CN115701181A

CN115701181A - Node scheduling method, device, medium and equipment

Info

Publication number: CN115701181A
Application number: CN202110877013.7A
Authority: CN
Inventors: 王锦昌
Original assignee: Guizhou Baishancloud Technology Co Ltd
Current assignee: Guizhou Baishancloud Technology Co Ltd
Priority date: 2021-07-31
Filing date: 2021-07-31
Publication date: 2023-02-07
Also published as: WO2023011291A1

Abstract

The application relates to a node scheduling method, a node scheduling device, a node scheduling medium and a node scheduling device, which are applied to a central controller, wherein the method comprises the following steps: receiving an access request sent by a target terminal, wherein the access request comprises user identity information and current position information of the target terminal; determining a target access node corresponding to a target terminal according to at least one preselected access node corresponding to the current position information; and sending access information of the target access node to the target terminal, and sending user identity information to the target access node, so that the target access node receives a connection request of the target terminal, and verifying the target terminal according to the user identity information to establish connection. The user sends an access request to the central controller through the terminal equipment, the central controller selects a target access node for the user terminal, and the user does not need to manually select or switch the access node, so that the access efficiency is improved, and the service popularization is facilitated.

Description

Node scheduling method, device, medium and equipment

Technical Field

The present application relates to the field of network technologies, and in particular, to a method, an apparatus, a system, a medium, and a device for node scheduling.

Background

A remote access system, such as a remote mobile office access system, may have multiple access nodes in multiple regions, and a mobile terminal may select the closest access node to access the system and access applications within the system. In the current solution, a user actively configures configuration information of an access node, such as a node address, an authentication protocol, a password, a key, and the like, at a mobile terminal to request to establish a connection with a specified access node. However, the above method has complicated configuration steps and low access efficiency. Therefore, how to improve the access efficiency of the remote access system and ensure the user experience becomes a technical problem to be solved urgently.

Disclosure of Invention

In order to overcome the problems in the related art, the present application provides a node scheduling method, apparatus, medium, and device.

According to a first aspect of the present application, there is provided a node scheduling method, applied to a central controller, including:

receiving an access request sent by a target terminal, wherein the access request comprises user identity information and current position information of the target terminal;

determining a target access node corresponding to the target terminal according to at least one preselected access node corresponding to the current position information;

and sending the access information of the target access node to the target terminal, and sending the user identity information to the target access node so that the target access node receives the connection request of the target terminal, and verifying the target terminal according to the user identity information to establish connection.

According to another aspect of the present application, a node scheduling method is provided, where the node scheduling method is applied to a terminal device, and includes:

sending an access request to a central controller, wherein the access request comprises user identity information and current position information of a current terminal;

receiving access information of a target access node sent by the central controller, wherein the target access node is determined by the central controller according to the current position information;

and sending a connection request to the target access node according to the access information of the target access node so that the target access node verifies the current terminal according to the user identity information to establish connection.

According to another aspect of the present application, there is provided a node scheduling apparatus, which is applied to a central controller, and includes:

the system comprises a request receiving module, a request sending module and a request receiving module, wherein the request receiving module is used for receiving an access request sent by a target terminal, and the access request comprises user identity information and current position information of the target terminal;

a target access node determining module, configured to determine a target access node corresponding to the target terminal according to at least one preselected access node corresponding to the current location information;

and the scheduling module is used for sending the access information of the target access node to the target terminal and sending the user identity information to the target access node so that the target access node receives the connection request of the target terminal and verifies the target terminal according to the user identity information to establish connection.

According to another aspect of the present application, there is provided a node scheduling apparatus, which is applied to a terminal device, and includes:

a request sending module, configured to send an access request to a central controller, where the access request includes user identity information and current location information of a current terminal;

a scheduling information receiving module, configured to receive access information of a target access node sent by the central controller, where the target access node is determined by the central controller according to the current location information;

and the connection module is used for sending a connection request to the target access node according to the access information of the target access node so that the target access node verifies the current terminal according to the user identity information to establish connection.

According to another aspect of the present application, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed, implements the steps of the node scheduling method as in the above embodiments.

According to another aspect of the present application, there is provided a computer device, comprising a processor, a memory and a computer program stored on the memory, wherein the processor when executing the computer program realizes the steps of the node scheduling method according to the above embodiments.

By arranging the central controller, the user terminal can determine the target access node for the target terminal by only sending the access request to the central controller when the user terminal needs to access the remote access system, the terminal equipment does not need to store the configuration information of all the access nodes, and the user can realize connection without complicated configuration steps, so that the access efficiency of the remote access system is improved, and the user experience is guaranteed.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application. In the drawings:

fig. 1 is a diagram illustrating a remote access system architecture in accordance with an exemplary embodiment.

Fig. 2 is a flow chart illustrating a method of node scheduling in accordance with an example embodiment.

Fig. 3 is a flow chart illustrating a method of node scheduling in accordance with an exemplary embodiment.

Fig. 4 is a block diagram illustrating a node scheduling apparatus according to an example embodiment.

Fig. 5 is a block diagram illustrating a node scheduling apparatus according to an example embodiment.

FIG. 6 is a block diagram illustrating a computer device according to an example embodiment.

Detailed Description

To make the objects, technical solutions and advantages of the embodiments herein clearer, the technical solutions in the embodiments herein will be clearly and completely described below with reference to the drawings in the embodiments herein, and it is obvious that the described embodiments are some, but not all of the embodiments herein. All other embodiments, which can be derived by a person skilled in the art from the embodiments herein without making any creative effort, shall fall within the scope of protection. It should be noted that the embodiments and features of the embodiments in the present disclosure may be arbitrarily combined with each other without conflict.

In the related art, a user accesses an application in a system using a remote access system (e.g., a remote mobile office access system, etc.), and generally, the user requests to establish a connection with a specified access node by manually configuring information of the access node (the information of the node includes, but is not limited to, a node address, an authentication protocol, a password, a key, an encryption algorithm, etc.) in a mobile terminal device, and after performing identity verification by an authentication server, establishes a tunnel connection between the mobile terminal and the specified access node, thereby accessing the application in the system. When a user has a plurality of access nodes in an area, the connected access nodes are failed or the network quality is reduced, and other access nodes need to be switched, the user needs to manually switch and reassign the access nodes. In order for a user to switch between all available access nodes, the user mobile needs to store the profiles of all available access nodes. The process of manually switching the access node is not only low in efficiency, but also not friendly to non-technical personnel, and is not beneficial to popularization of services. Each access node needs to maintain the security policy information of all users, and when the security policy information needs to be adjusted, the security policy information of the access nodes needs to be updated in the whole network. In addition, the authentication server only carries out one-time verification when the mobile terminal is accessed, the verification process is not carried out again, after the user identity is verified, the user can access the internal application of the access system and can acquire the network segment of the system intranet, and the access system has serious security loopholes.

In order to solve the above problem, the present application provides a node scheduling method. The architecture of the remote access system in the present application is first introduced.

Fig. 1 shows a remote access system architecture diagram according to an exemplary embodiment of the present application. Referring to fig. 1, the system architecture may include a central controller, a pop point (access node), and terminal devices, which may be connected between the central controller and the pop point, between the central controller and the terminal devices, and between the terminal devices and the pop point through a network, which may include various connection types, such as wired communication links, wireless communication links, and so on.

It should be understood that the number of central controllers, terminal devices, and pop points in fig. 1 are merely illustrative. There may be any number of central controllers, terminal devices, and pop points, as desired for implementation.

A user may use the terminal device to interact with the central controller over a network to receive or transmit information or the like. In a specific application scenario of the present application, a user uses a terminal device to send an access request to a central controller, the central controller may receive the access request, the access request includes user identity information and current location information of the terminal device, and the central controller may determine a target access node corresponding to the terminal device according to at least one preselected access node corresponding to the current location information of the terminal device, then send access information of the target access node to the terminal device, and send the user identity information to the target access node, so that the target access node receives a connection request of the terminal device, and verifies the terminal device according to the user identity information to establish a connection.

The implementation details of the technical solution of the embodiment of the present application are set forth in detail below:

fig. 2 shows a flowchart of a node scheduling method according to an exemplary embodiment of the present application. Referring to fig. 2, the node scheduling method is applied to a central controller, and at least includes steps S21 to S23, and is described in detail as follows:

in step S21, an access request sent by a target terminal is received, where the access request includes user identity information and current location information of the target terminal.

The central controller may be a processing node providing a scheduling service, and may determine an access node corresponding to a user terminal according to an access request of the user terminal and perform feedback to the user terminal. In an example, the central controller may be deployed in an SD-WAN (Software Defined Wide Area Network) to schedule access requests for user terminals in a remote access system, selecting their corresponding target access nodes for access by the user terminals.

The access request may be information for requesting access to a remote access system. In an example, a user may generate an access request by clicking on a particular area on the terminal interface (e.g., an "establish connection" button, etc.). The user terminal can send the access request to the central controller, and the central controller determines the access node corresponding to the user terminal according to the received access request and feeds back the access node to the user terminal so as to connect the user terminal. It should be noted that the target terminal may be a personal computer, or may be at least one of an intelligent terminal device such as a mobile phone, a tablet computer, and a notebook computer.

In an exemplary embodiment of the present application, when requesting to access the remote access system, the target terminal no longer requests the designated access node to establish a connection, but sends an access request to the central controller to request to access the remote access system. In order to facilitate the central controller to schedule the access request of the target terminal, the access request sent by the target terminal includes the user identity information and the current location information of the target terminal. The user identity information is used for the central controller to verify whether the user has the authority to access the remote access system, and the user identity information may include, but is not limited to, a user account number, and multi-factor authentication information (e.g., password information, short message verification code information, fingerprint information, facial recognition information, etc.). The current position information may be latitude and longitude information of the current location of the target terminal, current connected WIFI information, base station information, or a location area, and is used for the central controller to determine the current location area of the target terminal.

In an exemplary embodiment, after receiving the access request sent by the target terminal, the method further includes:

performing identity authentication according to the user identity information;

and if the verification fails, feeding back prompt information for prompting the connection prohibition to the target terminal.

Wherein authentication may be an authentication procedure for determining whether the user has the right to access the remote access system. In an example, after receiving an access request including user identity information, the central controller may compare the user identity information with identity information stored in the central controller locally in advance, and if the user identity information and the identity information match, it indicates that the user has an authority to access the remote access system, and otherwise, it indicates that the user does not have the authority. Such as verifying whether the password is correct or not, or verifying whether the fingerprint information or the face recognition information matches the stored fingerprint information or face information.

In another example, the central controller may also determine whether the user has the right to access the remote access system by looking up whether the user identity information exists in a database. Taking the user identity information as the user account as an example, the central controller may search whether the user account of the target terminal exists in the database, and if the account does not exist in the database, it indicates that the user has the right to access the remote access system, otherwise, it indicates that the user does not have the right.

In this embodiment, if the user identity information fails to pass the authentication, the central controller may feed back prompt information for prompting to prohibit connection to the target terminal. In an example, the prompt message may be to return an error code to the target terminal, for example, may be 404; in another example, the prompt message may also be a text message, such as displaying "connection prohibited" on the terminal interface, etc. A person skilled in the art may select a corresponding prompting manner according to actual implementation needs, which is not limited in this application.

In an exemplary embodiment of the present application, if the user identity information fails to pass the authentication, the user may re-input the user identity information for authentication, and if the user identity information passes the authentication, the target terminal is allowed to access the remote access system. If the authentication information input by the user fails to pass authentication for multiple times (for example, the authentication information exceeds the preset times), the access request of the target terminal is forbidden, so that the malicious user account of another person is prevented from logging in the remote access system, and the safety of the remote access system is ensured.

Therefore, the central controller carries out identity verification through the user identity information, can prevent other people from maliciously connecting the remote access system, and further ensures the safety of the remote access system.

Referring to fig. 2, in step S22, a target access node corresponding to the target terminal is determined according to at least one preselected access node corresponding to the current location information;

in an exemplary embodiment of the present application, information of all access nodes may be stored in the central controller, and the information of the access nodes may include, but is not limited to, domain name information, authentication protocol, longitude and latitude information, regional information (e.g., south China, north China, east China, south China, north China, etc.), maximum supported bandwidth, and the like of each access node. The central controller may determine, according to the current location information of the target terminal, an area where the target terminal is currently located, and then identify at least one access node located in the area as a preselected access node, and the central controller may determine, among the at least one preselected access node, one of the preselected access nodes as a target access node corresponding to the target terminal.

In an example, the central controller may randomly select one of the at least one pre-selected access nodes as the target access node; in another example, the central controller may also determine a preselected access node closest to the target terminal as the target access node; in yet another example, the central controller may also determine a preselected access node with the best quality network connection with the target terminal as the target access node, and so on. Those skilled in the art may select a determination method of the corresponding target access node according to implementation needs, which is not particularly limited in this application.

In step S23, the access information of the target access node is sent to the target terminal, and the user identity information of the target terminal is sent to the target access node, so that the target access node receives the connection request of the target terminal, and verifies the target terminal according to the user identity information to establish connection.

In an exemplary embodiment of the present application, after determining a target access node for a target terminal, the central controller may send access information of the target access node to the target terminal, where the access information of the target access node may include address information (e.g., domain name information or IP address information, etc.) of the target access node. The central controller may return access information of the target access node to the target terminal, and after receiving the access information, the target terminal may initiate a connection request to the target access node according to address information of the target access node, where the connection request may be information for requesting to establish a connection with the target access node.

In addition, the central controller sends the user identity information of the target terminal to the target access node, so that the target access node verifies the target terminal according to the user identity information to establish connection after receiving the connection request of the target terminal. Specifically, in an example, the connection request sent by the target terminal to the target access node may include user identity information, and after receiving the connection request of the target terminal, the target access node may compare the user identity information of the target terminal obtained from the connection request with the user identity information sent by the central controller to the target access node, if the two are the same, the target access node allows connection with the target terminal, and if the two are different, connection is rejected.

In another example, the target access node may also send an authentication request to the target terminal after receiving a connection request of the target terminal, and the target terminal may display an input interface of the user identity information for the user to input after receiving the authentication request. The target terminal can feed back the user identity information received by the input interface to the target access node, so that the target access node compares the fed-back user identity information with the user identity information sent by the central controller in advance, if the two are the same, connection with the target terminal is allowed to be established, and if the two are different, connection is refused.

It should be noted that the connection between the target access node and the target terminal may be a connection of a common protocol, such as a TCP protocol connection and a UDP protocol connection, or may be a tunnel connection, such as a generic routing encapsulation tunnel (GRE) and an internet protocol security tunnel (IPsec), and a person skilled in the art may determine a corresponding connection mode according to an actual implementation requirement, which is not particularly limited in this application.

In an exemplary embodiment of the present application, the access request sent by the target terminal to the central controller may also be a content access request, where the content access request may include content information that the user wants to access, for example, a domain name corresponding to the access node, a domain name corresponding to an internal application, or a URL (Uniform Resource Locator) of a certain Resource. The central controller, upon receiving the content access request, may return 302 redirection information to the target terminal, which may include the IP address of the target access node. So that the target terminal automatically initiates a connection request to the target access node according to the redirection information after receiving 302 the redirection information.

Therefore, according to the embodiment shown in fig. 2, when the user terminal needs to access the remote access system, the user terminal only needs to send an access request to the central controller, and the central controller can determine the target access node for the target terminal to connect the user terminal without manually configuring the related information of the access node by the user, so that the access efficiency is improved, and the user experience is ensured. In addition, the terminal equipment does not need to store the configuration information of all the access nodes, and the storage resource of the terminal equipment is saved. In addition, the terminal can be authenticated for many times in the process of accessing the central controller and the target access node, so that the safety of a remote access system is improved.

Based on the embodiment shown in fig. 2, in an exemplary embodiment of the present application, the sending, by the central controller, the user identity information to the target access node includes:

acquiring a security access control strategy corresponding to user identity information;

and sending the user identity information and the security access control strategy to the target access node.

In this embodiment, the central controller may store a security access control policy corresponding to the user identity information in advance, where the security access control policy is used to perform security access control on resource access corresponding to the user identity information. It should be noted that the security access control policy may include, but is not limited to, an identity control policy and an authority control policy, for example, the security access control policy may include, but is not limited to, a user account, an accessible application, a port number, and the like. The administrator can configure and store the security access control policy corresponding to each user identity information on the central controller (such as portal interface) in advance. For example, a correspondence table between the user identity information and the security access control policy may be generated, and the correspondence table may be subsequently searched according to the user identity information, so as to determine and obtain the security access control policy corresponding to the user identity information.

Therefore, after the central controller determines and acquires the corresponding security access control strategy, the central controller can send the user identity information and the security access control strategy to the target access node. The target access node can perform security access control on the resource access corresponding to the user identity information according to the security access control strategy so as to ensure the security of the system.

As described above, the central controller maintains the security access control policies corresponding to all users, each access node does not need to maintain the information, when the security access control policy corresponding to a certain user needs to be adjusted, the access node in the whole network does not need to be updated, and for a target access node, the user identity information of a target terminal and the corresponding security access policy are received only after the target terminal accesses the system, so that the management of the remote access system is facilitated. In addition, the security access control strategy with the user as the granularity can ensure the pertinence of the security access control strategy, further ensure the security of the system, simultaneously improve the verification speed of the target access node on the target terminal, and simultaneously improve the management flexibility.

Based on the embodiment shown in fig. 2, in an exemplary embodiment of the present application, after obtaining the security access control policy corresponding to the user identity information, the method further includes:

generating policy identification information corresponding to the security access control policy based on the security access control policy;

and respectively sending the strategy identification information to the target terminal and the target access node so that the target access node verifies according to the strategy identification information carried in the application access request after receiving the application access request sent by the target terminal.

In this embodiment, after obtaining the security access control policy corresponding to the user identity information, the central controller may generate policy identification information corresponding to the security access control policy according to the security access control policy, it should be understood that the policy identification information may correspond to the security access control policy one to one, and under the condition that the security access control policies are the same, one policy identification information may also correspond to the security access control policy one to many, which is not particularly limited in this application.

Specifically, in an example, the central controller may perform encryption processing on the security access control policy by using a pre-selected set encryption algorithm to generate policy identification information corresponding to the security access control policy; in another example, the central controller may also generate corresponding number information for the security access control policy as policy identification information. It should be understood that, a person skilled in the art may select one of the above determining manners to determine the corresponding policy identification information generating manner according to actual implementation needs, and may also use other policy identification information generating manners, which is not particularly limited in this application.

It should be noted that the policy identification information may be a character string sequence, such as sdhahakdakjgdkjahd, or a number sequence, such as 2368716163781, which is not limited in this application.

After the central controller generates the policy identification information, the policy identification information may be sent to the target terminal and the target access node, respectively, so as to be stored by the target terminal and the target access node. When a user needs to access a target application, an application access request can be sent to a target access node through a target terminal. The application access request may be information for requesting access to a target application, and the target application may be an internal application set in an intranet or an external application set on a public network, which is not particularly limited in the present application.

Specifically, the application access request may include policy identification information, and when the target access node receives the application access request, the policy identification information included in the application access request may be compared with policy identification information previously sent by the central controller, and if the policy identification information included in the application access request is the same as the policy identification information previously sent by the central controller, the target terminal is a trusted device, and the target access node may access the corresponding target application by using the proxy of the target terminal. If the two are different, the target terminal is represented as an untrusted device, so that the target access node can reject the application access request.

Therefore, verification is carried out based on the strategy identification information, the verification process can be simplified, the safety of a remote access system is guaranteed, the verification efficiency can be improved, and the user experience is guaranteed. Meanwhile, the target access node proxies the target terminal to access the target application, so that the target terminal cannot know the address information of the target application, and the safety of the target application is ensured.

In an exemplary embodiment of the present application, after sending the policy identification information to the target terminal and the target access node, the method further includes:

updating the policy identification information;

and respectively sending the updated strategy identification information to the target terminal and the target access node.

In this embodiment, the central controller may update the policy identification information according to the security access control policy, and send the updated policy identification information to the target terminal and the target access node, respectively, so that the target terminal and the target access node continue to verify using the latest policy identification information, maintain the connection between the target terminal and the target access node, and prevent a hacker from attacking the intranet application using the intercepted policy identification information, thereby further enhancing the security of the remote access system.

It should be noted that the central controller may update the policy identification information periodically, for example, every ten minutes, or every thirty minutes, etc.; the central controller may also update the policy identification information at irregular intervals, which is not particularly limited in this application.

Based on the embodiment shown in fig. 2, in an exemplary embodiment of the present application, determining a target access node corresponding to a target terminal according to at least one preselected access node corresponding to an area where current location information is located includes:

determining the area of the target terminal and at least one corresponding preselected access node according to the current position information, and sending a detection task to the target terminal, wherein the detection task is used for indicating the network quality between the detection of the target terminal and each preselected access node;

and identifying the target access node from at least one preselected access node according to the detection result corresponding to each preselected access node reported by the target terminal.

In this embodiment, the central controller determines the area where the target terminal is located according to the current location information of the target terminal, and takes at least one access node corresponding to the area where the target terminal is located as a preselected access node. It should be noted that the central controller may identify all the access nodes corresponding to the area where the central controller is located as the preselected access nodes, and the central controller may also identify some access nodes corresponding to the area where the central controller is located as the preselected access nodes, for example, a predetermined number of access nodes with the smallest load may be selected as the preselected access nodes, or a predetermined number of access nodes with the best network quality may be selected as the preselected access nodes, and so on.

Upon determining the preselected access nodes, the central controller may generate probe tasks that indicate network qualities between the target terminal probe and the preselected access nodes, which may include, but are not limited to, delay, packet loss rate, jitter values, and the like. The central controller sends the detection task to the target terminal so that the target terminal executes the detection task. Specifically, the probe task may include address information of the preselected access nodes, and the target terminal may send a network probe packet to each preselected access node according to the address information of each preselected access node, so as to determine the network quality between the target terminal and each preselected access node to generate a probe result, and then report the probe result to the central controller.

And the central controller receives the detection results corresponding to the preselected access nodes reported by the target terminal, and identifies the target access node from at least one preselected access node according to actual needs. For example, the preselected access node with the lowest delay is identified as the target access node, or the preselected access node with the lowest packet loss rate is identified as the target access node. The connection quality of the identified target access node and the target terminal is ensured, the target terminal is prevented from being connected to the access node with a fault or poor network quality, and the user experience is improved.

In an exemplary embodiment of the present application, identifying a target access node from at least one pre-selected access node according to a detection result corresponding to each pre-selected access node reported by a target terminal includes:

acquiring node state information reported by each preselected access node;

and identifying the target access node from at least one preselected access node according to the detection result corresponding to each preselected access node reported by the target terminal and the node state information corresponding to each preselected access node.

In this embodiment, each preselected access node may report its own node status information to the central controller, where the node status information may be used to describe an operating status of the preselected access node, and for example, the node status information may include, but is not limited to, at least one of a current traffic size and a device load. It should be noted that the preselected access node may report periodically, for example, report once every 5 minutes, and the preselected access node may also report aperiodically, for example, report after the current traffic reaches a certain size, and the like, so as to reduce the occupation of transmission resources, which is not limited in this application.

In practical application, a manager may pre-configure a first weight value corresponding to the detection result and a second weight value corresponding to the node status information in the central controller. It should be understood that the number of the first weight values and the number of the second weight values correspond to the number of the probe items in the probe result and the number of the state items in the node state information, respectively. For example, if the detection result includes delay, packet loss rate, and jitter, the first weight values corresponding to the three are a1, a2, and a3, respectively, and the node state information includes the current traffic size and the device load, the second weight values corresponding to the node state information and the device load are b1 and b2, respectively, and so on.

After the first weight value and the second weight value are obtained, the central controller may determine a connection quality score corresponding to each preselected access node according to a detection result corresponding to each preselected access node reported by the target terminal, the first weight value, node state information corresponding to each preselected access node, and the second weight value. In an example, the central controller may perform weighting and operation according to the detection result, the first weight value, the node state information, and the second weight value, so as to obtain a connection quality score corresponding to each preselected access node. It should be understood that, those skilled in the art may also select other calculation formulas to perform the calculation according to the actual implementation needs, and this application is not limited in this respect.

Therefore, the calculated connection quality value can be used for describing the connection quality between the target terminal and the preselected access node, and the higher the connection quality value is, the higher the connection quality between the target terminal and the preselected access node is, the more smooth the communication is, and the better the user experience is. The central controller may select one of the preselected access nodes as a target access node based on the connection quality scores corresponding to the preselected access nodes. In an example, the central controller may select a preselected access node with the highest connection quality score as the target access node; in another example, the central controller may also randomly select one of a predetermined number of pre-selected access nodes with connection quality scores ranked first as the target access node, for example, may select one of the pre-selected access nodes ranked first five as the target access node after the connection quality scores are ranked from large to small, and so on.

Therefore, the target access node is selected according to the connection quality value, so that the connection quality between the target terminal and the target access node can be ensured, the service quality of the target access node is ensured, and the user experience is further ensured.

In an exemplary embodiment of the present application, after identifying a target access node from at least one pre-selected access node according to a connection quality score corresponding to each pre-selected access node, the method further includes:

receiving network state information reported by a target terminal, wherein the network state information is used for describing the network quality between the target terminal and each preselected access node;

determining whether to replace a target access node according to the network state information;

if so, identifying a new target access node from the at least one pre-selected access node according to the network state information, and instructing the target terminal to connect to the new target access node.

In this embodiment, after the target terminal is connected to the target access node, the target terminal may periodically perform network probing on the preselected access node, acquire the network quality between the target terminal and each preselected access node, and report the network quality as network state information to the central controller. It should be noted that the network status information may include delay, packet loss rate, and jitter. In an example, the network state information may correspond to a detection item of the detection task, so that the central controller may update the connection quality score corresponding to each pre-selected access node according to the network state information reported by the target terminal, to obtain an updated connection quality score. Specifically, the central controller may recalculate the connection quality score corresponding to each preselected access node according to the network state information reported by the target terminal.

The central controller may determine a score change state of the current target access node according to the updated connection quality score, and determine whether to replace the target access node according to the score change state. For example, when the score ranking of the current target access node is decreased by a preset percentage, for example, 10%, if the score ranking of the current target access node is decreased by more than 10% in the preselected access nodes, the target access node is determined to be replaced. At this time, a new target access node may be identified from the preselected access nodes, for example, the preselected access node with the highest score may be identified as the new target access node, and the target terminal may be instructed to connect to the new target access node. Specifically, the central controller may send access information of the new target access node to the target terminal, so that the target terminal establishes a connection with the new target access node according to the access information of the new target access node.

In this embodiment, the central controller monitors the connection quality of the target terminal in real time, and after the connection quality of the current target access node decreases to a certain extent, re-determines a new target access node and instructs the target terminal to connect to the new target access node, thereby ensuring that the target terminal is always connected to the remote access system with higher connection quality. Configuration information of the access node is not required to be actively switched by the user, and user experience is improved.

In an exemplary embodiment of the present application, after sending the access information of the target access node to the target terminal and sending the user identity information to the target access node, the method further includes:

and if the node state information reported by the target access node is not received in the first preset period, identifying a new target access node from at least one preselected access node according to the connection quality score corresponding to each preselected access node so as to establish connection for the target terminal.

In this embodiment, after the central controller sends the access information of the target access node to the target terminal and sends the user identity information to the target access node, the target terminal may initiate a connection request to the target access node and establish a connection. If the central controller does not receive the node state information reported by the target access node in the first preset period, the central controller indicates that the target access node is possible to have network failure, so that the connection between the target terminal and the target access node cannot be completed or the connection quality is reduced. In order to ensure the access quality of the target terminal, the central controller identifies a new target access node according to the connection quality score corresponding to each preselected access node, for example, the access node with the highest connection quality score except the current target access node is identified as the new target access node for the target terminal to establish connection. Even if the network connection quality of the target access node determined for the target terminal fails, the target terminal can be switched to other access nodes with the connection quality meeting the requirement in a first preset period to be connected, and the connection quality of the target terminal is guaranteed.

It should be noted that the first predetermined period may be set by a person skilled in the art according to prior experience, for example, the first predetermined period may be 1min, 5min, or 10 min. The above numerical values are merely exemplary, and the present application is not limited thereto.

Based on the embodiment shown in fig. 2, in an exemplary embodiment of the present application, after sending the access information of the target access node to the target terminal and sending the user identity information to the target access node, the method further includes:

and if the network state information reported by the target terminal is not received in the second preset period, indicating that the target access node is disconnected with the target terminal, wherein the network state information is used for describing the network quality between the target terminal and each preselected access node.

In this embodiment, the target terminal may report the network state information to the central controller periodically, the administrator may set a second predetermined period in the central controller in advance, and if the central controller does not receive the network state information reported by the target terminal in the second predetermined period, it indicates that the target terminal may be disconnected or log out, and the central controller may instruct the target access node to disconnect from the target terminal. Further, the central controller may also instruct the target access node to delete the user identity information and the security access control policy corresponding to the target terminal. Resources of the target access node are saved so that the target access node can better serve other end users.

receiving terminal identification information reported by a target terminal;

and if the currently received terminal identification information is not matched with the target terminal, indicating that the target access node is disconnected with the target terminal.

In this embodiment, the terminal identification information may be information corresponding to the target terminal, and the target terminal corresponding to the terminal identification information may be determined according to the terminal identification information. For example, the terminal identification information may include, but is not limited to, at least one of a traffic size currently used by the terminal, IP information of the terminal, and a terminal device serial number. If the central controller detects that the newly received terminal identification information of the target terminal is not matched with the previously received terminal identification information of the target terminal, the state of the target terminal can be set to be abnormal, and the target access node is indicated to be disconnected with the target terminal, at this moment, the target terminal needs to send an access request to the central controller again, and the remote access system is accessed again. Therefore, when the network environment or the equipment environment of the target terminal is detected to be abnormal, the target terminal is required to be accessed into the remote access system again, the target terminal is required to be authenticated again, and the system safety is improved. In an example, the target terminal may also report the terminal identification information when reporting the network status information, so as to save transmission resources.

Fig. 3 shows a flowchart of a node scheduling method according to an exemplary embodiment of the present application. Referring to fig. 3, the node scheduling method is applied to the terminal device, and the node scheduling method at least includes steps S31 to S33, which are described in detail as follows:

in step S31, an access request is sent to the central controller, where the access request includes the user identity information of the current terminal and the current location information.

In step S32, access information of the target access node sent by the central controller is received, and the target access node is determined by the central controller according to the current location information.

The target access node is determined by the central controller according to the current position information of the terminal equipment, so that the access node is the access node closest to the terminal equipment or the access node with the optimal network quality with the terminal equipment.

In step S33, a connection request is sent to the target access node according to the access information of the target access node, so that the target access node verifies the current terminal according to the user identity information to establish connection.

In this embodiment, a user accesses the remote access system through the terminal device, the terminal device does not need to store configuration information of available access nodes, and can send an access request to the central controller without knowing which access nodes exist, and the user can log in by using the own account number and the multi-factor authentication information of the user only by knowing the address or the URL of the central controller, so that the difficulty of using the remote access system by the user is reduced, and the efficiency is improved.

Meanwhile, when the terminal equipment sends an access request, the access request comprises the user identity information of the current terminal and the current position information of the terminal equipment. The central controller determines an access node with optimal distance or optimal network quality for the terminal equipment, the terminal equipment sends a connection request to the optimal access node, and after the user identity information is verified, connection can be established, so that the connection quality and the access speed of the terminal equipment are ensured.

Based on the embodiment shown in fig. 3, in an exemplary embodiment of the present application, before receiving the access information of the target access node sent by the central controller, the method further includes:

receiving a detection task sent by a central controller, wherein the detection task is used for indicating the network quality between the current terminal detection and each pre-selection access node, and the pre-selection access node corresponds to the area where the current position information is located;

and detecting the network quality between the network and each preselected access node, and feeding back the detection result to the central controller, so that the central controller identifies a target access node from the preselected access nodes according to the detection result.

In the embodiment, after determining the preselected access nodes corresponding to the area where the current position information is located according to the current position information of the current terminal, the central controller sends a detection task to the current terminal to indicate the network quality between the current terminal and each preselected access node for detection, feeds back the detection result to the central controller, and identifies the target access node in the preselected access nodes according to the detection result. Therefore, the identified target access node is the optimal node, the current terminal is further connected to the optimal node to access the application in the remote access system, and the access speed is improved. It should be noted that, the method for determining the target access node may refer to the above contents, and details of the present application are not repeated herein.

In an exemplary embodiment of the present application, after establishing a connection with a target access node, the method further includes:

detecting the network quality between the network and each preselected access node to obtain network state information;

and reporting the network state information and the terminal identification information of the current terminal to the central controller.

In this embodiment, after the current terminal is successfully connected to the target access node, the current terminal may periodically detect the network quality with each preselected node, and report the obtained network state information and the terminal identification information of the current terminal to the central controller. The central controller can monitor the service quality of the current terminal and each preselected node, and when the current terminal is abnormal, the central controller can instruct the current terminal to resubmit the access request; or after the network quality between the current terminal and the target access node is reduced, the central controller can replace the preselected access node with better network quality for the current terminal as the target access node, so that the connection quality of the current terminal is ensured.

Based on the embodiment shown in fig. 3, in an exemplary embodiment of the present application, after the connection is established with the target access node, the method further includes:

receiving policy identification information sent by a central controller, wherein the policy identification information is generated by the central controller according to a security access control policy corresponding to user identity information;

and sending an application access request to the target access node, wherein the application access request comprises the strategy identification information for the target access node to verify.

In this embodiment, the current terminal accesses the target access node in order to access the application in the remote access system through the target access node, and since different users correspond to different access rights, security access control policies of different users are stored in the central controller. For example, user 1 may access application a or an IP address corresponding to application a, and user 2 may access application B or an IP address corresponding to application B. And the security access control strategy of the user is not stored in the target access node, so that the central controller generates corresponding strategy identification information according to the user identity information and sends the strategy identification information to the target access point and the terminal equipment. When sending an application access request to a target access node, a current terminal device needs to carry a policy identifier. After receiving the application access request, the target access node may verify the policy identification information included in the application access request by using the previously received policy identification information, and if the policy identification information and the policy identification information match, the current terminal is a trusted device, and the application access request of the current terminal is allowed; and if the terminal does not accord with the trusted terminal, the current terminal is the untrusted device, and the access is refused.

It should be understood that the application access request may further include domain name information corresponding to the target application, and when the policy identification information in the application access request is verified, the target access node may proxy the application access of the current terminal according to the domain name information corresponding to the target application.

Therefore, verification is carried out based on the strategy identification information, the verification process can be simplified, the safety of a remote access system is guaranteed, the verification efficiency can be improved, and the user experience is guaranteed. Meanwhile, the target access node proxies the target terminal to access the target application, so that the target terminal cannot know the specific address information of the target application, and the safety of the target application is ensured.

Based on the embodiment shown in fig. 3, in an exemplary embodiment of the present application, after establishing a connection with a target access node, the method further includes:

receiving a replacement request for a target access node sent by a central controller, wherein the replacement request comprises access information of a new target access node;

and sending a connection request to the new target access node according to the access information of the new target access node so that the new target access node carries out verification according to the user identity information of the current terminal to establish connection.

In this embodiment, after the current terminal is connected to the target access node, the application in the system is accessed through the target access node, and in this process, if the target access node fails and the network quality between the target access node and the current terminal is reduced to a certain extent, the central controller may replace the target access node in time and send a replacement request to the current terminal, where the replacement request may include access information of a new target access node. The current terminal can send a connection request to a new target access node according to the access information of the new target access node, and establishes connection after the user identity authentication is passed, so that the terminal equipment can be always connected with the access node with better network quality, and can access the application in the system at a higher speed.

and if the target access node is disconnected, sending an access request to the central controller, so that the central controller redistributes a new target access node according to the access request.

In this embodiment, if the current terminal is disconnected from the target access node, it may be that the target access node fails or the network between the current terminal and the target access node is disconnected, or the central controller instructs the target access node to disconnect from the current terminal according to the security policy, the current terminal needs to send an access request to the central controller to reconnect to the remote access system, and the central controller reallocates a new target access node to the current terminal according to the access request.

Based on the technical solution of the above embodiment, a specific application scenario of the embodiment of the present application is introduced as follows:

a company establishes a remote mobile office access system which comprises a central controller and a plurality of remote pop points respectively deployed in the areas of North China, east China and south West China. Each pop point has independent node information such as an IP address, a region to which the pop point belongs, and the like, and the node information of a plurality of remote pop points is stored in the central controller. Meanwhile, employees in the company have own access account numbers and passwords, and security access control strategies are formulated for different employees, so that different employees have the authority to access different specified applications.

For example, the first user only has the right to access the application A, the first user is connected with a company teleworking access system through a mobile phone, after clicking a corresponding APP on the mobile phone, a login interface is displayed, a domain name of a central controller, an own account number and a password are input, then clicking and logging in is carried out, the first mobile phone sends an access request to the central controller, and current positioning information (such as longitude and latitude), a user account number and a user password are carried in the access request.

The central controller firstly inquires a database, checks whether the account number of the first user exists in the database, then verifies whether the user password is correct, and allows the mobile phone of the first user to access the remote mobile office access system after the verification is passed. Further, the central controller assumes a north China area according to the current positioning information, and the area includes 3 pop points, which are pop point 1, pop point 2, and pop point 3. The central controller determines 3 pop points as pre-selected pop points.

And the central controller issues a detection task to the first mobile phone, instructs the first mobile phone to detect the network quality of the 3 pop points, and identifies 2 as a target pop point if the network quality of the pop point 2 is the best.

The central controller sends the IP address of pop point 2 (i.e., access information) to the first handset. And sending the account information of the first and the security access control strategy corresponding to the account information of the first to the pop point 2. And after receiving the access information of the pop point 2, the mobile phone of the first automatically sends a connection request to the pop point 2. And the pop point 2 inquires that the account information of the first in the connection request is consistent with the received account information of the first, and the mobile phone of the first is allowed to access.

It should be noted that, when sending the access request, the destination IP included in the access request is the IP address of the central controller, and when sending the connection request, the destination IP included in the connection request is the IP address of the pop point 2 (i.e., the IP address of the target pop point), which are different from each other.

And the first party continuously sends an application access request to the pop point 2, if the first party accesses the application A, the pop point 2 can verify that the first party has the authority of accessing the application A according to the security access policy, and the first party is allowed to access the application A after verification. If the first accesses the application B, the pop point 2 can determine that the first does not have the authority to access the application B according to the security access policy, and refuses the first to access the application B.

In the process of accessing the application a, if the central controller does not receive the node state information reported by the pop point 2 in the second predetermined period, and the pop point 2 is removed from the 3 pop points, assuming that the network quality of the pop point 1 is optimal, the central controller sends the IP address of the pop point 1 to the mobile phone of the first, and then sends the account information and the security access policy of the first to the pop point 1. The first mobile phone sends a connection request to the pop point 1 again, and after the authentication is passed, the first mobile phone is connected to the pop point 1 and accesses the application a through the pop point 1.

Through the embodiment, the central controller is introduced, the central controller maintains configuration information of all the access nodes and security policy information of all users, and the terminal equipment requests the central controller to access the remote access network. And after the central controller passes the verification of the terminal equipment, allowing the terminal equipment to acquire the configuration information of the access node from the central controller. The access node acquires the user identity information and the user security access control strategy from the central controller, authenticates the user identity information of the terminal equipment when the terminal is connected to the access node, and enables the terminal user to access the application in the system according to the security access control strategy. The terminal equipment is convenient to access the remote access system, and meanwhile, the safety of the system is well guaranteed.

Fig. 4 shows a block diagram of a node scheduling apparatus according to an exemplary embodiment of the present application. Referring to fig. 4, the node scheduling apparatus is applied to a central controller and includes a request receiving module 401, a target access node determining module 402, and a scheduling module 403.

The request receiving module 401 is configured to receive an access request sent by a target terminal, where the access request includes user identity information and current location information of the target terminal.

The target access node determining module 402 is configured to determine a target access node corresponding to the target terminal according to at least one pre-selected access node corresponding to the current location information.

The scheduling module 403 is configured to send access information of the target access node to the target terminal, and send user identity information to the target access node, so that the target access node receives a connection request of the target terminal, and authenticates the target terminal according to the user identity information to establish a connection.

Based on the embodiment shown in fig. 4, in an exemplary embodiment of the present application, the scheduling module 403 is further configured to:

and sending the user identity information and the security access control strategy to a target access node.

In an exemplary embodiment of the present application, after obtaining the security access control policy corresponding to the user identity information, the scheduling module 403 is further configured to:

In an exemplary embodiment of the present application, after sending the policy identification information to the target terminal and the target access node, respectively, the scheduling module 403 is further configured to:

updating the strategy identification information;

Based on the embodiment shown in fig. 4, in an exemplary embodiment of the present application, the request receiving module 401 is further configured to:

after receiving an access request sent by a target terminal, performing identity authentication according to user identity information;

and if the verification is not passed, feeding back prompt information for prompting the connection prohibition to the target terminal.

In an exemplary embodiment of the present application, the target access node determining module 402 is further configured to:

In an exemplary embodiment, the target access node determination module 402 is further configured to:

acquiring node state information reported by each preselected access node;

determining whether to replace a target access node or not according to the network state information;

and if so, identifying a new target access node from at least one pre-selected access node according to the network state information, and indicating the target terminal to be connected to the new target access node.

In an exemplary embodiment, the scheduling module 403, after sending the access information of the target access node to the target terminal and sending the user identity information to the target access node, is further configured to:

if the node state information reported by the target access node is not received in the first preset period, a new target access node is identified from at least one pre-selected access node according to the connection quality score corresponding to each pre-selected access node so as to establish connection for the target terminal.

In an exemplary embodiment of the present application, after sending the access information of the target access node to the target terminal and sending the user identity information to the target access node, the scheduling module 403 is further configured to:

receiving terminal identification information reported by a target terminal;

Fig. 5 is a block diagram illustrating a node scheduling apparatus according to an exemplary embodiment of the present application. Referring to fig. 5, the node scheduling apparatus is applied to a terminal device and includes a request sending module 501, a scheduling information receiving module 502, and a connection module 503.

The request sending module 501 is configured to send an access request to the central controller, where the access request includes the user identity information of the current terminal and the current location information.

The scheduling information receiving module 502 is configured to receive access information of a target access node sent by the central controller, the target access node being determined by the central controller according to the current location information.

The connection module 503 is configured to send a connection request to the target access node according to the access information of the target access node, so that the target access node authenticates the current terminal according to the user identity information to establish a connection.

In an exemplary embodiment of the present application, the scheduling information receiving module 502 is further configured to:

receiving a detection task sent by a central controller, wherein the detection task is used for indicating the network quality between the current terminal detection and each preselected access node, and the preselected access node corresponds to the area where the current position information is located;

and detecting the network quality between the central controller and each preselected access node, and feeding back the detection result to the central controller, so that the central controller identifies a target access node from the preselected access nodes according to the detection result.

In an exemplary embodiment, the connection module 503, after establishing the connection with the target access node, is further configured to:

and reporting the network state information and the terminal identification information of the current terminal to a central controller.

In an exemplary embodiment of the present application, the scheduling information receiving module 502 is further configured to, after establishing a connection with the target access node: receiving policy identification information sent by a central controller, wherein the policy identification information is generated by the central controller according to a security access control policy corresponding to user identity information;

the connection module 503 is further configured to: and sending an application access request to the target access node, wherein the application access request comprises the strategy identification information for the target access node to verify.

In an exemplary embodiment of the present application, the scheduling information receiving module 502 is further configured to, after establishing a connection with the target access node: receiving a replacement request for a target access node sent by a central controller, wherein the replacement request comprises access information of a new target access node; the connection module 503 is further configured to send a connection request to the new target access node according to the access information of the new target access node, so that the new target access node performs authentication according to the user identity information of the current terminal to establish a connection.

In an exemplary embodiment of the present application, the request sending module 501, after establishing the connection with the target access node, is further configured to: and if the target access node is disconnected, sending an access request to the central controller, so that the central controller redistributes a new target access node according to the access request.

Fig. 6 is a block diagram illustrating a computer apparatus 600 for node scheduling in accordance with an example embodiment. For example, the computer device 600 may be provided as a server. Referring to fig. 6, the computer device 600 includes a processor 601, and the number of processors may be set to one or more as necessary. The computer device 600 further comprises a memory 602 for storing instructions, such as application programs, executable by the processor 601. The number of the memories can be set to one or more according to needs. Which may store one or more application programs. The processor 601 is configured to execute instructions to perform the above-described node scheduling method.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus (device), or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied in the medium. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, including, but not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the computer, and the like. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that an article or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such article or apparatus. Without further limitation, an element defined by the phrases "comprising 8230; \8230;" 8230; "does not exclude the presence of additional like elements in an article or device comprising the element.

While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all changes and modifications that fall within the scope of the present application.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, it is intended that the present application cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.

Claims

1. A node scheduling method is applied to a central controller and comprises the following steps:

and sending the access information of the target access node to the target terminal, and sending the user identity information to the target access node, so that the target access node receives the connection request of the target terminal, and verifying the target terminal according to the user identity information to establish connection.

2. The node scheduling method of claim 1, wherein said sending the user identity information to the target access node comprises:

acquiring a security access control strategy corresponding to the user identity information;

3. The node scheduling method of claim 2, wherein after the obtaining of the security access control policy corresponding to the user identity information, the method further comprises:

and respectively sending the strategy identification information to the target terminal and the target access node so that the target access node carries out verification according to the strategy identification information carried in the application access request after receiving the application access request sent by the target terminal.

4. The node scheduling method of claim 3, after the sending the policy identifier information to the target terminal and the target access node, respectively, further comprising:

updating the policy identification information;

5. The node scheduling method of claim 1, wherein after receiving the access request transmitted by the target terminal, further comprising:

performing identity authentication according to the user identity information;

and if the verification is not passed, feeding back prompt information for prompting connection prohibition to the target terminal.

6. The node scheduling method of claim 1, wherein the determining the target access node corresponding to the target terminal according to the at least one pre-selected access node corresponding to the current location information comprises:

determining the area of a target terminal and at least one corresponding preselected access node according to the current position information, and sending a detection task to the target terminal, wherein the detection task is used for indicating the network quality between the detection of the target terminal and each preselected access node;

and identifying a target access node from the at least one preselected access node according to the detection result corresponding to each preselected access node reported by the target terminal.

7. The node scheduling method of claim 6, wherein the identifying a target access node from the at least one pre-selected access node according to the probe result corresponding to each pre-selected access node reported by the target terminal comprises:

acquiring node state information reported by each preselected access node;

and identifying a target access node from the at least one pre-selected access node according to the detection result corresponding to each pre-selected access node reported by the target terminal and the node state information corresponding to each pre-selected access node.

8. The node scheduling method of claim 7, further comprising, after said identifying a target access node from said at least one preselected access node based on a connection quality score corresponding to each preselected access node:

receiving network state information reported by the target terminal, wherein the network state information is used for describing the network quality between the target terminal and each preselected access node;

and if so, identifying a new target access node from the at least one pre-selected access node according to the network state information, and indicating the target terminal to be connected to the new target access node.

9. The node scheduling method of claim 8, wherein after the sending the access information of the target access node to the target terminal and the user identity information to the target access node, further comprising:

and if the node state information reported by the target access node is not received in a first preset period, identifying a new target access node from the at least one preselected access node according to the connection quality score corresponding to each preselected access node so as to establish connection for the target terminal.

10. The node scheduling method of claim 1, wherein after the sending the access information of the target access node to the target terminal and the user identity information to the target access node, further comprising:

and if the network state information reported by the target terminal is not received in a second preset period, indicating that the target access node is disconnected with the target terminal, wherein the network state information is used for describing the network quality between the target terminal and each preselected access node.

11. The node scheduling method of claim 1, further comprising, after the sending the access information of the target access node to the target terminal and the user identity information to the target access node:

receiving terminal identification information reported by the target terminal;

12. A node scheduling method is applied to terminal equipment and comprises the following steps:

13. The node scheduling method of claim 12, prior to receiving the access information of the target access node transmitted by the central controller, further comprising:

receiving a probe task sent by the central controller, wherein the probe task is used for indicating the network quality between the current terminal probe and each pre-selected access node, and the pre-selected access node corresponds to the area where the current position information is located;

and detecting the network quality between the network and each pre-selected access node, and feeding back the detection result to the central controller, so that the central controller identifies a target access node from the pre-selected access nodes according to the detection result.

14. The node scheduling method of claim 13, after establishing the connection with the target access node, further comprising:

15. The node scheduling method of claim 12, after establishing the connection with the target access node, further comprising:

receiving policy identification information sent by the central controller, wherein the policy identification information is generated by the central controller according to a security access control policy corresponding to the user identity information;

and sending an application access request to the target access node, wherein the application access request comprises the policy identification information for the target access node to verify.

16. The node scheduling method of claim 12, after establishing the connection with the target access node, further comprising:

receiving a replacement request for a target access node sent by the central controller, the replacement request including access information of a new target access node;

17. The node scheduling method of claim 12, after establishing the connection with the target access node, further comprising:

18. A node scheduling device applied to a central controller comprises:

19. A node scheduling device, applied to a terminal device, includes:

the system comprises a request sending module, a central controller and a service module, wherein the request sending module is used for sending an access request to the central controller, and the access request comprises user identity information and current position information of a current terminal;

20. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when executed, implements the steps of the method according to any one of claims 1-17.

21. A computer arrangement comprising a processor, a memory and a computer program stored on the memory, characterized in that the steps of the method according to any of claims 1-17 are implemented when the computer program is executed by the processor.