resources; s200, configuring an address and verification information pointing to an MQTT server on a client, and establishing a channel A between the client and the server; s300, the server scans available ports of the WebSocket server, sends the available ports to the client through a channel A, and establishes a channel B for the client to be connected with the available ports through a WebSocket protocol. The method of the invention is convenient for enterprises to manage the local area network environment at any time and any place, and can receive abnormal events of the network environment in time, thereby saving time and energy for the enterprises.
Description
Technical Field
The invention belongs to the technical field of network communication, and particularly relates to a method for accessing a local system by dynamically allocating channels through an intranet.
Background
Currently, most of the management of network devices is limited to local area networks, and access is required through the IP of the network devices. If remote or internet-based access is desired, the device needs to be manually set to an extranet IP or a specific channel. The method can not realize automatic distribution of the remote access channel, can not realize large-batch remote equipment management, and can not audit channel data. Individual suppliers provide a solution for on-cloud management, but are limited to their own network devices, are not compatible with network devices of other suppliers, and have different commands for configuration of network devices of different suppliers, which requires a lot of time for debugging.
Disclosure of Invention
The invention aims to provide a method for accessing a local system by dynamically allocating channels through an intranet, which is convenient for enterprises to manage local network environments anytime and anywhere, can receive abnormal events of the network environments in time and saves time and energy for the enterprises.
In order to achieve the purpose, the invention provides the following technical scheme:
a method for dynamically allocating channels to access a local system through an intranet is characterized by comprising the following steps:
s100, deploying a server on a public cloud platform, and deploying a client on a local virtualization server; the server side comprises an MQTT server side and a WebSocket server side, wherein the MQTT server side is used for receiving a connection request of a client side, and the WebSocket server side is used for a user to access and configure local network environment resources;
s200, configuring an address and verification information pointing to an MQTT server on a client, and establishing a channel A between the client and the server;
s300, the server scans available ports of the WebSocket server, sends the available ports to the client through a channel A, and establishes a channel B for the client to be connected with the available ports through a WebSocket protocol.
Further, initiating a connection with the server on the client comprises:
s301, a client initiates a connection request to a server through a channel A, and after receiving the connection request, the server scans available ports of a WebSocket server and sends the available ports to the client through the channel A;
and S302, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
Further, initiating a connection with the client on the server includes:
s310, the server scans available ports of the WebSocket server and then sends the available ports to the client through a channel A;
and S320, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
Further, the network administrator terminal logs in the network device through the channel B, and issues a command, including:
s410, the terminal accesses the channel B through https, and issues a connection instruction through the channel B;
s420, after receiving the connection instruction, the client starts a Websocket server and establishes an SSH channel D with the network equipment to be connected;
s430, connecting the terminal to the Websocket server through a Websocket protocol, and establishing a channel C in a channel B for issuing an operation instruction;
s440, the terminal issues an operation instruction through the channel C, the client receives the operation instruction on the channel C and forwards the operation instruction to the channel D, and the operation instruction is finally sent to the network equipment through the channel D;
s450, the network equipment receives the instruction and returns the result to the channel D, the client receives the result in the channel D and forwards the result to the channel C, and the terminal finally receives the result of the operation instruction in the channel C.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention uses the MQTT protocol as the channel A, is only used for a small amount of communication between the server and the client, and has the advantages that server resources do not need to be occupied for a long time, the occupied resources are small during each use, and a lot of unnecessary expenses are saved for public clouds.
2. The invention can dynamically allocate the ports required for creating the stable channel B, and the channel B is only used for connecting the client and the server, so that enterprise users can access the data, the site and other information of the server where the client is positioned on the wide area network. The method has the advantages that specific ports do not need to be occupied, and the ports do not need to be manually appointed by a user, so that the flexibility and the stability of the channel are greatly improved.
3. The channel C used by the invention is contained in the channel B, the C completes the sending and forwarding of the instruction, and the B is responsible for connection control. And in the stable channel B, establishing a channel C by using a Websocket protocol, taking the client as a springboard independently from the function of the channel B, and accessing the network equipment in the local area network where the client is positioned.
4. The client can be used as an SSH terminal for enterprise personnel to access, and can also be used as a transit point for accessing a local area network environment, compared with the same type of system in the market, the client can only be accessed and other network equipment where the client is not accessed, and the method has the advantages that the enterprise personnel can realize the operation instruction of a specific function without returning to the local area network environment when the enterprise personnel is not in the local area network environment and the cloud site does not have the required specific function, so that the flexibility and the expandability of the method are greatly improved. The client of the invention can be used as an SSH client, can be used for connecting network equipment, can establish a stable SSH channel (channel D) which can be used immediately and destroyed with the network equipment, and is used for transferring the operation instruction sent from the channel C and forwarding the command execution result in the network equipment to the channel C.
