CN117336168A - Access centralized control system and method based on double-machine hot standby - Google Patents

Access centralized control system and method based on double-machine hot standby Download PDF

Info

Publication number
CN117336168A
CN117336168A CN202311536362.8A CN202311536362A CN117336168A CN 117336168 A CN117336168 A CN 117336168A CN 202311536362 A CN202311536362 A CN 202311536362A CN 117336168 A CN117336168 A CN 117336168A
Authority
CN
China
Prior art keywords
control
machine
management
managed
configuration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311536362.8A
Other languages
Chinese (zh)
Inventor
刘英戈
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Ning Dun Mdt Infotech Ltd
Original Assignee
Shanghai Ning Dun Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Ning Dun Mdt Infotech Ltd filed Critical Shanghai Ning Dun Mdt Infotech Ltd
Priority to CN202311536362.8A priority Critical patent/CN117336168A/en
Publication of CN117336168A publication Critical patent/CN117336168A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • H04L41/0826Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network costs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Hardware Redundancy (AREA)

Abstract

The application relates to the technical field of network security, and particularly discloses an admission centralized control system and method based on dual-machine hot standby, wherein the system comprises the following components: the association configuration module is used for dividing all the admission control engines into a main control machine and a plurality of managed machines, and carrying out association configuration on the main control machine and the managed machines so as to generate association configuration information; the terminal synchronization module is used for carrying out access terminal configuration on the management and control machine and carrying out synchronous configuration on the managed and control machine according to the associated configuration information; and the centralized monitoring module is used for monitoring and controlling the working states of all the related controlled machines in real time through the control machines according to the synchronous configuration result of the terminal. The method and the system perform the associated synchronous configuration on the admission control engine in a one-to-many mode, so that the whole admission control system is managed in a centralized mode, and the network management efficiency is improved.

Description

Access centralized control system and method based on double-machine hot standby
Technical Field
The application belongs to the technical field of network security, and particularly relates to an admission centralized control system and method based on dual-machine hot standby.
Background
The introduction of the admission control system can realize detection, identification and management and control of the access network, can find and identify the terminal types and the number of the access network, solves the problems of manual investigation and terminal classification of operation and maintenance personnel, controls the terminal distribution through visualization, and can reasonably plan the terminal and network layout.
Although the admission control system performs centralized management on the access network terminals, the admission control system is also equivalent to relying on the safety protection of the internet of things equipment and the network on the admission control system, and for the enterprise network architecture, the admission control system generally comprises a plurality of admission control engines, each admission control engine needs to be independently controlled, and the control cost is high, so that the centralized control on the whole admission control system is necessary.
Disclosure of Invention
The utility model aims to provide an admission centralized control system and method based on dual hot standby, which can perform centralized management on an admission control engine in a one-to-many mode so as to enhance network management efficiency.
In a first aspect, the present application provides an admission centralized control system based on dual hot standby, where the system includes an association configuration module, a terminal synchronization module, and a centralized monitoring module;
the association configuration module is used for dividing all the admission control engines into a main control machine and a plurality of managed machines, and carrying out association configuration on the main control machine and the managed machines so as to generate association configuration information;
the terminal synchronization module is used for carrying out access terminal configuration on the management and control machine and carrying out synchronous configuration on the managed and control machine according to the associated configuration information;
and the centralized monitoring module is used for monitoring and controlling the working states of all the related controlled machines in real time through the control machines according to the synchronous configuration result of the terminal.
Through the technical scheme, the admission control engines are divided into the control machine and the controlled machines, the control machines are associated and configured in a one-to-many mode, and the control machines can be used as monitoring anchor points for carrying out centralized monitoring and control on all the admission control engines, so that the control efficiency of the whole admission control system is improved.
Optionally, the association configuration module comprises a management and control dividing module and a management and control configuration module;
the control dividing module is used for selecting one admission control engine as a control machine through a preset method, and the rest admission control engines as controlled machines;
the management and control configuration module is used for configuring the management and control machine, generating configuration information of the management and control machine, adding the configuration information of the management and control machine and configuring the managed and control machine.
Optionally, the configuration information of the management and control machine includes a management and control machine address and a sharing secret key, and the association configuration module includes an address association unit and a secret key sharing unit;
the address association unit is used for adding a virtual IP address and a port number to the management and control machine to generate address configuration information, and carrying out association configuration on the added managed and control machine according to the address configuration information;
the key sharing unit is used for setting a key for the management and control machine and carrying out key configuration on the added managed and controlled machine according to the set key.
Optionally, the terminal synchronization module includes a terminal configuration unit and a synchronization configuration unit;
the terminal configuration unit is used for configuring the terminal admission control of the management and control machine according to a preset admission control scheme so as to generate an admission control template;
and the synchronous configuration unit is used for controlling the admission of the terminal of the controlled machine and carrying out synchronous configuration according to the admission control template.
Optionally, the centralized monitoring module comprises an association inquiry unit, a data visual unit and a synchronous monitoring unit;
the association inquiry unit is used for inquiring all associated managed and controlled machines under the managed and controlled machines, monitoring the running states and the connection states of the managed and controlled machines and identifying and feeding back different states through preset state codes;
the data visual unit is used for acquiring access terminal data managed and controlled by the management and control machine, acquiring the associated access terminal data of the managed and control machine according to the management and control machine, and performing visual display in a list form;
the synchronous monitoring unit is used for updating and monitoring the admission control template of the management and control machine, and after the admission control template is updated and adjusted, the management and control machine is synchronously updated and adjusted.
Optionally, the system further comprises a dual hot standby module;
the dual-machine hot standby module is used for configuring a master machine and a slave machine by each management and control machine and carrying out data synchronization and dynamic switching on the master machine and the slave machine through a preset shared data storage network.
In a second aspect, the present application provides a centralized admission control method based on dual hot standby, including the following steps:
dividing the admission control engines, selecting an admission control engine as a management and control machine through a preset method, and marking the rest admission control engines as managed and control machines;
performing associated configuration on the management control machine and the managed control machine, and generating associated configuration information;
configuring an access terminal of the management and control machine and generating an access control template;
and synchronously configuring the controlled machine according to the associated configuration information and the admission control template.
Optionally, the performing association configuration on the management control machine and the managed control machine, and generating association configuration information, includes:
configuring a management and control machine and acquiring configuration information of the management and control machine;
adding a managed and controlled machine to the management and control machine to generate a list of managed and controlled machines;
and configuring the managed computers in sequence according to the list of the managed computers and the configuration information of the managed computers, and generating associated configuration information according to the configuration result.
Optionally, after the synchronized configuration is performed on the managed and controlled machine, the method further includes:
monitoring the running state and the connection state of the management control machine and the managed control machine, and marking and feeding back different states through preset state codes;
and updating and monitoring the admission control template of the management and control machine, and after the admission control template is updated and adjusted, synchronously updating and adjusting the managed and control machine.
In a third aspect, the present application provides a computer readable storage medium storing a computer program capable of being loaded by a processor and executing an admission centralized control method based on dual hot standby as described above.
In summary, the admission control engines are divided into a management controller and a plurality of managed computers, and are configured in a one-to-many mode, and the management controller can be used as a monitoring anchor point for carrying out centralized monitoring and management on all the admission control engines, so that the management efficiency of the whole admission control system is improved, the working states of all the admission control engines are checked at a macroscopic angle, and the cooperative management is more convenient; in addition, double-machine hot standby is carried out on all the control machines and the controlled machines, on the basis of centralized control, the network access terminal can still be effectively controlled normally under the condition that the control machines or the controlled machines are in fault through data synchronization of the master machine and the slave machine, and the robustness of the whole admission control system is further improved.
Drawings
Fig. 1 is a schematic diagram of an admission centralized control system based on dual hot standby according to an embodiment of the present application;
FIG. 2 is a schematic diagram of an association configuration module provided by an embodiment of the present application;
fig. 3 is a schematic diagram of a terminal synchronization module provided in an embodiment of the present application;
FIG. 4 is a schematic diagram of a centralized monitoring module provided by an embodiment of the present application;
fig. 5 is a flowchart of an admission centralized control method based on dual hot standby according to an embodiment of the present application.
Detailed Description
The present application is described in further detail below with reference to fig. 1-5.
The application provides an admission centralized control system based on dual hot standby, and referring to fig. 1, the system comprises an association configuration module 10, a terminal synchronization module 20 and a centralized monitoring module 30.
The association configuration module 10 is configured to divide all admission control engines into a master control machine and a plurality of managed machines, and perform association configuration on the master control machine and the managed machines to generate association configuration information.
The terminal synchronization module 20 is configured to perform admission terminal configuration on the controlled machine, and perform synchronization configuration on the controlled machine according to the associated configuration information.
The centralized monitoring module 30 is configured to monitor and control the working states of all the associated managed computers in real time through the management and control machine according to the terminal synchronization configuration result.
Where admission control refers to protecting the boundaries of the network and legitimacy checks of the terminals and users of the terminals accessing the network, the admission control engine may be understood as a set of system programs or system components designed for the purpose of admission control.
Because of the diversity of access modes (wired, wireless, virtual private network, dial-up, etc.), the diversity of terminal devices (desktop, notebook, PAD, smart phone, etc.), it is difficult to accurately define the network boundary, and network management faces a number of problems, such as random access of external terminals to the network; the security of the access terminal itself cannot be confirmed or guaranteed; legal terminals do not comply with the IT internal control, so preventing external risk from entering the interior becomes one of the problems that network management has to pay attention to, in this context a terminal admission control system has been created.
Since the admission control engines are usually connected to the network switch, and there may be a plurality of network interaction machines, especially for the enterprise IT network, there may be a plurality of network interaction machines, and accordingly there may also be a plurality of admission control engines, since the working state of each quasi-human control engine or the access terminal to be controlled is related to the connected network interaction machine, each admission control engine needs to be controlled separately, but in this way, the control cost is relatively high, and the collaborative management between the admission control engines is not facilitated, so that the management efficiency of the whole enterprise network is also relatively low.
The present application is therefore directed to enabling centralized management of all admission control engines, enhancing the efficiency of management of the overall network architecture by establishing associations between individual admission control engines.
In this embodiment of the present application, all admission control engines are first divided by the association configuration module 10 into a master control machine and a plurality of managed machines, and the master control machine and the managed machines are configured in an associated manner to generate association configuration information.
Because of the centralized management of all the admission control engines, the centralized management is achieved by taking the form of a plurality of generations, namely, adopting a mode of managing a single admission control engine, and then managing the rest admission control engines by the admission control engine.
Specifically, referring to fig. 2, the association configuration module 10 includes a management division module 11 and a management configuration module 12.
The control dividing module 11 is configured to select one of the admission control engines as a control machine by a preset method, and the remaining admission control engines as controlled machines.
The management and control configuration module 12 is configured to configure a management and control machine, generate configuration information of the management and control machine, and add and configure the managed and control machine according to the configuration information of the management and control machine.
Firstly, a control dividing module 11 is used to select one admission control engine as a control machine through a preset method, the rest admission control engines are controlled machines, namely all the admission control engines are divided, one admission control engine is selected as the control machine, the rest admission control engines are selected as the controlled machines, no specific rule exists about how to select the admission control engines, any admission control engine is selected as the control machine, and certainly, the distribution of each admission control engine, the type and the control range of the controlled terminal can be referred to, so that one admission control engine with relatively higher coverage can be selected as the control machine.
After the admission control engine is divided, that is, after the management machine and the managed machine are determined, the management machine and the managed machine need to be configured in a correlated manner, that is, the management machine is configured through the management configuration module 12, the management machine configuration information is generated, and the managed machine is added and configured according to the management machine configuration information.
The association configuration is to implement management of the controlled machine by means of the controlled machine, so that association configuration is required to establish a connection between the controlled machine and the controlled machine.
Specifically, the management configuration module 12 includes an address association unit 121 and a key sharing unit 122.
The address association unit 121 is configured to add a virtual IP address and a port number to the hypervisor, generate address configuration information, and perform association configuration on the added hypervisor according to the address configuration information.
The key sharing unit 122 is configured to set a key for the management and control machine, and perform key configuration on the added managed and controlled machine according to the set key.
The management and control machine configuration information comprises a management and control machine address and a shared secret key, wherein the management and control machine address comprises a local IP address and a port number, the local IP address and the port number can be regarded as address association information together, communication between the management and control machine and a managed and controlled machine can be realized through the address association information, and the managed and controlled machine can be addressed according to the management and control machine or the managed and controlled machine can be addressed according to the managed and controlled machine; the shared secret key can be regarded as data association information, and the sharing secret key can be used for realizing the data sharing between the management and control machine and the managed and controlled machine, for example, the managed and controlled machine B can be positioned according to the management and control machine A through the address association information, but the shared secret key between the management and control machine A and the managed and controlled machine B is needed for checking the management and control data of the managed and controlled machine B in the management and control machine A.
Therefore, in the embodiment of the present application, when performing association configuration between the console and the controlled machine, the address association unit 121 adds the virtual IP address and the port number to the console to generate address configuration information, and performs association configuration on the added controlled machine according to the address configuration information.
Of course, no matter the management and control machine or the controlled machine has its own configuration attribute in the normal use state, only some key attributes, such as virtual IP address, port number, etc. are taken as data bridge, and then a data channel is opened up to realize the data interaction between the management and control machine and the controlled machine.
Therefore, the address association unit 121 is used to make a data channel between the management and control machine and the managed and controlled machine, and then the sharing key is set to complete the transmission and reception of data, that is, the key sharing unit 122 is used to set the key to the management and control machine, and the key configuration is performed on the added managed and controlled machine according to the set key, so that the data interaction between the management and control machine and the managed and controlled machine can be realized, that is, the management and control machine can view the management and control data of all the added managed and controlled machines.
Since the access control engines are controlled in a centralized manner or separately controlled, and the controlled objects are all accessed terminals, since each access control engine performs configuration of terminal access when working, the configuration is irrelevant to the attribute of the access control engine, and the corresponding access parameters set for the access terminals are needed to be adjusted in the use process, in order to achieve the effect of centralized management, it is of course desirable that the terminal access configuration of all the controlled computers can be realized only by the control computers.
Therefore, in the embodiment of the present application, after the association configuration between the management and control machine and the managed and controlled machine is completed, the access terminal configuration is further performed on the management and control machine through the terminal synchronization module 20, and the managed and controlled machine is synchronously configured according to the association configuration information, that is, the terminal access configuration of the management and control machine is grafted to the managed and controlled machine, so that the management and control machine is only required to be configured.
Specifically, referring to fig. 3, the terminal synchronization module 20 includes a terminal configuration unit 201 and a synchronization configuration unit 202.
The terminal configuration unit 201 is configured to configure terminal admission control of the hypervisor according to a preset admission control scheme, so as to generate an admission control template.
The synchronous configuration unit 202 is used for controlling the admission of the controlled terminal and carrying out synchronous configuration according to the admission control template.
In the embodiment of the application, when the management and control machine and the managed and controlled machine perform terminal access control, the management and control machine first performs terminal access configuration, where the terminal access configuration needs much information to be configured, such as network segments, NAS, virtual firewalls, MAC lists, classifiers, and the like.
After the terminal access configuration is performed on the hypervisor, an access configuration template is generated according to the terminal access configuration parameters of the hypervisor, that is, the terminal access control of the hypervisor is configured according to a preset access control scheme through the terminal configuration unit 201 to generate an access control template.
And then configuring the controlled machine according to the generated admission control module, which is equivalent to synchronizing with the terminal admission control strategy of the controlled machine, namely synchronizing the admission control of the controlled machine terminal through the synchronization configuration unit 202 and configuring according to the admission control template, thus, each controlled machine does not need to be configured independently, and only the terminal admission configuration information of the controlled machine needs to be kept synchronous.
After the association configuration between the management and control machine and the terminal admission synchronization configuration are completed, theoretically, the management and control machine can check the terminal management and control data of all the associated managed and control machines, whether the association configuration is successful, whether the connection relationship is successfully established, whether the terminal admission configuration is synchronous, and the like, all of which need to be explicitly fed back or marked, so that the whole centralized management and control system can be ensured to be in a normal running state, and in the use process, if a problem occurs, the feedback can be timely obtained and adjusted.
Therefore, in the embodiment of the present application, the centralized control system further includes a centralized monitoring module 30, so as to monitor and control the working states of all the associated managed computers in real time through the management and control machine according to the terminal synchronous configuration result.
Specifically, referring to fig. 4, the centralized monitoring module 30 includes an association inquiry unit 31, a data visualization unit 32, and a synchronization monitoring unit 33.
The association query unit 301 is configured to query all associated managed machines under the managed machines, monitor the running states and the connection states of the managed machines, and identify and feed back different states through preset state codes.
The data visualization unit 302 is configured to obtain access terminal data managed by the management and control machine, obtain access terminal data of an associated managed and control machine according to the management and control machine, and perform visualization display in a list form.
The synchronization monitoring unit 303 is configured to update and monitor an admission control template of the controlled machine, and perform synchronization update and adjustment on the controlled machine after the update and adjustment of the admission control template occurs.
After the management and control machine and the managed and control machine complete the association configuration, the association inquiry unit 301 can inquire all the associated managed and control machines under the management and control machine, monitor the running states and connection states of the management and control machine and the managed and control machine, and identify and feed back different states through preset state codes.
For example, unknown, state code 0, which indicates an Unknown state, the small period of time just set will be the state, and no connection relationship is established between the management and control machine and the managed and controlled machine; fine, state code 1, indicates that the operation is normal; failed, status code-1, indicating connection failure, network failure; native Failed, state code-2, representing the underlying exception of the managed machine; system Busy, status code-3, which indicates that the managed computer System is Busy, and resources are tense; state code-4, indicating that there are parameters not transferred, or that there are errors in the transferred parameters; invalid Ticket, state code-5, represents a verification error, possibly a shared key mismatch, or a too large difference in system time (over 5 minutes) between the hypervisor and the hypervisor; invalid Configs, status code-6, represent configuration errors, both are control machines or are controlled machines; other Error, status code-100, other errors.
By monitoring the status code fed back in the process, the control machine and the controlled machine can be known whether to be in a normal running state or not, and can be adjusted in time according to the problem corresponding to the status code.
After confirming that the configuration of the management and control machine and the association of the management and control machine is correct, access terminal data managed and controlled by the management and control machine can be obtained through the data visual unit 302, and the access terminal data of the associated management and control machine can be obtained according to the management and control machine, and is visually displayed in a list form, that is, after the construction of a data channel between the management and control machine and the managed and control machine is completed, all added access terminal data of the managed and control machine can be checked through the management and control machine, and of course, the access terminal data of the management and control machine can be checked.
In addition, since the controlled machine needs to keep synchronous with the terminal access configuration of the controlled machine, and the terminal access configuration may be adjusted during the use process, synchronous monitoring is needed for the terminal access configuration, if the terminal access configuration can be changed or adjusted, the controlled machine needs to be updated and adjusted synchronously in time, that is, the access control template of the controlled machine is updated and monitored through the synchronous monitoring unit 303, and after the access control template is updated and adjusted, the controlled machine is updated and adjusted synchronously.
In addition, because of centralized management of all admission control engines, although the management efficiency can be improved and the management cost can be reduced, because of the relevance, if a certain admission control engine fails, the influence caused can be larger, especially if a management machine fails, the whole centralized control system is paralyzed, so that in order to increase the security, a dual-machine hot standby mode is adopted, namely, a backup machine is added to the management machine and the managed machine as a slave machine, and when the host machine fails, the normal work can be maintained through the slave machine.
Thus, in the subject embodiment, the centralized control system also includes a dual hot standby module 40.
Specifically, the dual hot standby module 40 is configured to perform master-slave configuration with each of the controlling machine and the controlled machine, perform data synchronization through a preset shared data storage network, and perform dynamic switching on the master-slave machine.
The master-slave machine is added as a dual-machine hot standby, firstly, the data of the master-slave machine is ensured to be synchronous, for example, the master machine of the controlled machine B fails and is switched to the slave machine for use, and when the slave machine and the master machine keep data synchronization all the time, the terminal access data of the controlled machine B cannot be influenced by the control machine after the switching is completed.
In addition, the added slave machine does not influence the related configuration after the management and control machine and the managed and controlled machine, so the master-slave machine configuration not only enables the slave machine to keep the same configuration with the host machine, but also takes the virtual IP address of the host machine as a key address, namely when the management and control machine adds the managed and controlled machine, if the managed and controlled machine starts the double-machine hot standby function, the address of the managed and controlled machine is the virtual IP address of the host machine; similarly, if the control machine starts the dual-machine hot standby function, the address of the control machine should be the virtual IP address of the host machine, so that the master machine and the slave machine both use the virtual IP address of the host machine as the associated address index, and the connection relationship between the control machine and the controlled machine is not affected when the master machine and the slave machine are switched.
The dynamic switching is to monitor the sum working state of each admission control engine during the use process and automatically complete the switching work of the master-slave machine when the need arises according to the monitoring feedback result.
The embodiment of the application also provides an admission centralized control method based on the dual hot standby, which is shown in fig. 5 and comprises the following steps:
s100, dividing the admission control engines, selecting one admission control engine to be a management machine through a preset method, and marking the rest admission control engines as managed machines.
S200, carrying out association configuration on the management control machine and the managed control machine, and generating association configuration information.
S300, configuring the access terminal of the management and control machine and generating an access terminal list.
S400, synchronously configuring the controlled machine according to the associated configuration information and the access terminal list.
Firstly, the admission control engines are divided by the management and control dividing module 11, one admission control engine is selected as a management and control machine, the rest admission control engines are used as managed and control machines, and then the management and control machines and the managed and control machines are subjected to associated configuration by the management and control configuration module 12, and associated configuration information is generated.
Specifically, the method for performing association configuration on the management control machine and the managed control machine and generating association configuration information comprises the following steps:
s210, configuring the management and control machine and acquiring configuration information of the management and control machine.
S220, adding a managed and controlled machine to the managed and controlled machine to generate a list of the managed and controlled machines;
s230, configuring the managed computers in sequence according to the list of the managed computers and the configuration information of the managed computers, and generating associated configuration information according to the configuration result.
The configuration information of the management and control machine comprises address information of the management and control machine and a sharing secret key.
When the management and control machines are configured, virtual IP addresses and port numbers of the management and control machines can be determined, thus the management and control machine address information is formed, a secret key is set for the management and control machines as a shared secret key, management and control machine configuration information is formed by the management and control machines and the management and control machine address information, then the management and control machines are used as a management container, and the management and control machines are added into the management and control machine configuration information, because each management and control machine has a corresponding name or number and can be used as unique identification information to participate in the addition, after the addition is completed, a list of the management and control machines can be generated, the list of the management and control machines is traversed, or the management and control machines are selected in batches, the configuration is completed according to the management and control machine configuration information, and the configuration can be performed without adding one management and control machine.
After the configuration is completed, associated configuration information, which characterizes which of the managed computers are associated with the management and control machine, relevant configuration attribute information and the like, can be generated according to the configuration result, namely, the association relation between the management and control machine and the managed computers can be checked according to the associated configuration diagram.
S300, configuring an access terminal of the management and control machine and generating an access control template.
S400, synchronously configuring the controlled machine according to the associated configuration information and the admission control template.
After the association configuration of the management and control machine and the managed and control machine is completed, the access terminal configuration of the management and control machine is performed through the terminal synchronization module 20, namely, the access terminal configuration of the management and control machine is performed firstly, after the configuration is completed, the configured information is used as an access control template, and then all the managed and control machines added by the management and control machine are subjected to the access terminal synchronization configuration according to the access control template.
After the synchronization is finished, the terminal access condition under any controlled machine can be checked according to the controlled machine, and likewise, the terminal access condition of the controlled machine can be checked according to any controlled machine.
In addition, in consideration of whether the connection state and the working state of the management and control machine and the managed and controlled machine are normal or not, after the association configuration and the terminal synchronous configuration between the management and control machine and the managed and controlled machine are completed, the working states of all the associated managed and controlled machines are monitored and controlled in real time through the management and control machine according to the terminal synchronous configuration result by the centralized monitoring module 30.
Specifically, after the controlled machine is synchronously configured, the method further comprises the following steps:
s510, monitoring the running states and the connection states of the management and control machine and the managed and controlled machine, and marking and feeding back different states through preset state codes.
S520, updating and monitoring the admission control template of the management and control machine, and after the admission control template is updated and adjusted, synchronously updating and adjusting the managed and control machine.
The monitoring and controlling method comprises the steps of monitoring and controlling the working states of the controlled machine in real time by the control machine, monitoring the running states and the connection states of the control machine and the controlled machine on one hand, and identifying and feeding back different states through preset state codes, so that whether the data connection relation between the control machine and the controlled machine is in a normal state or not can be determined, and if the data connection relation is in an abnormal state, the data connection relation can be adjusted in a targeted mode.
On the other hand, the controlled machine needs to keep synchronous with the terminal access configuration of the controlled machine, and the terminal access configuration may be adjusted in the use process, that is, the access control template may change, so that synchronous monitoring of the terminal access configuration is needed, that is, updating and monitoring of the access control template of the controlled machine are needed, and after the updating and adjusting of the access control template occurs, synchronous updating and adjusting of the controlled machine are performed.
The embodiment of the application also provides a computer readable storage medium, which stores a computer program capable of being loaded by a processor and executing any admission centralized control method based on dual-computer hot standby.
The embodiments of the present invention are all preferred embodiments of the present application, and are not intended to limit the scope of the present application in this way, therefore: all equivalent changes according to the principles of this application should be covered by the protection scope of this application.

Claims (10)

1. An admission centralized control system based on double-machine hot standby is characterized by comprising an association configuration module, a terminal synchronization module and a centralized monitoring module;
the association configuration module is used for dividing all the admission control engines into a main control machine and a plurality of managed machines, and carrying out association configuration on the main control machine and the managed machines so as to generate association configuration information;
the terminal synchronization module is used for carrying out access terminal configuration on the management and control machine and carrying out synchronous configuration on the managed and control machine according to the associated configuration information;
and the centralized monitoring module is used for monitoring and controlling the working states of all the related controlled machines in real time through the control machines according to the synchronous configuration result of the terminal.
2. The admission centralized control system based on dual hot standby as claimed in claim 1, wherein the association configuration module comprises a management dividing module and a management configuration module;
the control dividing module is used for selecting one admission control engine as a control machine through a preset method, and the rest admission control engines as controlled machines;
the management and control configuration module is used for configuring the management and control machine, generating configuration information of the management and control machine, adding the configuration information of the management and control machine and configuring the managed and control machine.
3. The centralized control system for admittance based on dual-machine hot standby according to claim 2, wherein said configuration information of the control machine comprises control machine address and shared secret key, said association configuration module comprises address association unit and secret key sharing unit;
the address association unit is used for adding a virtual IP address and a port number to the management and control machine to generate address configuration information, and carrying out association configuration on the added managed and control machine according to the address configuration information;
the key sharing unit is used for setting a key for the management and control machine and carrying out key configuration on the added managed and controlled machine according to the set key.
4. The admission centralized control system based on dual hot standby according to claim 1, wherein the terminal synchronization module comprises a terminal configuration unit and a synchronization configuration unit;
the terminal configuration unit is used for configuring the terminal admission control of the management and control machine according to a preset admission control scheme so as to generate an admission control template;
and the synchronous configuration unit is used for controlling the admission of the terminal of the controlled machine and carrying out synchronous configuration according to the admission control template.
5. The admission centralized control system based on dual hot standby according to claim 1, wherein the centralized monitoring module comprises an association inquiry unit, a data visual unit and a synchronous monitoring unit;
the association inquiry unit is used for inquiring all associated managed and controlled machines under the managed and controlled machines, monitoring the running states and the connection states of the managed and controlled machines and identifying and feeding back different states through preset state codes;
the data visual unit is used for acquiring access terminal data managed and controlled by the management and control machine, acquiring the associated access terminal data of the managed and control machine according to the management and control machine, and performing visual display in a list form;
the synchronous monitoring unit is used for updating and monitoring the admission control template of the management and control machine, and after the admission control template is updated and adjusted, the management and control machine is synchronously updated and adjusted.
6. The admission centralized control system based on dual hot standby as claimed in claim 1, wherein the system further comprises a dual hot standby module;
the dual-machine hot standby module is used for configuring a master machine and a slave machine by each management and control machine and carrying out data synchronization and dynamic switching on the master machine and the slave machine through a preset shared data storage network.
7. An admission centralized control method based on double-machine hot standby is characterized by comprising the following steps:
dividing the admission control engines, selecting an admission control engine as a management and control machine through a preset method, and marking the rest admission control engines as managed and control machines;
performing associated configuration on the management control machine and the managed control machine, and generating associated configuration information;
configuring an access terminal of the management and control machine and generating an access control template;
and synchronously configuring the controlled machine according to the associated configuration information and the admission control template.
8. The method for centralized control of admission based on dual hot standby as claimed in claim 7, wherein the performing the association configuration on the management and control machine and the managed and control machine and generating the association configuration information includes:
configuring a management and control machine and acquiring configuration information of the management and control machine;
adding a managed and controlled machine to the management and control machine to generate a list of managed and controlled machines;
and configuring the managed computers in sequence according to the list of the managed computers and the configuration information of the managed computers, and generating associated configuration information according to the configuration result.
9. The method for centralized control of admission based on dual hot standby according to claim 7, further comprising, after synchronously configuring the managed computers:
monitoring the running state and the connection state of the management control machine and the managed control machine, and marking and feeding back different states through preset state codes;
and updating and monitoring the admission control template of the management and control machine, and after the admission control template is updated and adjusted, synchronously updating and adjusting the managed and control machine.
10. A computer readable storage medium storing a computer program loadable by a processor and performing a dual hot standby based admission centralized control method as claimed in any of claims 7 to 9.
CN202311536362.8A 2023-11-17 2023-11-17 Access centralized control system and method based on double-machine hot standby Pending CN117336168A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311536362.8A CN117336168A (en) 2023-11-17 2023-11-17 Access centralized control system and method based on double-machine hot standby

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311536362.8A CN117336168A (en) 2023-11-17 2023-11-17 Access centralized control system and method based on double-machine hot standby

Publications (1)

Publication Number Publication Date
CN117336168A true CN117336168A (en) 2024-01-02

Family

ID=89277544

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311536362.8A Pending CN117336168A (en) 2023-11-17 2023-11-17 Access centralized control system and method based on double-machine hot standby

Country Status (1)

Country Link
CN (1) CN117336168A (en)

Similar Documents

Publication Publication Date Title
CN108536519B (en) Method for automatically building Kubernetes main node and terminal equipment
US9161239B2 (en) Network access point management
US20070244999A1 (en) Method, apparatus, and computer product for updating software
CN110348202A (en) A kind of mutual role help system and method based on block chain intelligence contract
CN113220398A (en) Intelligent multi-framework fusion type safety desktop cloud system
WO2021217849A1 (en) Blockchain node synchronization method, apparatus and device, and storage medium
CN111131146B (en) Multi-supercomputing center software system deployment and incremental updating method in wide area environment
CN110163003B (en) Password management method and device
CN109284140A (en) Configuration method and relevant device
CN112651001A (en) Access request authentication method, device, equipment and readable storage medium
CN114390100A (en) Working method of OPC UA server based on numerical control system
US20110179171A1 (en) Unidirectional Resource And Type Dependencies In Oracle Clusterware
CN117336168A (en) Access centralized control system and method based on double-machine hot standby
CN111405004B (en) Switch management method and device, equipment and storage medium
CN109388668B (en) Method for exchanging data between engineering tools of engineering system and engineering system
CN115208671B (en) Firewall configuration method, device, electronic equipment and storage medium
EP3719599B1 (en) Network-distributed process control system and method for managing redundancy thereof
CN115617744A (en) Mirror image warehouse access method, system and equipment
CN111367840B (en) Method and device for realizing plug and play
CN105373477B (en) Capacity testing method
CN112099879B (en) Configuration information management method and device, computer equipment and storage medium
CN113407403B (en) Cloud host management method and device, computer equipment and storage medium
EP3998542A1 (en) Control system and control method
CN111431982A (en) System operation and maintenance method, device, storage medium and device based on gRPC
US9819539B2 (en) Joining a computer to a process control system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination