CN115102987B - Edge equipment management system for banking outlets - Google Patents

Edge equipment management system for banking outlets Download PDF

Info

Publication number
CN115102987B
CN115102987B CN202210687924.8A CN202210687924A CN115102987B CN 115102987 B CN115102987 B CN 115102987B CN 202210687924 A CN202210687924 A CN 202210687924A CN 115102987 B CN115102987 B CN 115102987B
Authority
CN
China
Prior art keywords
edge
equipment
edge device
core network
cloud management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210687924.8A
Other languages
Chinese (zh)
Other versions
CN115102987A (en
Inventor
王晟宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202210687924.8A priority Critical patent/CN115102987B/en
Publication of CN115102987A publication Critical patent/CN115102987A/en
Application granted granted Critical
Publication of CN115102987B publication Critical patent/CN115102987B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/544Buffers; Shared memory; Pipes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2801Broadband local area networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Abstract

The embodiment of the application discloses an edge equipment management system of a banking website. The system comprises: the system comprises a core network arranged on a central side and edge equipment arranged on a network point side, wherein the edge equipment is connected with the core network through the Internet, the edge equipment in each network point side is connected through a local area network, an isolation area is arranged between each edge equipment and the core network, a central cloud management application is arranged in the isolation area, and the core network manages all the edge equipment through the central cloud management application. The system for managing the edge equipment of the banking website provided by the application saves cost due to the adoption of the Internet, is convenient for the wide and rapid deployment of the edge equipment, and can rapidly improve the edge computing power and provide space for the development of business algorithms. Meanwhile, the edge equipment management system of the banking website is suitable for the combination of the Internet and the local area network.