5. The client side is used as a transfer station of the network equipment in the local area network, so that an enterprise does not need to know the authorization information of the network equipment when visiting the network equipment in the local area network, and the security of the network equipment in the cloud is ensured.
Drawings
Fig. 1 is a schematic diagram of establishment of a channel a in the embodiment.
Fig. 2 is a schematic diagram of establishment of channel B (client opens server) in the embodiment.
Fig. 3 is a schematic diagram of establishment of channel B (server opens client) in the embodiment.
Fig. 4 is a schematic diagram of establishment of the passage C, D in the embodiment.
Fig. 5 is a schematic diagram of a network structure in the embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, 2, 3, 4, and 5, a method for dynamically allocating channels to access a local system through an intranet is a process of establishing a channel a, a channel B, a channel C, and a channel D, where:
and (3) a channel A: the instruction channel is used for calling the channel B;
and (3) a channel B: a transmission channel for achieving penetration;
and (3) a channel C: the forwarding channel is used for forwarding the operation instruction to the channel D;
and a channel D: and the SSH channel is used for communication to network equipment and the like.
The method specifically comprises the following steps:
s100, deploying a server on a public cloud platform, and deploying a client on a local virtualization server; the server side comprises an MQTT server side and a WebSocket server side, wherein the MQTT server side is used for receiving a connection request of the client side, and the WebSocket server side is used for a user to access and configure local network environment resources.
S200, establishing a channel A: as shown in fig. 1, an address and verification information pointing to an MQTT server are configured on a client, and a channel a between the client and the server is established; the channel has less dependence on the stability of the network environment and consumes less server resources, but the channel is unstable.
S300, establishing a channel B: the server scans available ports of the WebSocket server, sends the available ports to the client through a channel A, and establishes a channel B for the client to be connected with the available ports through a WebSocket protocol. The connection form of the client and the server includes the following two.
(1) As shown in fig. 2, initiating a connection with a server on a client includes:
s301, a client initiates a connection request to a server through a channel A, and after receiving the connection request, the server scans available ports of a WebSocket server and sends the available ports to the client through the channel A;
and S302, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
(2) As shown in fig. 3, initiating a connection with a client on a server includes:
s310, the server scans available ports of the WebSocket server and then sends the available ports to the client through a channel A;
and S320, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
S400, the network administrator terminal logs in the network equipment through the channel B and issues commands, wherein the commands comprise the steps of establishing a channel C and a channel D:
s410, the terminal (namely the webpage end) accesses the channel B through https, and issues a connection instruction through the channel B;
s420, after receiving the connection instruction, the client starts a Websocket server and establishes an SSH channel D with the network equipment to be connected;
s430, connecting the terminal to the Websocket server through a Websocket protocol, and establishing a channel C in a channel B for issuing an operation instruction;
s440, the terminal issues an operation instruction through the channel C, the client receives the operation instruction on the channel C and forwards the operation instruction to the channel D, and the operation instruction is finally sent to the network equipment through the channel D;
s450, the network equipment receives the instruction and returns the result to the channel D, the client receives the result in the channel D and forwards the result to the channel C, and the terminal finally receives the result of the operation instruction in the channel C.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (4)
1. A method for dynamically allocating channels to access a local system through an intranet is characterized by comprising the following steps:
s100, deploying a server on a public cloud platform, and deploying a client on a local virtualization server; the server side comprises an MQTT server side and a WebSocket server side, wherein the MQTT server side is used for receiving a connection request of a client side, and the WebSocket server side is used for a user to access and configure local network environment resources;
s200, configuring an address and verification information pointing to an MQTT server on a client, and establishing a channel A between the client and the server;
s300, the server scans available ports of the WebSocket server, sends the available ports to the client through a channel A, and establishes a channel B for the client to be connected with the available ports through a WebSocket protocol.
2. The method of claim 1, wherein initiating a connection with a server on a client comprises:
s301, a client initiates a connection request to a server through a channel A, and after receiving the connection request, the server scans available ports of a WebSocket server and sends the available ports to the client through the channel A;
and S302, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
3. The method of claim 1, wherein initiating a connection with a client on a server comprises:
s310, the server scans available ports of the WebSocket server and then sends the available ports to the client through a channel A;
and S320, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
4. The method according to claim 1, wherein the step of issuing a command by a network administrator terminal logging in a network device through a channel B comprises:
s410, the terminal accesses the channel B through https, and issues a connection instruction through the channel B;
s420, after receiving the connection instruction, the client starts a Websocket server and establishes an SSH channel D with the network equipment to be connected;
s430, connecting the terminal to the Websocket server through a Websocket protocol, and establishing a channel C in a channel B for issuing an operation instruction;
s440, the terminal issues an operation instruction through the channel C, the client receives the operation instruction on the channel C and forwards the operation instruction to the channel D, and the operation instruction is finally sent to the network equipment through the channel D;
s450, the network equipment receives the instruction and returns the result to the channel D, the client receives the result in the channel D and forwards the result to the channel C, and the terminal finally receives the result of the operation instruction in the channel C.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110620951.9A CN113259372A (en) | 2021-06-03 | 2021-06-03 | Method for dynamic allocation channel to penetrate intranet to access local system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110620951.9A CN113259372A (en) | 2021-06-03 | 2021-06-03 | Method for dynamic allocation channel to penetrate intranet to access local system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113259372A true CN113259372A (en) | 2021-08-13 |
Family
ID=77186290
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110620951.9A Withdrawn CN113259372A (en) | 2021-06-03 | 2021-06-03 | Method for dynamic allocation channel to penetrate intranet to access local system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113259372A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113949565A (en) * | 2021-10-15 | 2022-01-18 | 上海谋乐网络科技有限公司 | System and method for detecting vulnerability of intranet digital assets |
CN115834230A (en) * | 2022-12-20 | 2023-03-21 | 天翼爱音乐文化科技有限公司 | Internal network penetration configuration method, system, equipment and medium |
CN116455868A (en) * | 2023-03-29 | 2023-07-18 | 成都康胜思科技有限公司 | Integrated service system based on universal domain name resolution and private protocol intranet penetration |
-
2021
- 2021-06-03 CN CN202110620951.9A patent/CN113259372A/en not_active Withdrawn
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113949565A (en) * | 2021-10-15 | 2022-01-18 | 上海谋乐网络科技有限公司 | System and method for detecting vulnerability of intranet digital assets |
CN113949565B (en) * | 2021-10-15 | 2023-10-27 | 上海谋乐网络科技有限公司 | System and method for detecting vulnerability of intranet digital assets |
CN115834230A (en) * | 2022-12-20 | 2023-03-21 | 天翼爱音乐文化科技有限公司 | Internal network penetration configuration method, system, equipment and medium |
CN115834230B (en) * | 2022-12-20 | 2024-05-28 | 天翼爱音乐文化科技有限公司 | Internal network penetration configuration method, system, equipment and medium |
CN116455868A (en) * | 2023-03-29 | 2023-07-18 | 成都康胜思科技有限公司 | Integrated service system based on universal domain name resolution and private protocol intranet penetration |
CN116455868B (en) * | 2023-03-29 | 2023-11-07 | 成都康胜思科技有限公司 | Integrated service system based on universal domain name resolution and private protocol intranet penetration |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113259372A (en) | Method for dynamic allocation channel to penetrate intranet to access local system | |
US11075821B2 (en) | Method and apparatus for managing field device based on cloud server | |
CN105025044B (en) | A kind of apparatus control method and system | |
CN107528891B (en) | Websocket-based automatic clustering method and system | |
US20050108709A1 (en) | Method and apparatus for accessing and managing virtual machines | |
CN105933198A (en) | Device for establishing direct connection VPN tunnel | |
CN105119787B (en) | A kind of public internet access system and method based on software definition | |
CN111083177B (en) | Cross-domain collaborative interaction method based on collaborative gateway | |
CN105376299A (en) | A network communication method, an apparatus and a network attached storage apparatus | |
CN106603352B (en) | System and method for managing load balance of smart home user and application server | |
CN110311894A (en) | A kind of method that local area network internal dynamic penetrates | |
CN112073244A (en) | TR069 protocol-based message processing method and system | |
CN102170366B (en) | Method, device and system for communicating with single board | |
CN105471963A (en) | Mobile device management method and system based on cloud platform | |
CN101741556B (en) | Method and system for accessing Internet | |
CN102983988B (en) | A kind of proxy for equipment device and network administration apparatus | |
CN109587028A (en) | A kind of method and apparatus controlling client traffic | |
CN111182071A (en) | Method for intranet penetration and service release | |
CN104780230A (en) | Method of automatically acquiring cloud server IP address, system and cloud system | |
CN107846609A (en) | Control room real-time data transmission methods, devices and systems | |
CN112367297B (en) | Service control method and device | |
CN105188087A (en) | Business communication method and system based on short message gateway | |
CN101170502B (en) | A method and system for realizing mutual access between stacking members | |
CN116527733A (en) | Differentiated control method, device, equipment and storage of user terminal | |
CN113709163A (en) | Method and system for realizing remote operation of computer based on wireless terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210813 |
|
WW01 | Invention patent application withdrawn after publication |