CN113259372A - Method for dynamic allocation channel to penetrate intranet to access local system - Google Patents

Method for dynamic allocation channel to penetrate intranet to access local system Download PDF

Info

Publication number
CN113259372A
CN113259372A CN202110620951.9A CN202110620951A CN113259372A CN 113259372 A CN113259372 A CN 113259372A CN 202110620951 A CN202110620951 A CN 202110620951A CN 113259372 A CN113259372 A CN 113259372A
Authority
CN
China
Prior art keywords
channel
server
client
websocket
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110620951.9A
Other languages
Chinese (zh)
Inventor
谢波
唐龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Huoshen Information Technology Co ltd
Original Assignee
Wuhan Huoshen Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Huoshen Information Technology Co ltd filed Critical Wuhan Huoshen Information Technology Co ltd
Priority to CN202110620951.9A priority Critical patent/CN113259372A/en
Publication of CN113259372A publication Critical patent/CN113259372A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a method for dynamically allocating channels to access a local system through an intranet, which comprises the following steps: s100, deploying a server on a public cloud platform, and deploying a client on a local virtualization server; the server side comprises an MQTT server side and a WebSocket server side, wherein the MQTT server side is used for receiving a connection request of a client side, and the WebSocket server side is used for a user to access and configure local network environment resources; s200, configuring an address and verification information pointing to an MQTT server on a client, and establishing a channel A between the client and the server; s300, the server scans available ports of the WebSocket server, sends the available ports to the client through a channel A, and establishes a channel B for the client to be connected with the available ports through a WebSocket protocol. The method of the invention is convenient for enterprises to manage the local area network environment at any time and any place, and can receive abnormal events of the network environment in time, thereby saving time and energy for the enterprises.

Description

Method for dynamic allocation channel to penetrate intranet to access local system
Technical Field
The invention belongs to the technical field of network communication, and particularly relates to a method for accessing a local system by dynamically allocating channels through an intranet.
Background
Currently, most of the management of network devices is limited to local area networks, and access is required through the IP of the network devices. If remote or internet-based access is desired, the device needs to be manually set to an extranet IP or a specific channel. The method can not realize automatic distribution of the remote access channel, can not realize large-batch remote equipment management, and can not audit channel data. Individual suppliers provide a solution for on-cloud management, but are limited to their own network devices, are not compatible with network devices of other suppliers, and have different commands for configuration of network devices of different suppliers, which requires a lot of time for debugging.
Disclosure of Invention
The invention aims to provide a method for accessing a local system by dynamically allocating channels through an intranet, which is convenient for enterprises to manage local network environments anytime and anywhere, can receive abnormal events of the network environments in time and saves time and energy for the enterprises.
In order to achieve the purpose, the invention provides the following technical scheme:
a method for dynamically allocating channels to access a local system through an intranet is characterized by comprising the following steps:
s100, deploying a server on a public cloud platform, and deploying a client on a local virtualization server; the server side comprises an MQTT server side and a WebSocket server side, wherein the MQTT server side is used for receiving a connection request of a client side, and the WebSocket server side is used for a user to access and configure local network environment resources;
s200, configuring an address and verification information pointing to an MQTT server on a client, and establishing a channel A between the client and the server;
s300, the server scans available ports of the WebSocket server, sends the available ports to the client through a channel A, and establishes a channel B for the client to be connected with the available ports through a WebSocket protocol.
Further, initiating a connection with the server on the client comprises:
s301, a client initiates a connection request to a server through a channel A, and after receiving the connection request, the server scans available ports of a WebSocket server and sends the available ports to the client through the channel A;
and S302, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
Further, initiating a connection with the client on the server includes:
s310, the server scans available ports of the WebSocket server and then sends the available ports to the client through a channel A;
and S320, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
Further, the network administrator terminal logs in the network device through the channel B, and issues a command, including:
s410, the terminal accesses the channel B through https, and issues a connection instruction through the channel B;
s420, after receiving the connection instruction, the client starts a Websocket server and establishes an SSH channel D with the network equipment to be connected;
s430, connecting the terminal to the Websocket server through a Websocket protocol, and establishing a channel C in a channel B for issuing an operation instruction;
s440, the terminal issues an operation instruction through the channel C, the client receives the operation instruction on the channel C and forwards the operation instruction to the channel D, and the operation instruction is finally sent to the network equipment through the channel D;
s450, the network equipment receives the instruction and returns the result to the channel D, the client receives the result in the channel D and forwards the result to the channel C, and the terminal finally receives the result of the operation instruction in the channel C.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention uses the MQTT protocol as the channel A, is only used for a small amount of communication between the server and the client, and has the advantages that server resources do not need to be occupied for a long time, the occupied resources are small during each use, and a lot of unnecessary expenses are saved for public clouds.
2. The invention can dynamically allocate the ports required for creating the stable channel B, and the channel B is only used for connecting the client and the server, so that enterprise users can access the data, the site and other information of the server where the client is positioned on the wide area network. The method has the advantages that specific ports do not need to be occupied, and the ports do not need to be manually appointed by a user, so that the flexibility and the stability of the channel are greatly improved.
3. The channel C used by the invention is contained in the channel B, the C completes the sending and forwarding of the instruction, and the B is responsible for connection control. And in the stable channel B, establishing a channel C by using a Websocket protocol, taking the client as a springboard independently from the function of the channel B, and accessing the network equipment in the local area network where the client is positioned.
4. The client can be used as an SSH terminal for enterprise personnel to access, and can also be used as a transit point for accessing a local area network environment, compared with the same type of system in the market, the client can only be accessed and other network equipment where the client is not accessed, and the method has the advantages that the enterprise personnel can realize the operation instruction of a specific function without returning to the local area network environment when the enterprise personnel is not in the local area network environment and the cloud site does not have the required specific function, so that the flexibility and the expandability of the method are greatly improved. The client of the invention can be used as an SSH client, can be used for connecting network equipment, can establish a stable SSH channel (channel D) which can be used immediately and destroyed with the network equipment, and is used for transferring the operation instruction sent from the channel C and forwarding the command execution result in the network equipment to the channel C.
5. The client side is used as a transfer station of the network equipment in the local area network, so that an enterprise does not need to know the authorization information of the network equipment when visiting the network equipment in the local area network, and the security of the network equipment in the cloud is ensured.
Drawings
Fig. 1 is a schematic diagram of establishment of a channel a in the embodiment.
Fig. 2 is a schematic diagram of establishment of channel B (client opens server) in the embodiment.
Fig. 3 is a schematic diagram of establishment of channel B (server opens client) in the embodiment.
Fig. 4 is a schematic diagram of establishment of the passage C, D in the embodiment.
Fig. 5 is a schematic diagram of a network structure in the embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, 2, 3, 4, and 5, a method for dynamically allocating channels to access a local system through an intranet is a process of establishing a channel a, a channel B, a channel C, and a channel D, where:
and (3) a channel A: the instruction channel is used for calling the channel B;
and (3) a channel B: a transmission channel for achieving penetration;
and (3) a channel C: the forwarding channel is used for forwarding the operation instruction to the channel D;
and a channel D: and the SSH channel is used for communication to network equipment and the like.
The method specifically comprises the following steps:
s100, deploying a server on a public cloud platform, and deploying a client on a local virtualization server; the server side comprises an MQTT server side and a WebSocket server side, wherein the MQTT server side is used for receiving a connection request of the client side, and the WebSocket server side is used for a user to access and configure local network environment resources.
S200, establishing a channel A: as shown in fig. 1, an address and verification information pointing to an MQTT server are configured on a client, and a channel a between the client and the server is established; the channel has less dependence on the stability of the network environment and consumes less server resources, but the channel is unstable.
S300, establishing a channel B: the server scans available ports of the WebSocket server, sends the available ports to the client through a channel A, and establishes a channel B for the client to be connected with the available ports through a WebSocket protocol. The connection form of the client and the server includes the following two.
(1) As shown in fig. 2, initiating a connection with a server on a client includes:
s301, a client initiates a connection request to a server through a channel A, and after receiving the connection request, the server scans available ports of a WebSocket server and sends the available ports to the client through the channel A;
and S302, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
(2) As shown in fig. 3, initiating a connection with a client on a server includes:
s310, the server scans available ports of the WebSocket server and then sends the available ports to the client through a channel A;
and S320, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
S400, the network administrator terminal logs in the network equipment through the channel B and issues commands, wherein the commands comprise the steps of establishing a channel C and a channel D:
s410, the terminal (namely the webpage end) accesses the channel B through https, and issues a connection instruction through the channel B;
s420, after receiving the connection instruction, the client starts a Websocket server and establishes an SSH channel D with the network equipment to be connected;
s430, connecting the terminal to the Websocket server through a Websocket protocol, and establishing a channel C in a channel B for issuing an operation instruction;
s440, the terminal issues an operation instruction through the channel C, the client receives the operation instruction on the channel C and forwards the operation instruction to the channel D, and the operation instruction is finally sent to the network equipment through the channel D;
s450, the network equipment receives the instruction and returns the result to the channel D, the client receives the result in the channel D and forwards the result to the channel C, and the terminal finally receives the result of the operation instruction in the channel C.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. A method for dynamically allocating channels to access a local system through an intranet is characterized by comprising the following steps:
s100, deploying a server on a public cloud platform, and deploying a client on a local virtualization server; the server side comprises an MQTT server side and a WebSocket server side, wherein the MQTT server side is used for receiving a connection request of a client side, and the WebSocket server side is used for a user to access and configure local network environment resources;
s200, configuring an address and verification information pointing to an MQTT server on a client, and establishing a channel A between the client and the server;
s300, the server scans available ports of the WebSocket server, sends the available ports to the client through a channel A, and establishes a channel B for the client to be connected with the available ports through a WebSocket protocol.
2. The method of claim 1, wherein initiating a connection with a server on a client comprises:
s301, a client initiates a connection request to a server through a channel A, and after receiving the connection request, the server scans available ports of a WebSocket server and sends the available ports to the client through the channel A;
and S302, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
3. The method of claim 1, wherein initiating a connection with a client on a server comprises:
s310, the server scans available ports of the WebSocket server and then sends the available ports to the client through a channel A;
and S320, after receiving the available port, the client initiates a connection instruction with the server, and is connected to the available port through a WebSocket protocol to establish a channel B.
4. The method according to claim 1, wherein the step of issuing a command by a network administrator terminal logging in a network device through a channel B comprises:
s410, the terminal accesses the channel B through https, and issues a connection instruction through the channel B;
s420, after receiving the connection instruction, the client starts a Websocket server and establishes an SSH channel D with the network equipment to be connected;
s430, connecting the terminal to the Websocket server through a Websocket protocol, and establishing a channel C in a channel B for issuing an operation instruction;
s440, the terminal issues an operation instruction through the channel C, the client receives the operation instruction on the channel C and forwards the operation instruction to the channel D, and the operation instruction is finally sent to the network equipment through the channel D;
s450, the network equipment receives the instruction and returns the result to the channel D, the client receives the result in the channel D and forwards the result to the channel C, and the terminal finally receives the result of the operation instruction in the channel C.
CN202110620951.9A 2021-06-03 2021-06-03 Method for dynamic allocation channel to penetrate intranet to access local system Withdrawn CN113259372A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110620951.9A CN113259372A (en) 2021-06-03 2021-06-03 Method for dynamic allocation channel to penetrate intranet to access local system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110620951.9A CN113259372A (en) 2021-06-03 2021-06-03 Method for dynamic allocation channel to penetrate intranet to access local system

Publications (1)

Publication Number Publication Date
CN113259372A true CN113259372A (en) 2021-08-13

Family

ID=77186290

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110620951.9A Withdrawn CN113259372A (en) 2021-06-03 2021-06-03 Method for dynamic allocation channel to penetrate intranet to access local system

Country Status (1)

Country Link
CN (1) CN113259372A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113949565A (en) * 2021-10-15 2022-01-18 上海谋乐网络科技有限公司 System and method for detecting vulnerability of intranet digital assets
CN115834230A (en) * 2022-12-20 2023-03-21 天翼爱音乐文化科技有限公司 Internal network penetration configuration method, system, equipment and medium
CN116455868A (en) * 2023-03-29 2023-07-18 成都康胜思科技有限公司 Integrated service system based on universal domain name resolution and private protocol intranet penetration

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113949565A (en) * 2021-10-15 2022-01-18 上海谋乐网络科技有限公司 System and method for detecting vulnerability of intranet digital assets
CN113949565B (en) * 2021-10-15 2023-10-27 上海谋乐网络科技有限公司 System and method for detecting vulnerability of intranet digital assets
CN115834230A (en) * 2022-12-20 2023-03-21 天翼爱音乐文化科技有限公司 Internal network penetration configuration method, system, equipment and medium
CN115834230B (en) * 2022-12-20 2024-05-28 天翼爱音乐文化科技有限公司 Internal network penetration configuration method, system, equipment and medium
CN116455868A (en) * 2023-03-29 2023-07-18 成都康胜思科技有限公司 Integrated service system based on universal domain name resolution and private protocol intranet penetration
CN116455868B (en) * 2023-03-29 2023-11-07 成都康胜思科技有限公司 Integrated service system based on universal domain name resolution and private protocol intranet penetration

Similar Documents

Publication Publication Date Title
CN113259372A (en) Method for dynamic allocation channel to penetrate intranet to access local system
US11075821B2 (en) Method and apparatus for managing field device based on cloud server
CN105025044B (en) A kind of apparatus control method and system
CN107528891B (en) Websocket-based automatic clustering method and system
US20050108709A1 (en) Method and apparatus for accessing and managing virtual machines
CN105933198A (en) Device for establishing direct connection VPN tunnel
CN105119787B (en) A kind of public internet access system and method based on software definition
CN111083177B (en) Cross-domain collaborative interaction method based on collaborative gateway
CN105376299A (en) A network communication method, an apparatus and a network attached storage apparatus
CN106603352B (en) System and method for managing load balance of smart home user and application server
CN110311894A (en) A kind of method that local area network internal dynamic penetrates
CN112073244A (en) TR069 protocol-based message processing method and system
CN102170366B (en) Method, device and system for communicating with single board
CN105471963A (en) Mobile device management method and system based on cloud platform
CN101741556B (en) Method and system for accessing Internet
CN102983988B (en) A kind of proxy for equipment device and network administration apparatus
CN109587028A (en) A kind of method and apparatus controlling client traffic
CN111182071A (en) Method for intranet penetration and service release
CN104780230A (en) Method of automatically acquiring cloud server IP address, system and cloud system
CN107846609A (en) Control room real-time data transmission methods, devices and systems
CN112367297B (en) Service control method and device
CN105188087A (en) Business communication method and system based on short message gateway
CN101170502B (en) A method and system for realizing mutual access between stacking members
CN116527733A (en) Differentiated control method, device, equipment and storage of user terminal
CN113709163A (en) Method and system for realizing remote operation of computer based on wireless terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210813

WW01 Invention patent application withdrawn after publication