Description

Edge equipment management system for banking outlets
Technical Field
The application relates to the technical field of edge equipment management, in particular to an edge equipment management system of banking outlets.
Background
Some existing open source edge management schemes developed based on a container platform Kubernetes, such as Kubeedge and SuperEdge, can better manage the container operation condition of edge equipment, but mainly aim at local area network development, and are not suitable for the condition of combining the internet and the local area network.
It can be seen that the existing edge device management scheme is not suitable for the case of combining the internet and the local area network.
Disclosure of Invention
In view of the above, an object of the embodiments of the present application is to provide an edge device management system for banking sites, which can solve the problem that the existing edge device management scheme is not suitable for the combination of the internet and the lan.
In order to solve the technical problems, the application is realized as follows:
in a first aspect, an embodiment of the present application provides an edge device management system for a banking website, where the system includes: the system comprises a core network arranged on a central side and edge equipment arranged on a network point side, wherein the edge equipment is connected with the core network through the Internet, the edge equipment in each network point side is connected through a local area network, an isolation area is arranged between each edge equipment and the core network, a central cloud management application is arranged in the isolation area, and the core network manages all the edge equipment through the central cloud management application.
According to a specific embodiment of the present disclosure, the core network builds a Kubernetes cluster, and the core network provides a function of managing the edge device for the central cloud management application through a K8S application programming interface.
According to a specific embodiment of the disclosure, the core network sets a label for each edge device through a node label mechanism, wherein the label comprises a device address label and a device model label, the device address label comprises a branch name, a branch name and a network point name according to a level sequence, and the device model label comprises a device architecture, a device manufacturer and a device model according to the level sequence.
According to one embodiment of the present disclosure, the edge device and the central cloud management application perform bidirectional authentication through SSL protocol.
According to a specific embodiment of the present disclosure, the edge device is further connected to a mirror warehouse, where the mirror warehouse is configured to provide a mirror for the edge device that passes the authentication.
According to one embodiment of the present disclosure, a long connection is established between the edge device and the central cloud management application through websocket protocol.
According to one embodiment of the disclosure, the edge device reports the current state of the edge device and the container running condition to the central cloud management application at first time intervals.
According to a specific embodiment of the disclosure, the central cloud management application further includes an alarm module, where the alarm module is configured to alarm when the node state that is not accessed exceeds a first preset duration after the edge device is deployed.
According to a specific embodiment of the disclosure, the alarm module is further configured to alarm when the service unavailable state exceeds a second preset time after the edge device is deployed, where the second preset time is less than the first preset time.
According to a specific embodiment of the disclosure, the alarm module is further configured to alarm when the memory pressure of the edge device exceeds a first preset value and/or the disk pressure exceeds a second preset value, and exceeds a third preset duration, where the third preset duration is less than the second preset duration.
The system for managing the edge equipment of the banking website provided by the application saves cost due to the adoption of the Internet, is convenient for the wide and rapid deployment of the edge equipment, and can rapidly improve the edge computing power and provide space for the development of business algorithms. Meanwhile, the edge equipment management system of the banking website is suitable for the combination of the Internet and the local area network.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings that are required for the embodiments will be briefly described, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope of the present application. Like elements are numbered alike in the various figures.
Fig. 1 is a schematic structural diagram of an edge device management system of a banking website according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of another edge device management system for banking outlets according to an embodiment of the present application.
Description of main reference numerals:
100-an edge equipment management system of banking outlets; 110-a core network; 120-edge devices; 130-a central cloud management application; 140-mirror warehouse.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments.
The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present application.
The terms "comprises," "comprising," "including," or any other variation thereof, are intended to cover a specific feature, number, step, operation, element, component, or combination of the foregoing, which may be used in various embodiments of the present application, and are not intended to first exclude the presence of or increase the likelihood of one or more other features, numbers, steps, operations, elements, components, or combinations of the foregoing.
Furthermore, the terms "first," "second," "third," and the like are used merely to distinguish between descriptions and should not be construed as indicating or implying relative importance.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which various embodiments of the application belong. The terms (such as those defined in commonly used dictionaries) will be interpreted as having a meaning that is the same as the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein in connection with the various embodiments of the application.
Example 1
Referring to fig. 1, fig. 1 shows a schematic structural diagram of an edge device management system of a banking website according to an embodiment of the present application, and as shown in fig. 1, an edge device management system 100 of a banking website includes:
the core network 110 arranged on the center side and the edge devices 120 arranged on the network point side are connected through the Internet, the edge devices 120 in each network point side are connected through a local area network, an isolation area is arranged between each edge device 120 and the core network 110, a center cloud management application 130 is arranged in the isolation area, and the core network 110 manages all the edge devices 120 through the center cloud management application 130.
Specifically, because of numerous network points of the bank, the cost of constructing a private line network for each network point is high, and meanwhile, also for safety reasons, in the embodiment of the present application, a policy of "network point side local area network- > internet- > core network" is provided, that is, the edge devices 120 in each network point side are connected through the local area network, and the edge devices 120 are connected with the core network 110 through the internet. Because the edge devices and the core network are connected through the internet, the internet connection can be realized through an http (Hyper Text Transfer Protocol) or websocket mode, and therefore, an isolation area is arranged between each edge device and the core network, so that the safety of communication between the edge device and the core network is ensured through the isolation area, and furthermore, a central cloud management application is arranged in the isolation area, and the core network manages all the edge devices through the central cloud management application. It can be understood that when the edge device is connected to the core network through the internet, a gateway is further required to be set to complete the handshake and other functions, and the gateway is not shown in the drawing.
The isolation region, i.e., DMZ, is an abbreviation for english "demilitarized zone". The isolation area is a buffer area between a non-secure system and a secure system, which is set up to solve the problem that an access user of an external network cannot access an internal network server after installing a firewall. The isolation zone is located within a small network area between the enterprise internal network and the external network. Within this small network area, server facilities may be placed that must be disclosed, such as enterprise Web servers, FTP servers, forums, etc. On the other hand, by setting a DMZ area, one more gateway is provided for attacks from the external network than in the general firewall scheme, so that the internal network can be more effectively protected.
It will be appreciated that in general, a bank is provided with a plurality of nodes, and therefore there are a plurality of node sides, 3 node sides are shown in fig. 1, each node side may include a plurality of edge devices, the edge devices in each node side are connected by a local area network, and the edge devices in different node sides are not connected to each other.
The system for managing the edge equipment of the banking website provided by the application saves cost due to the adoption of the Internet, is convenient for the wide and rapid deployment of the edge equipment, and can rapidly improve the edge computing power and provide space for the development of business algorithms. Meanwhile, the edge equipment management system of the banking website is suitable for the combination of the Internet and the local area network.
Example 2
Referring to fig. 2, fig. 2 is a schematic structural diagram of an edge device management system of a banking website according to an embodiment of the present application, as shown in fig. 2, on the basis of embodiment 1, a Kubernetes cluster is built by the core network, and the core network provides a function of managing the edge device for the central cloud management application through a K8S application programming interface.
Specifically, a Kubernetes cluster is a set of node computers that are used to run containerized applications. A cluster includes at least one control plane, and one or more computing machines or nodes. The control plane is responsible for maintaining the expected state of the cluster, such as which application is running and which container mirror is used. The node is then responsible for the actual running of the application and workload. A core advantage of clusters being Kubernetes is the ability to schedule and run containers across a set of machines (whether physical or virtual) internally or in the cloud.
Further, K8S is Kubernetes. The application programming interface, i.e. the API, is an abbreviation of the english "Application Programming Interface", i.e. the engagement of the different components of the software system, only defines one interface, and does not relate to the specific operation of the application in the actual implementation process.
In the embodiment of the application, the core network provides the function of managing the edge equipment for the central cloud management application through the K8S application programming interface, so that the safety of connection between the equipment is ensured.
In an alternative embodiment, in order to achieve reliable management of the edge devices, a label needs to be set on the edge devices, so that the core network sets a label for each edge device through a node label mechanism, the label includes a device address label and a device model label, the device address label includes a branch name, a branch name and a website name in a level order, and the device model label includes a device architecture, a device manufacturer and a device model in a level order.
Specifically, the device address identification includes three levels in order of level: the first level is a branch name; the second level is branch name; the third level is the dot name. For example, the device address of the edge device set in the C-site of B-city of a-province is identified as a-B-C. If some contents are left blank in the bank architecture, the corresponding contents in the equipment address identification are defaults.
It will be appreciated that the edge devices are still in the development stage, and there are x86 architecture and Arm architecture, each of which has advantages and cannot be unified, so the devices are of various types. Further, the device model tag includes three stages in order of level: device architecture, device manufacturer, device model. The equipment architecture can be x86 or arm or other, and equipment manufacturers and equipment models are respectively determined according to actual manufacturers and actual models of equipment. For example, the device address of the edge device with structure arm, device vendor D, device model 000080 is identified as arm-D-000080.
In this way, each of the edge devices has its own unique identity, thereby distinguishing from the other edge identities. When the central cloud management application is deployed, the deployment is performed according to the labels, namely the equipment address label and the equipment model label, so that a certain piece of equipment at a certain website can be accurately controlled, fine granularity control is realized, and further reliable management of the edge equipment is realized.
In an optional implementation manner, in order to ensure the security of the connection of the edge device to the central cloud, the edge device and the central cloud management application perform bidirectional authentication through SSL protocol.
In particular, SSL is an abbreviation for english "Secure Sockets Layer", i.e. secure socket protocol. The SSL protocol is used to ensure the security of data transmission over the Internet, and by using the data Encryption (Encryption) technology, it can be ensured that data will not be intercepted and eavesdropped during the transmission over the network. The SSL protocol can be divided into two layers: SSL recording protocol (SSL Record Protocol), which is built on top of reliable transport protocols (such as TCP), provides support for basic functions such as data encapsulation, compression, encryption, etc. for higher layer protocols; SSL handshake protocol (SSL Handshake Protocol), which is built on SSL recording protocol, is used for identity authentication, negotiation of encryption algorithm, exchange of encryption key, etc. of two communication parties before the actual data transmission starts.
SSL comprises one-way authentication and two-way authentication, and in the embodiment of the application, the two-way authentication is performed between the edge equipment and the central cloud management application through an SSL protocol. The process of mutual authentication generally includes: and the edge equipment sends SSL protocol version number, encryption algorithm type, random number and other information to the central cloud management application. And the central cloud management application returns information such as SSL protocol version numbers, encryption algorithm types, random numbers and the like to the edge equipment, and also returns a certificate of a server side, namely a public key certificate. And the edge equipment uses the information returned by the central cloud management application to verify the validity of the central cloud management application. After the verification is passed, communication is continued, otherwise, communication is terminated. And the edge equipment sends a symmetrical encryption scheme which can be supported by the edge equipment to the central cloud management application for the central cloud management application to select. And the central cloud management application selects an encryption mode with the highest encryption degree from encryption schemes provided by the edge equipment. And the central cloud management application returns the selected encryption scheme to the edge equipment in a plaintext mode. And after receiving an encryption mode returned by the central cloud management application, the edge equipment generates a random code by using the encryption mode, uses the generated random code as a key for symmetric encryption in the communication process, encrypts by using a public key returned by the central cloud management application, and sends the encrypted random code to the central cloud management application. And after receiving the encryption information returned by the edge equipment, the central cloud management application uses the private key of the central cloud management application to decrypt the encryption information to obtain the symmetric encryption key. In the next session, the central cloud management application and the edge device use the password to carry out symmetric encryption, so that the information security in the communication process is ensured.
It can be understood that the edge device and the central cloud management application perform bidirectional authentication through SSL protocol, so that the edge device is ensured not to be connected to a pseudo server to cause data leakage, and meanwhile, the edge device sends a public key to the central cloud management application for verification, and finally uses symmetric encryption for communication, so that only the allowed edge device can join in a cluster, and further, the security of the connection of the edge device to the central cloud management application is ensured.
In an alternative embodiment, a mirror warehouse is also connected to the edge device, and the mirror warehouse is used for providing mirror for the edge device passing authentication.
Specifically, the image repository 140, i.e. the docker repository, is a place where images are stored, and is used to provide a centralized service for storing and distributing images. Further, in order to ensure the security of data transmission, the confidentiality of codes and images is realized, and only the authenticated edge devices can download images through the image warehouse. In the embodiment of the present application, the mirror warehouse 140 is disposed in the isolation area.
In an alternative embodiment, a long connection is established between the edge device and the central cloud management application through websocket protocol.
Specifically, the connection establishment is generally unidirectional, and the edge network point initiates to the central cloud management application, but because the websocket long connection is established, the central cloud management application can also actively initiate the control of the edge network point, wherein the control comprises release deployment, start-stop container and the like.
On the basis, the edge equipment reports the current state of the edge equipment and the running condition of the container to the central cloud management application at intervals of a first time interval.
Specifically, long connection is established between the edge device and the central cloud management application through a websocket protocol, and the edge device reports the current state of the edge device and the running condition of a container to the central cloud management application at intervals of a first time interval, so that the management application can monitor the edge device.
In an optional implementation manner, in order to implement the preliminary operation of the edge device management, the central cloud management application further includes an alarm module, where the alarm module is configured to alarm when the state of the inaccessible node exceeds a first preset duration after the edge device is deployed.
Specifically, the node state, i.e. the unreachable state, is not accessed, which indicates that the edge device has a network problem, so that an alarm needs to be given, and further, the network problem is solved by checking and adopting corresponding technical means.
On the basis, the alarm module is further used for alarming when the service unavailable state exceeds a second preset time after the edge equipment is deployed, wherein the second preset time is smaller than the first preset time.
Further, the unavailable service state, i.e. the notready state, indicates that the edge device has a network problem, so that an alarm needs to be given, and further, by checking, a corresponding technical means is adopted to solve the network problem.
On the basis, the alarm module is further used for alarming when the memory pressure of the edge equipment exceeds a first preset value and/or the disk pressure exceeds a second preset value and exceeds a third preset duration, wherein the third preset duration is smaller than the second preset duration.
Furthermore, as the edge devices are fewer, the threshold values are set for the memory pressure and the disk pressure of the edge devices, so that the operation of other deployments is not influenced when the applications are deployed.
In the embodiment of the present application, the first preset duration, the second preset duration, and the third preset duration are 900s, 600s, and 300s, respectively, and the first preset value and the second preset value are both 70%. It may be appreciated that the first preset duration, the second preset duration, the third preset duration, the first preset value and the second preset value may be set according to actual requirements, and the first preset value and the second preset value may also be different, which is not limited in this embodiment of the present application.
Aiming at the characteristics of banking outlets, a preliminary alarm mechanism is provided through the alarm module, so that the operation of the edge equipment can be realized.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, of the flow diagrams and block diagrams in the figures, which illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules or units in various embodiments of the application may be integrated together to form a single part, or the modules may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a smart phone, a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application.

Claims (8)

1. An edge device management system for a banking outlet, the system comprising: the system comprises a core network arranged on a center side and edge equipment arranged on a network node side, wherein the edge equipment is connected with the core network through the Internet, the edge equipment in each network node side is connected through a local area network, an isolation area is arranged between each edge equipment and the core network, a center cloud management application is arranged in the isolation area, the core network manages all the edge equipment through the center cloud management application, the edge equipment and the center cloud management application perform bidirectional authentication through an SSL protocol, the core network sets a label for each edge equipment through a node label mechanism, the label comprises an equipment address label and an equipment model label, the equipment address label comprises a branch name, a branch name and a network node name in a level sequence, and the equipment model label comprises an equipment architecture, an equipment manufacturer and an equipment model in the level sequence.
2. The system according to claim 1, wherein the core network builds Kubernetes clusters, and the core network provides the function of managing the edge device for the central cloud management application through a K8S application programming interface.
3. The banking point edge device management system of claim 1 wherein the edge device is further connected to a mirror repository for providing a mirror image for the authenticated edge device.
4. The banking point edge device management system of claim 1, wherein a long connection is established between the edge device and the central cloud management application via websocket protocol.
5. The banking website edge device management system of claim 4, wherein the edge device reports a current status of the edge device and container operation to the central cloud management application at first intervals.
6. The banking website edge device management system of claim 1, wherein the central cloud management application further comprises an alarm module for alerting when the node status is not accessed beyond a first preset duration after the edge device is deployed.
7. The system according to claim 6, wherein the alarm module is further configured to alarm when the service unavailable state exceeds a second preset duration after the edge device is deployed, where the second preset duration is less than the first preset duration.
8. The system according to claim 7, wherein the alarm module is further configured to alarm when a time when the memory pressure of the edge device exceeds a first preset value and/or the disk pressure exceeds a second preset value exceeds a third preset duration, where the third preset duration is less than the second preset duration.
CN202210687924.8A 2022-06-16 2022-06-16 Edge equipment management system for banking outlets Active CN115102987B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210687924.8A CN115102987B (en) 2022-06-16 2022-06-16 Edge equipment management system for banking outlets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210687924.8A CN115102987B (en) 2022-06-16 2022-06-16 Edge equipment management system for banking outlets

Publications (2)

Publication Number Publication Date
CN115102987A CN115102987A (en) 2022-09-23
CN115102987B true CN115102987B (en) 2023-10-13

Family

ID=83291197

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210687924.8A Active CN115102987B (en) 2022-06-16 2022-06-16 Edge equipment management system for banking outlets

Country Status (1)

Country Link
CN (1) CN115102987B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350807A (en) * 2007-07-20 2009-01-21 华为技术有限公司 Multiple address space mobile network architecture, method for host information registration and data transmission
CN101645814A (en) * 2008-08-04 2010-02-10 上海华为技术有限公司 Method, equipment and system for enabling access points to access mobile core network
CN103023979A (en) * 2012-11-22 2013-04-03 华中科技大学 Inter-domain communication method of distributed IMS (multimedia subsystem) core net framework
CN109936614A (en) * 2017-12-15 2019-06-25 财团法人工业技术研究院 The migration management method for edge platform server and the user equipment content of taking action
CN112788782A (en) * 2020-12-31 2021-05-11 瑞斯康达科技发展股份有限公司 Small base station, small base station system and small base station system opening method
CN113630383A (en) * 2021-07-08 2021-11-09 付腾瑶 Edge cloud cooperation method and device
CN114139176A (en) * 2021-11-12 2022-03-04 航天新长征大道科技有限公司 Industrial internet core data protection method and system based on state secret
CN114416706A (en) * 2021-12-10 2022-04-29 广州盛原成科技有限公司 Terminal equipment management system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350807A (en) * 2007-07-20 2009-01-21 华为技术有限公司 Multiple address space mobile network architecture, method for host information registration and data transmission
CN101645814A (en) * 2008-08-04 2010-02-10 上海华为技术有限公司 Method, equipment and system for enabling access points to access mobile core network
CN103023979A (en) * 2012-11-22 2013-04-03 华中科技大学 Inter-domain communication method of distributed IMS (multimedia subsystem) core net framework
CN109936614A (en) * 2017-12-15 2019-06-25 财团法人工业技术研究院 The migration management method for edge platform server and the user equipment content of taking action
CN112788782A (en) * 2020-12-31 2021-05-11 瑞斯康达科技发展股份有限公司 Small base station, small base station system and small base station system opening method
CN113630383A (en) * 2021-07-08 2021-11-09 付腾瑶 Edge cloud cooperation method and device
CN114139176A (en) * 2021-11-12 2022-03-04 航天新长征大道科技有限公司 Industrial internet core data protection method and system based on state secret
CN114416706A (en) * 2021-12-10 2022-04-29 广州盛原成科技有限公司 Terminal equipment management system

Also Published As

Publication number Publication date
CN115102987A (en) 2022-09-23

Similar Documents

Publication Publication Date Title
JP7267294B2 (en) Systems and methods for recording device lifecycle transactions as versioned blocks in a blockchain network using transaction connectors and broker services
JP7267293B2 (en) Systems and methods of device identification and blockchain services for enrollment and registration of connected endpoint devices
CN102195957B (en) Resource sharing method, device and system
CN106063183B (en) Method and apparatus for cloud assisted cryptography
CN105027493B (en) Safety moving application connection bus
CN106471783B (en) Via the business system certification and authorization of gateway
CN112491812B (en) Hash updating method and device of block chain all-in-one machine
CN111541552B (en) Block chain all-in-one machine and automatic node adding method and device thereof
US20080049942A1 (en) System and method for secure key distribution to manufactured products
KR20040055674A (en) Method and architecture to provide client session failover
CN106031128B (en) The method and apparatus of mobile device management
CN109067528A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
CN110601855B (en) Root certificate management method and device, electronic equipment and storage medium
CN103780609A (en) Cloud data processing method and device and cloud data security gateway
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN112671735B (en) Data encryption sharing system and method based on block chain and re-encryption
FR3066666A1 (en) METHOD FOR SECURING COMMUNICATION WITHOUT STATE MANAGEMENT
CN103973715A (en) Cloud computing security system and method
CN108111546A (en) A kind of document transmission method and system
CN115550041A (en) Data transmission method and device, computer equipment and storage medium
CN115102987B (en) Edge equipment management system for banking outlets
Brooks et al. Conceptualizing a secure wireless cloud
EP4174702A1 (en) Proxy method, device, and computer-readable storage medium
EP3829101B1 (en) Method for securing data flows between a communication equipment and a remote terminal
CN114666341A (en) Decentralized SDP controller implementation method and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant