CN116346848A - Electric power operation and maintenance system based on image projection - Google Patents

Electric power operation and maintenance system based on image projection Download PDF

Info

Publication number
CN116346848A
CN116346848A CN202310200926.4A CN202310200926A CN116346848A CN 116346848 A CN116346848 A CN 116346848A CN 202310200926 A CN202310200926 A CN 202310200926A CN 116346848 A CN116346848 A CN 116346848A
Authority
CN
China
Prior art keywords
module
information
client
server
graphic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310200926.4A
Other languages
Chinese (zh)
Inventor
王振宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Qizhi Technology Co ltd
Original Assignee
Zhejiang Qizhi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Qizhi Technology Co ltd filed Critical Zhejiang Qizhi Technology Co ltd
Priority to CN202310200926.4A priority Critical patent/CN116346848A/en
Publication of CN116346848A publication Critical patent/CN116346848A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J13/00Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
    • H02J13/00001Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by the display of information or by user interaction, e.g. supervisory control and data acquisition systems [SCADA] or graphical user interfaces [GUI]
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J13/00Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
    • H02J13/00002Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by monitoring
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J13/00Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
    • H02J13/00006Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N9/00Details of colour television systems
    • H04N9/12Picture reproducers
    • H04N9/31Projection devices for colour picture display, e.g. using electronic spatial light modulators [ESLM]
    • H04N9/3141Constructional details thereof
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S10/00Systems supporting electrical power generation, transmission or distribution
    • Y04S10/50Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications

Abstract

The application relates to an electric power operation and maintenance system based on image projection, wherein the system comprises: a client and a server; the first communication module of the client side is used for providing a data interaction channel between the client side and the server side and acquiring graphic protocol connection information and proxy information based on the data interaction channel; the graphic client module of the client is used for establishing graphic protocol connection with the server according to the graphic protocol connection information and the proxy information; based on the graphic protocol, presenting the image information in the server; when operation information is generated in response to the operation image information, the operation information corresponding to the image information is synchronized to the server, and the presented image information is synchronously updated based on server feedback. According to the method and the device, the problem that the client is difficult to adapt to different operating systems is solved, the client is adaptive to different operating systems, the data transmitted by graphic protocol connection does not contain business interface information and sensitive data information, and operation and maintenance safety can be improved.

Description

Electric power operation and maintenance system based on image projection
Technical Field
The application relates to the technical field of power operation and maintenance, in particular to a power operation and maintenance system based on image projection.
Background
There are two schemes for the existing operation and maintenance system. Scheme one: the BS mode, browser/server mode, is employed. The user accesses the web page of the operation and maintenance system to complete operation and maintenance through the local browser. Scheme II: the CS mode, i.e. the client/server mode, is employed. In the existing CS mode, a client needs to be developed, a functional page presented to the client is implemented in the client, and data presented to the client needs to be acquired and updated through data interaction with a server.
In a secure area under a power operation and maintenance system, the use of web protocols is not allowed for security reasons, and operation and maintenance services cannot be provided in a BS mode. In addition, as a server of a workstation under the power operation and maintenance system has various versions and different types of operating systems, the client in the existing CS mode scheme is required to be difficult to adapt to different operating systems, which causes the program security of the client to be low, the program scale to be overlarge, the database to be relied on and the maintenance efficiency to be low; thereby causing a problem that it is difficult for the client to adapt to different operating systems.
There are difficulties in adapting different operating systems to clients in the related art, and no effective solution has been proposed yet.
Disclosure of Invention
In this embodiment, an image projection-based power operation and maintenance system is provided to solve the problem that in the related art, it is difficult for a client to adapt to different operating systems.
In a first aspect, in this embodiment, there is provided an image projection-based power operation and maintenance system, including: a client and a server;
the client comprises a first communication module and a graphic client module;
the first communication module is connected with the server and used for providing a data interaction channel between the client and the server and acquiring graphic protocol connection information and proxy information based on the data interaction channel;
the graphic client module is connected with the first communication module and is used for establishing graphic protocol connection with the server according to the graphic protocol connection information and the proxy information; presenting the image information in the server based on the graphics protocol;
and synchronizing operation information corresponding to the image information to the server when the operation information is generated in response to the operation of the image information, and synchronously updating the presented image information based on the feedback of the server.
In some of these embodiments, the client further comprises an authentication module;
the authentication module is connected with the first communication module and is used for sending an authentication request to the server through the data interaction channel;
and after the authentication of the server passes, the first communication module acquires the graphic protocol connection information and the proxy information from the server, and transmits the graphic protocol connection information and the proxy information to the graphic client module.
In some embodiments, the server includes a second communication module, a background service module, and a container module;
the second communication module is respectively connected with the first communication module, the background service module and the container module;
the background service module is connected with the container module and is used for acquiring graphic protocol connection information and proxy information of service connection from the container module and transmitting the graphic protocol connection information and the proxy information to a client through the second communication module;
the container module is used for establishing graphic protocol connection with the graphic client module; projecting the image information to the client based on the graphics protocol;
and when synchronizing to the operation information corresponding to the image information, updating the image information based on the operation information, and feeding back the updated image information to the client.
In some embodiments, the first communication module is a first national cryptographic channel module; the second communication module is a second national cipher channel module;
the first national encryption channel module is connected with the second national encryption channel module in the server and used for establishing a data interaction channel for national encryption.
In some of these embodiments, the background service module includes an authentication service sub-module;
the authentication service sub-module is connected with the authentication module in the client and used for acquiring an authentication request and carrying out authentication processing on the client and the server based on the authentication request.
In some embodiments, the authentication service sub-module is further configured to obtain, after the authentication is passed, graphics protocol connection information and proxy information of the service connection from the container module;
and sorting authentication Token information, and transmitting the Token information, the graphic protocol connection information and the proxy information to a client.
In some of these embodiments, the authentication Token information includes an authentication password and an authentication validity period.
In some embodiments, the background service module further includes an Agent management sub-module and a business service sub-module;
the Agent management submodule is connected with the Agent submodule in the container module and used for managing the Agent submodule;
the service module is connected with the rich management terminal module in the container module, and is used for receiving the service request initiated by the rich management terminal module and executing service processing according to the service request.
In some embodiments thereof, the container module includes a proxy sub-module, an image service sub-module, and a rich management sub-module;
the image service terminal module establishes a graphic protocol connection with the graphic client module through the proxy sub-module; projecting the image information provided by the rich management terminal module to the client based on the graphics protocol; transmitting the operation information to the rich management terminal module when synchronizing to the operation information corresponding to the image information;
the rich management terminal module is used for providing the image information processed by the background service module; and generating a corresponding service request according to the operation information.
In some embodiments, the container module further comprises an Agent sub-module;
the Agent sub-module is connected with the image service terminal module, and is used for starting the rich management terminal module and the image service terminal module, and collecting the current graphic protocol connection information and the proxy information of the container module.
Compared with the related art, the power operation and maintenance system based on image projection provided in the embodiment comprises a client and a server; the client comprises a first communication module and a graphic client module; the first communication module is connected with the server and used for providing a data interaction channel between the client and the server and acquiring graphic protocol connection information and proxy information based on the data interaction channel; the graphic client module is connected with the first communication module and used for establishing graphic protocol connection with the server according to the graphic protocol connection information and the proxy information; based on the graphic protocol, presenting the image information in the server; when the operation information is generated in response to the operation image information, the operation information corresponding to the image information is synchronized to the server, and the presented image information is synchronously updated based on the feedback of the server, so that the problem that the client is difficult to adapt to different operation systems is solved, the processing related to the operation systems is set to the server, the client only needs to display the image information, the client is further adapted to different operation systems, the data transmitted by the graphic protocol connection does not contain business interface information and sensitive data information, and the operation and maintenance safety can be improved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the other features, objects, and advantages of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 is a block diagram of an image projection-based power operation and maintenance system according to an embodiment of the present application;
FIG. 2 is a block diagram of a background service module according to an embodiment of the present application;
FIG. 3 is a block diagram of a container module provided in an embodiment of the present application;
fig. 4 is a block diagram of an electric power operation and maintenance system based on image projection according to a preferred embodiment of the present application.
In the figure: 100.a client; 110. a first communication module; 120. a graphics client module; 130. an authentication module; 200. a server; 210. a second communication module; 220. a background service module; 221. an authentication service sub-module; 222. an Agent management sub-module; 223. a business service sub-module; 230. a container module; 231. an image service terminal module; 232. a proxy sub-module; 233. a rich management terminal module; 234. an Agent sub-module.
Detailed Description
For a clearer understanding of the objects, technical solutions and advantages of the present application, the present application is described and illustrated below with reference to the accompanying drawings and examples.
Unless defined otherwise, technical or scientific terms used herein shall have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terms "a," "an," "the," "these," and the like in this application are not intended to be limiting in number, but rather are singular or plural. The terms "comprising," "including," "having," and any variations thereof, as used in the present application, are intended to cover a non-exclusive inclusion; for example, a process, method, and system, article, or apparatus that comprises a list of steps or modules (units) is not limited to the list of steps or modules (units), but may include other steps or modules (units) not listed or inherent to such process, method, article, or apparatus. The terms "connected," "coupled," and the like in this application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference to "a plurality" in this application means two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., "a and/or B" may mean: a exists alone, A and B exist together, and B exists alone. Typically, the character "/" indicates that the associated object is an "or" relationship. The terms "first," "second," "third," and the like, as referred to in this application, merely distinguish similar objects and do not represent a particular ordering of objects.
An electric power operation and maintenance system based on image projection is provided in the present embodiment. Fig. 1 is a block diagram of the power operation and maintenance system based on image projection of the present embodiment. As shown in fig. 1, the power operation and maintenance system includes: a client 100 and a server 200;
the client 100 includes a first communication module 110 and a graphics client module 120;
the first communication module 110 is connected with the server 200, and is used for providing a data interaction channel between the client 100 and the server 200, and acquiring graphic protocol connection information and proxy information based on the data interaction channel;
the graphic client module 120 is connected with the first communication module 110 and is used for establishing graphic protocol connection with the server according to the graphic protocol connection information and the proxy information; based on the graphics protocol, rendering the image information in the server 200;
when operation information is generated in response to the operation image information, the operation information corresponding to the image information is synchronized to the server, and the presented image information is synchronously updated based on server feedback.
It should be noted that, the client 100 may be installed on a desktop system of a client center, for example: on a desktop system of a data center. Client 100: may be a mobile terminal, a fixed terminal, or a portable terminal, such as a mobile handset, a site, a unit, a device, a multimedia computer, a multimedia tablet, an internet node, a communicator, a desktop computer, a laptop computer, a notebook computer, a netbook computer, a tablet computer, a Personal Communications System (PCS) device, a personal navigation device, a Personal Digital Assistant (PDA), an audio/video player, a digital camera/camcorder, a positioning device, a television receiver, a radio broadcast receiver, an electronic book device, a game device, or any combination thereof, including the accessories and peripherals of these devices, or any combination thereof. The server 200 may be installed on a separate server. One client 100 may be generally considered to correspond to one server 200, i.e., one data center corresponds to one server. In other embodiments, one client 100 may correspond to multiple servers 200, and only in operation, a pair of clients 100 and servers 200 are selected for remote operation and maintenance.
Taking a data center as an example, a power operation and maintenance system is set for the first time, a client 100 is installed in an operating system of the data center, a server 200 is installed in the server, and the server 200 is mainly responsible for data processing of the power operation and maintenance system. The data interaction channel between the client 100 and the server 200 is established by using the first communication module 110 of the client 100 and the second communication module 210 of the server 200. The data interaction channel not only can transmit graphic protocol connection information and proxy information; sensitive information such as authentication related information can also be transmitted. In order to improve the security of the transmission, the information transmitted in the data interaction channel may be encrypted. The manner of encryption is not limited herein. Then, establishing a graphic protocol connection with the server according to the graphic protocol connection information and the proxy information; then the related data transmission of the image information may be through a graphics protocol to achieve efficient interaction between the client 100 and the server 200. Such as: based on the graphics protocol, the image information in the server 200 is presented. Or when the operation information is generated in response to the operation image information, synchronizing the operation information corresponding to the image information to the server, and synchronously updating the presented image information based on the feedback of the server. Since the graphics client module 120 in the client 100 can directly implement efficient interaction with the server 200 through the graphics protocol, the delay of the presentation of the image information in the client 100 can be reduced; and the data transmitted by the graphic protocol does not contain service interface information and sensitive data information, so that the operation and maintenance safety can be improved.
Through the above power operation system, the system includes a client 100 and a server 200; the client 100 includes a first communication module 110 and a graphics client module 120; the first communication module 110 is connected with the server 200, and is used for providing a data interaction channel between the client 100 and the server 200, and acquiring graphic protocol connection information and proxy information based on the data interaction channel; the graphic client module 120 is connected with the first communication module 110 and is used for establishing graphic protocol connection with the server according to the graphic protocol connection information and the proxy information; based on the graphics protocol, rendering the image information in the server 200; when the operation information is generated in response to the operation image information, the operation information corresponding to the image information is synchronized to the server, and the presented image information is synchronously updated based on the feedback of the server, so that the problem that the client 100 is difficult to adapt to different operation systems is solved, the processing related to the operation systems is set to the server 200, the client 100 only needs to display the image information, the client 100 is further adapted to different operation systems, the data transmitted by the graphic protocol connection does not contain service interface information and sensitive data information, and the operation and maintenance safety can be improved.
In some of these embodiments, the client 100 also includes an authentication module 130;
the authentication module 130 is connected to the first communication module 110, and is configured to send an authentication request to the server 200 through a data interaction channel;
after the authentication of the server 200 is passed, the graphic protocol connection information and the proxy information are acquired from the server 200 through the first communication module 110, and are transmitted to the graphic client module 120.
Specifically, in the process of establishing a stable data interaction channel between the client 100 and the server 200, the client 100 and the server 200 need to verify the identity of each other, and may be completed by using the authentication module 130 and the authentication service sub-module 221 of the server 200. Such as: this is done with either two-way authentication or one-way authentication, which is not described in detail. After the authentication of the server 200 is passed, the first communication module 110 obtains the graphics protocol connection information and the proxy information from the server 200, and then transmits the graphics protocol connection information and the proxy information to the graphics client module 120. In other embodiments, the establishment of the data interaction channel may be accomplished in other manners, which is not limited thereto.
In some embodiments, the server 200 includes a second communication module 210, a background service module 220, and a container module 230;
the second communication module 210 is connected with the first communication module 110, the background service module 220 and the container module 230 respectively;
the background service module 220 is connected with the container module 230, and is configured to acquire graphic protocol connection information and proxy information of the service connection from the container module 230, and transmit the graphic protocol connection information and the proxy information to the client 100 through the second communication module 210;
a container module 230 for establishing a graphics protocol connection with the graphics client module 120; projecting image information to the client 100 based on a graphics protocol;
when synchronizing to the operation information corresponding to the image information, the image information is updated based on the operation information, and the updated image information is fed back to the client 100.
Specifically, the second communication module 210 and the first communication module 110 may be wired or wireless communication modules. The background service module 220 is mainly responsible for the transmission of graphic protocol connection information and proxy information, so that the container module 230 and the graphic client module 120 establish graphic protocol connection; therefore, the image information can be projected to the graphic client module 120 in the client 100 based on the graphic protocol, so that the data interacted between the client 100 and the server 200 is not business interface data, but the data of the graphic protocol, the data does not contain business interface information and sensitive data information, and the data transmission safety is improved. Therefore, the interfaces of the server 200 and the sensitive data can be safely protected, and the interfaces of the server 200 are prevented from being attacked and the sensitive data are prevented from being leaked.
In some embodiments, the first communication module 110 is a first national cryptographic channel module; the second communication module 210 is a second cryptographic channel module;
the first national encryption channel module is connected with the second national encryption channel module in the server 200 and is used for establishing a data interaction channel for national encryption.
Specifically, in order to avoid leakage of sensitive data information (connection information and proxy information), the first cryptographic channel module is connected to the second cryptographic channel module in the server 200, and is used for establishing a cryptographic data interaction channel.
In this embodiment, the client 100 includes a first cryptographic channel module, a graphics client module 120 and an authentication module 130, is a thin client, is less dependent, only retains the cryptographic channel, the authentication function and the graphics client module 120, has a small software package size, is easier to adapt to different workstation server operating systems, and is convenient to upgrade and deploy.
In some of these embodiments, as shown in FIG. 2, the background service module 220 includes an authentication service sub-module 221;
the authentication service sub-module 221 is connected to the authentication module 130 in the client 100, and is configured to obtain an authentication request, and perform authentication processing on the client 100 and the server 200 based on the authentication request.
In this embodiment, the specific forms of the authentication module 130 and the authentication service sub-module 221 are not limited, and the authentication connection between the client 100 and the server 200 is quickly and stably completed through the authentication interaction between the authentication module 130 and the authentication service sub-module 221.
In some embodiments, the authentication service sub-module 221 is further configured to obtain, after the authentication is passed, graphics protocol connection information and proxy information of the service connection from the container module 230;
the authentication Token information is collated, and Token information, graphics protocol connection information, and proxy information are transmitted to the client 100.
Specifically, the client 100 requests login using a user name and a password; the server 200 receives the request to verify the user name and the password; after the verification is successful, the server 200 signs a Token message, and then sends the Token message to the client 100; after receiving Token information, the client 100 may store it, for example, in a local memory of the client or in a local program cache; the client 100 needs to carry Token information issued by the server 200 every time it requests the resource from the server 200; the server 200 receives the request, then verifies Token information carried in the request of the client 100, and if verification is successful, returns the requested data to the client 100. Such as: request for graphics protocol connection information and proxy information transmission; a request for the information may be initiated with Token information.
Wherein the authentication Token information includes an authentication password and an authentication validity period. Such as: the one-time authentication password OTP can be adopted, the validity period of the OTP is set to be 60s, and the authentication security is improved.
In some of these embodiments, the background service module 220 also includes an Agent management sub-module 222 and a business service sub-module 223;
the Agent management sub-module 222 is connected with an Agent sub-module 234 in the container module 230, and is used for managing the Agent sub-module 234;
the service module is connected to the rich management terminal module 233 in the container module 230, and is configured to receive a service request initiated by the rich management terminal module 233, and perform service processing according to the service request.
Specifically, the Agent management submodule 222 is mainly responsible for managing the Agent submodule 234; the business service module is mainly responsible for providing various business services. In this embodiment, the business service module mainly provides various business services, but does not rely on remote database services, so that the security problem caused by the leakage of database connection is avoided.
In some of these embodiments, as shown in FIG. 3, container module 230 includes a proxy sub-module 232, an image service sub-module 231, and a rich management sub-module 233;
an image service sub-module 231, which establishes a graphic protocol connection with the graphic client module 120 through the proxy sub-module 232; projecting the image information provided by the rich management terminal module 233 to the client 100 based on the graphic protocol; transmitting the operation information to the rich management terminal module 233 when synchronizing to the operation information corresponding to the image information;
a rich management terminal module 233 for providing the image information processed by the background service module 220; and generating a corresponding service request according to the operation information.
Specifically, proxy sub-module 232 provides proxy services to enable image service sub-module 231 to establish a graphics protocol connection with graphics client module 120, which also requires a data interaction path. The image service terminal module 231 is responsible for communicating with the graphic client module 120 through a graphic protocol connection, receives operation information (including mouse click, keyboard input, screen sliding and other operation information) of the client 100, and simultaneously projects an interface of the rich management terminal module 233 to the client 100 through the graphic protocol, so that the operation of the client on the client 100 is realized, and the actual operation is that the rich management terminal module 233 interface of the server 200 remarkably reduces the delay sense of use by a user and has excellent use sense.
The rich management terminal module 233 and the business service module can perform data interaction through an internal private protocol, and communicate through an internal network of the server, so that network traffic is greatly saved, and the operation and management efficiency is improved.
In some of these embodiments, container module 230 also includes an Agent sub-module 234;
the Agent sub-module 234 is connected to the image service sub-module 231, and is configured to activate the rich management sub-module 233 and the image service sub-module 231, and collect graphic protocol connection information and proxy information of the current container module 230.
Specifically, the Agent sub-module 234 receives a management instruction of the Agent management sub-module 222 under the management of the Agent management sub-module 222, to start the rich management sub-module 233 and the image service sub-module 231; and collecting graphic protocol connection information and proxy information of the current container module 230; as a communication bridge, the graphic protocol connection information and the Agent information are transmitted to the Agent management sub-module 222. Of course, the Agent sub-module 234 can also be responsible for receiving the management instruction of the Agent management sub-module 222, and stopping the rich management sub-module 233 and the image service sub-module 231. In the embodiment, the management can be optimized, and the running stability is ensured.
The present embodiment is described and illustrated below by way of preferred embodiments.
Fig. 4 is an image projection-based power operation and maintenance system of the present preferred embodiment, which includes a client 100 and a server 200; wherein, the client 100 includes a first national cryptographic channel module, a graphics client module 120, and an authentication module 130; the server 200 includes a second national cryptographic channel module, a background service module 220, and a container module 230. The background service module 220 is responsible for providing external services of the service end 200, and comprises an authentication service sub-module 221, an Agent management sub-module 222 and a business service sub-module 223; the container module 230 includes an Agent sub-module 234, an Agent sub-module 232, an image service sub-module 231, and a rich management sub-module 233.
The first national encryption channel module is connected with the second national encryption channel module to provide a national encryption data interaction channel between the client 100 and the server 200, so as to ensure the data interaction security between the client 100 and the server 200. The data interaction channel can transmit the relevant information of authentication, the graphic protocol connection information and the proxy information. The authentication module 130 is responsible for sending an authentication request to the server 200 through the data interaction channel to verify the user identity information of the client 100; and delivers the graphic protocol connection information and the proxy information provided by the server 200 to the graphic client module 120 according to the authentication response of the server 200. The graphic client module 120 initiates a graphic protocol connection request to the server 200 according to the graphic protocol connection information and the proxy information provided by the server 200; after the graphic protocol connection is established, the client 100 presents the image information of the server 200 for the user, and synchronizes the operation information corresponding to the user with the server 200 through the graphic protocol; the user may perform operations such as a mouse in the image presented on the client 100, and operate the rich management terminal module 233 of the server 200, thereby completing the remote operation and maintenance operation.
The authentication service sub-module 221 is connected with the authentication module 130 of the client 100 through a data interaction channel and is responsible for processing an authentication request; after the authentication is passed, the graphic protocol connection information and the proxy information required by the service connection are acquired from the Agent management sub-module 222; the authentication Token information, the graphic protocol connection information required for service connection, and the proxy information are collated and returned to the client 100. The Agent management sub-module 222 is responsible for starting the container module 230, communicating with the Agent sub-module 234 in the container module 230, collecting the proxy information and the graphics protocol connection information of the current container module 230, and returning to the client 100 through the authentication service sub-module 221. The service sub-module 223 is responsible for processing the service request initiated by the rich management sub-module 233 in the receiving container module 230, and executing service processing, such as: the connection database performs the reading and updating operations of the configuration data. The authentication module 130 and the authentication service sub-module 221 can support the identity authentication modes such as local password, AD/LDAP, radius, UKey, fingerprint and the like, and the identity authentication modes are combined into double-factor authentication. The authentication request is transmitted through the data interaction channel encrypted by the national cipher, and an 11234 port (the port can be customized) can be used, so that the security of transmission is improved.
The container module 230 encapsulates the image service terminal module 231 by using a container technology, and is responsible for projecting the image information (operation interface) of the rich management terminal module 233 to the client 100 through a graphics protocol, and synchronizing the operation information corresponding to the client 100 and the user, so that the client can operate the operation interface of the server 200 at the client 100, and complete the remote operation and maintenance operation. The proxy submodule 232 is responsible for proxy of the graphic protocol data transmitted to the server through the national cipher channel to the designated port of the graphic server 200 in the container; the image transmission channel is established, and the image data of the client 100 and the server 200 are transmitted by proxy modules. The Agent sub-module 234 is responsible for receiving management instructions of the Agent management sub-module 222 of the server, including a start and stop image service sub-module 231 and a rich management sub-module 233, collecting Agent information and graphic protocol connection information, and returning to the Agent management sub-module 222 of the server. The image service terminal module 231 is responsible for communicating with the graphic client module 120, receiving the mouse event of the client 100, and projecting the interface of the rich management terminal module 233 to the client 100 through an image protocol, so as to realize mouse-keying operation of the client on the client 100, and actually operate the interface of the rich management terminal module 233 of the server 200. The rich management terminal module 233 is responsible for providing a service management interface, and is responsible for interacting with the service sub-module 223 of the server through the private protocol inside the server.
The Agent management sub-module 222 and the Agent sub-module 234 adopt internal private protocol communication to improve security; container module 230 may employ Docker technology or other container technology.
The graphics protocol may select a graphics protocol such as VNC, RDP, etc., and needs to support operations such as a mouse to be synchronized between the client 100 and the server 200; graphics protocol data can be transmitted through a data interaction channel encrypted by China, a 15000 port (the port can be customized) can be used, and the transmission safety is improved. After receiving the graphics protocol data, the port of the server 20015900 forwards the graphics protocol data to the port 5900 (the port can be customized) in the container, and the proxy sub-module 232 in the container listens and forwards the graphics protocol data to the image service sub-module 231 for processing. After receiving the operation and maintenance request of the user operating in the rich management terminal module 233, the business service sub-module 223 may perform various operation and maintenance operations, including retrieving and updating database data, and initiating operation and maintenance operations such as access, decryption, etc. on the target asset.
Based on the above-mentioned preferred embodiment of the power operation and maintenance system, the remote operation and maintenance management flow is as follows:
in step S10, the client 100 installed on the desktop system of the power operation and maintenance system provides authentication information to the authentication module 130, and the authentication module 130 is connected to the authentication service sub-module 221 of the server 200 to perform identity authentication.
Step S20, the authentication service sub-module 221 of the server 200 verifies the authentication information. If the authentication is not passed, rejecting the authentication connection; if the authentication is passed, the graphic protocol connection information and the proxy information required for the service connection are acquired from the Agent management sub-module 222. The Agent management sub-module 222 allocates or starts a container for the user who successfully logs in this time after receiving the authentication pass request of the authentication service sub-module 221. After the container is started, the Agent sub-module 232 and the Agent sub-module 234 are automatically started, the Agent sub-module 234 starts the image service sub-module 231 and the rich management sub-module 233, and Agent information and graphic protocol connection information are collected and returned to the Agent management sub-module 222 of the server.
In step S30, the Agent management sub-module 222 returns the proxy information and the graphics protocol connection information to the authentication service sub-module 221, and after the proxy information and the graphics protocol connection information required by the service connection are collected by the authentication service sub-module 221, the proxy information and the graphics protocol connection information required by the service connection are returned to the client 100.
In step S40, the authentication module 130 transmits the graphics protocol connection information and the proxy information provided by the server 200 to the graphics client module 120. The graphic client module 120 initiates a graphic protocol connection request to the server 200, and the proxy module of the server 200 forwards the request to the graphic server 200 sub-module in the container, and after the connection information of the client 100 passes the authentication, the two parties establish a channel for graphic protocol connection. After the channel is established successfully, the sub-module of the graphics server 200 transmits the image of the rich management sub-module 233 to the client 100 through the graphics protocol connection, and the client 100 can see the image projection of the rich management sub-module 233.
In step S50, the user performs operations such as mouse pressing on the client 100, and the transmission channel connected by the graphics client module 120 through the graphics protocol is transmitted to the sub-module of the graphics server 200. The actual operation is the rich management sub-module 233, which performs service interaction with the service sub-module 223 of the server through the internal private protocol of the server, thus completing service processing.
In step S60, the sub-module of the graphic server 200 transmits the image information of the service-processed rich management sub-module 233 back to the graphic client module 120 of the client 100 through the proxy module, and presents the result image to the client, thereby completing the remote operation and maintenance process.
In the preferred embodiment, the effects achieved include, but are not limited to, the following:
1. the service end 200 does not need to expose a service interface to the client end 100, and meanwhile, the data interacted by the client end 100 and the service end 200 is not service interface data, but graphic protocol data, and the data does not contain service interface information and sensitive data information. Therefore, the interfaces of the server 200 and the sensitive data are safely protected, and the interfaces of the server 200 are prevented from being attacked and the sensitive data are prevented from being leaked.
2. The client 100 does not depend on remote database service, so that the safety problem caused by database connection leakage is avoided;
3. the service end 200, the rich management terminal module 233 and the background service sub-module interact through an internal private protocol to communicate with an internal network, so that network traffic is greatly saved, and the operation and management efficiency is improved;
4. the client 100 is a thin client, has little dependence, only reserves the functions of a national cryptographic channel, an authentication function and a graphic protocol client 100, has small software package scale, is easier to adapt to different workstation server operating systems, and is convenient to upgrade and deploy.
The above-described respective modules may be functional modules or program modules, and may be implemented by software or hardware. For modules implemented in hardware, the various modules described above may be located in the same processor; or the above modules may be located in different processors in any combination.
It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to be limiting. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present application, are within the scope of the present application in light of the embodiments provided herein.
It is evident that the drawings are only examples or embodiments of the present application, from which the present application can also be adapted to other similar situations by a person skilled in the art without the inventive effort. In addition, it should be appreciated that while the development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as an admission of insufficient detail.
The term "embodiment" in this application means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive. It will be clear or implicitly understood by those of ordinary skill in the art that the embodiments described in this application can be combined with other embodiments without conflict.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the patent. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.

Claims (10)

1. An image projection-based power operation and maintenance system, comprising: a client and a server;
the client comprises a first communication module and a graphic client module;
the first communication module is connected with the server and used for providing a data interaction channel between the client and the server and acquiring graphic protocol connection information and proxy information based on the data interaction channel;
the graphic client module is connected with the first communication module and is used for establishing graphic protocol connection with the server according to the graphic protocol connection information and the proxy information; presenting the image information in the server based on the graphics protocol;
and synchronizing operation information corresponding to the image information to the server when the operation information is generated in response to the operation of the image information, and synchronously updating the presented image information based on the feedback of the server.
2. The image projection-based power operation and maintenance system of claim 1, wherein the client further comprises an authentication module;
the authentication module is connected with the first communication module and is used for sending an authentication request to the server through the data interaction channel;
and after the authentication of the server passes, the first communication module acquires the graphic protocol connection information and the proxy information from the server, and transmits the graphic protocol connection information and the proxy information to the graphic client module.
3. The image projection-based power operation and maintenance system according to claim 1, wherein the server comprises a second communication module, a background service module and a container module;
the second communication module is respectively connected with the first communication module, the background service module and the container module;
the background service module is connected with the container module and is used for acquiring graphic protocol connection information and proxy information of service connection from the container module and transmitting the graphic protocol connection information and the proxy information to a client through the second communication module;
the container module is used for establishing graphic protocol connection with the graphic client module; projecting the image information to the client based on the graphics protocol;
and when synchronizing to the operation information corresponding to the image information, updating the image information based on the operation information, and feeding back the updated image information to the client.
4. The image projection-based power operation and maintenance system according to claim 3, wherein the first communication module is a first national encryption channel module; the second communication module is a second national cipher channel module;
the first national encryption channel module is connected with the second national encryption channel module in the server and used for establishing a data interaction channel for national encryption.
5. The image projection-based power operation and maintenance system of claim 3, wherein the background service module comprises an authentication service sub-module;
the authentication service sub-module is connected with the authentication module in the client and used for acquiring an authentication request and carrying out authentication processing on the client and the server based on the authentication request.
6. The image projection based power operation and maintenance system according to claim 5, wherein the authentication service sub-module is further configured to obtain graphic protocol connection information and proxy information of a service connection from the container module after authentication is passed;
and sorting authentication Token information, and transmitting the Token information, the graphic protocol connection information and the proxy information to a client.
7. The image projection based power operation and maintenance system of claim 6, wherein the authentication Token information includes an authentication password and an authentication validity period.
8. The image projection-based power operation and maintenance system according to claim 3, wherein the background service module further comprises an Agent management sub-module and a business service sub-module;
the Agent management submodule is connected with the Agent submodule in the container module and used for managing the Agent submodule;
the service module is connected with the rich management terminal module in the container module, and is used for receiving the service request initiated by the rich management terminal module and executing service processing according to the service request.
9. The image projection based power operation and maintenance system of claim 3, wherein the container module includes a proxy sub-module, an image service sub-module, and a rich management sub-module;
the image service terminal module establishes a graphic protocol connection with the graphic client module through the proxy sub-module; projecting the image information provided by the rich management terminal module to the client based on the graphics protocol; transmitting the operation information to the rich management terminal module when synchronizing to the operation information corresponding to the image information;
the rich management terminal module is used for providing the image information processed by the background service module; and generating a corresponding service request according to the operation information.
10. The image projection based power operation and maintenance system of claim 9, wherein the container module further comprises an Agent sub-module;
the Agent sub-module is connected with the image service terminal module, and is used for starting the rich management terminal module and the image service terminal module, and collecting the current graphic protocol connection information and the proxy information of the container module.
CN202310200926.4A 2023-02-22 2023-02-22 Electric power operation and maintenance system based on image projection Pending CN116346848A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310200926.4A CN116346848A (en) 2023-02-22 2023-02-22 Electric power operation and maintenance system based on image projection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310200926.4A CN116346848A (en) 2023-02-22 2023-02-22 Electric power operation and maintenance system based on image projection

Publications (1)

Publication Number Publication Date
CN116346848A true CN116346848A (en) 2023-06-27

Family

ID=86890778

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310200926.4A Pending CN116346848A (en) 2023-02-22 2023-02-22 Electric power operation and maintenance system based on image projection

Country Status (1)

Country Link
CN (1) CN116346848A (en)

Similar Documents

Publication Publication Date Title
US8073954B1 (en) Method and apparatus for a secure remote access system
EP3846522A1 (en) Mec platform deployment method and device
CN101356773B (en) Ad-hoc creation of group based on contextual information
JP4729651B2 (en) Authentication apparatus, authentication method, and authentication program implementing the method
US20030005333A1 (en) System and method for access control
CN111741011B (en) Verification method, verification device and storage medium
US11824854B2 (en) Communication system and computer readable storage medium
WO2019200965A1 (en) Method and apparatus for connecting to wireless access point
US20210036863A1 (en) Method and apparatus for sharing and acquiring information
CN111914229A (en) Identity authentication method and device, electronic equipment and storage medium
CN112866385B (en) Interface calling method and device, electronic equipment and storage medium
WO2021159765A1 (en) Account data sharing method and electronic device
CN112202744B (en) Multi-system data communication method and device
CN112291364A (en) Message pushing processing method and device
US7792928B2 (en) Method for establishing secure remote access over a network
CN111918274A (en) Code number configuration and management method and device, electronic equipment and readable storage medium
CN112187726A (en) Data transmission method, device, storage medium and terminal
CN112565236A (en) Information authentication method, device, computer equipment and storage medium
CN115174558B (en) Cloud network end integrated identity authentication method, device, equipment and storage medium
WO2023109045A1 (en) Webrtc connection method and system
CN116346848A (en) Electric power operation and maintenance system based on image projection
CN112995322B (en) Information transmission channel establishment method, device, storage medium and terminal
CN115686542A (en) Application installation method, device, equipment and storage medium
CN114338130A (en) Information processing method, device, server and storage medium
KR20150088657A (en) System for servicing cloud streaming, method of servicing cloud streaming and server for the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination