CN202713367U - Main station applicable to power utilization information acquisition system - Google Patents
Main station applicable to power utilization information acquisition system Download PDFInfo
- Publication number
- CN202713367U CN202713367U CN 201220273819 CN201220273819U CN202713367U CN 202713367 U CN202713367 U CN 202713367U CN 201220273819 CN201220273819 CN 201220273819 CN 201220273819 U CN201220273819 U CN 201220273819U CN 202713367 U CN202713367 U CN 202713367U
- Authority
- CN
- China
- Prior art keywords
- server
- end processor
- database server
- application server
- information acquisition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Disclosed is a main station applicable to a power utilization information acquisition system in the intelligent electrical network field. The main station comprises an acquisition front-end processor, a master database server, an application server, a work station, a safety protection platform, and a firewall, wherein the acquisition front-end processor is connected with the master database server and the application server; the application server is connected with the master database server; the master database server and the application server are connected with the work station; the acquisition front-end processor, the master database server, the application server, and the work station form an internal local area network; the firewall is connected with the acquisition front-end processor; and the safety protection platform is connected with the firewall. With this technical scheme, the security of the main station is enhanced.
Description
Technical field
The utility model relates to a kind of main website for the power information acquisition system in intelligent grid field.
Background technology
The power information acquisition system is the important system in the intelligent grid, it can gather electricity consumption user's electricity consumption data, described electricity consumption user's electricity consumption data are preserved, backed up, and feed back to remote terminal, can monitor again simultaneously electricity consumption user's electricity consumption data monitors, in time find electricity consumption user's multiplexing electric abnormality, provide Data support for remote control terminal operates the electricity consumption user of multiplexing electric abnormality.The core of described power information acquisition system is main website, if main website is subject to external assault, with the normal operation of the described power information acquisition system of serious harm and the safety of whole electrical network.Therefore, can to resist the main website of external assault be necessary in exploitation.
The utility model content
The purpose of this utility model is in order to overcome the deficiencies in the prior art, a kind of main website for the power information acquisition system to be provided, and it can resist hacker's attack, thereby ensures the normal operation of self and whole power information acquisition system.
A kind of technical scheme that realizes above-mentioned purpose is: a kind of main website for the power information acquisition system comprises: gather front end processor, main database server, application server, work station, security protection platform and fire compartment wall; Described collection front end processor connects described main database server and described application server, and described application server connects described main database server, described main database server be connected application server and connect described work station; Described collection front end processor, described main database server, described application server, described work station form internal lan; Described fire compartment wall connects described collection front end processor, and described security protection platform connects described fire compartment wall.
Further, described internal lan also comprises: second databases server, encryption equipment, backup server; Described second databases server connects described collection front end processor, described backup server connects described main database server, described application server and described second databases server, described second databases server also connects described work station, and described encryption equipment connects described collection front end processor.
Further again, described collection front end processor and described encryption equipment are arranged in the DMZ zone of described internal lan.
Further, between described main database server and the described collection front end processor the second fire compartment wall is arranged.
Further, between described second databases server and the described collection front end processor the 3rd fire compartment wall is arranged.
Adopted the technical scheme of a kind of main website for the power information acquisition system of the present utility model, namely described collection front end processor, described main database server, described application server, described work station form the technical scheme with the internal lan of communication channel isolation.Its technique effect is: described main website can resist the attack from external hacker, guarantees the normal operation of described power information acquisition system and the safety of whole electrical network.
Description of drawings
Fig. 1 is the structural representation of a kind of main website for the power information acquisition system of the present utility model.
Embodiment
To see also Fig. 1, in order understanding the technical solution of the utility model better, below by embodiment particularly, and to be described in detail by reference to the accompanying drawings:
See also Fig. 1, a kind of main website for the power information acquisition system of the present invention comprises: gather front end processor 1, main database server 2, application server 3, second databases server 4, encryption equipment 5, backup server 6, work station 7, security protection platform 8 and fire compartment wall 9.Wherein said collection front end processor 1, described database server 2, described application server 3, described second databases server 4, described encryption equipment 5, described backup server 6 and described work station 7 form the internal lan 100 with communication channel 10 isolation, fire compartment wall 9 and the security protection platform 8 and described communication channel 10 isolation of described internal lan 100 by being connected with described collection front end processor 1.
Described internal lan adopts Linux as operating system, and described internal lan adopts the P2P agreement as the host-host protocol of described internal lan.Simultaneously, described main website sets up based on the authenticating user identification of Unified Policy machine-processed with authorization control, distinguishing different user and message reference person, and authorizes them different message references and transaction authority.Formulate strict Password Management system and the record of Operation Log.
On described main database server 2, described second databases server 4, described backup server 6 and the described work station 7 software firewall and anti-virus software have been installed all, and upgrade in time patch and virus base, and the software on described main database server 2, described second databases server 4, described backup server 6 and the described work station 7 installed and use and carry out necessary monitoring, prevent from consciously or unconsciously installing the software that there is potential safety hazard in some.
All hardware equipment on described main database server 2, described second databases server 4, described backup server 6, described collection front end processor 1 and the described work station 7 all needs redundant configuration such as disk array etc., to eliminate the Single Point of Faliure of key node.
In the present embodiment, the effect of described security protection platform 8 is: force to peel off ICP/IP protocol from the power information that described power information acquisition system gathers, make the described power information of adopting by non-TCP/IP connection protocols such as P2P, enter described internal lan 100 through described security protection platform 8 and 9 transmission of described fire compartment wall; To prevent that described internal lan 100 from infecting virus.
Described fire compartment wall 9 is by connecting described collection front end processor 1, and described security protection platform 8 connects described fire compartment wall 9.The effect of described fire compartment wall 9 is to prevent from from disabled user in public outer net and the power information outer net described internal lan 100 being started assault.In the present embodiment, described fire compartment wall 8 is VPN fire compartment walls.
In the present embodiment, be provided with altogether 15 in the described main website and gather front end processor, described collection front end processor 1 is arranged in the DMZ zone 101 of described internal lan 100, can only have access to DMZ zone 101 in the described internal lan 100 from user in public outer net and the power information outer net, described DMZ zone is the abbreviation of De Militarized Zone, is exactly a sub-network towards public outer net and power information outer net between public outer net or power information outer net and described internal lan 100.It solves and uses described fire compartment wall 8 rear public outer nets or power information outer net can't access the problem of described internal lan 100.In addition, also strengthen described main website and resisted ability from assault in public outer net and the power information outer net.
Built-in disk array in preposition 1 machine of described collection its role is to; Reception is from public outer net, power information by collection terminal collection 20, these power informations normally exist with the form of packet, described packet is stored in the described disk array, described collection front end processor 1 is being separated the data package operation to described packet, described power information is converted into the electricity consumption data that described main database server 2 can be identified and read, and simultaneously, described collection front end processor 1 is confirmed described collection terminal 20 data acquisitions.
The another one effect of described collection front end processor 1 is: transmit the acquisition instructions of carrying out power information of being sent by described work station 7 to described collection terminal 20, described work station 7 also can by described collection front end processor 1, transmit the instruction of control and parameter setting to described collection terminal 20.
In order to prevent that the hacker from distorting described electricity consumption data, therefore before described electricity consumption data the transmitting in described internal lan 100, also be to need to encrypt, described encryption is undertaken by encryption equipment 5, described encryption equipment 5 also places the DMZ zone 101 of described internal lan 100, and described encryption equipment 5 is in parallel with described collection front end processor 1.
Described collection front end processor 1 connects described main database server 2 and application server 3, and described application server 3 connects described main database server 2, and described main database server 2 and described application server 3 can carry out two-way communication.Described backup server 6 connects respectively described main database server 2, described application server 3 and second databases server 4, and described second databases server 4 connects preposition 1 machine of described collection and described application server 3.
In the present embodiment; described collection front end processor 1 and described main database server 2 arrange the second fire compartment wall; described collection front end processor 1 and described second databases server 4 arrange the 3rd fire compartment wall, are intended to so further protect described main database server 2 and described second databases server 4.
Described main database server 2, application server 3, second databases server 4, encryption equipment 5, described backup server 6 all arrange disk array, and described disk array all carries out redundant configuration.
State main database server 2 after reading described electricity consumption data from described collection front end processor 1, it is stored in the disk array of described main database server 2, simultaneously described electricity consumption data are passed to described application server 3,3 pairs of described electricity consumption data analysis of described application server, find that described collection terminal 20 power informations are unusual, these information are fed back to described main database server 2, and with the result store analyzed in the disk array of described application server 3.Then feed back to the remote control terminal that is connected with described main database server 2 by described main database server 2, and by described remote control terminal the unusual described remote control terminal of power information is operated.
In order to guarantee the safe operation of described main website, do not allow Missing data, be provided with backup server 6, the effect of described backup server 6 is: described main database server 2 and described application server 3 regularly backup to the electricity consumption data in the disk array of described backup server 6, in order to calling when needing.Generally to back up once every day.
Described second databases server 4 is the data servers of enabling when described main database server 2 breaks down or detect autoinfection virus or suffer assault, and its operation principle is identical with described main database server 2.Described main database server 2 disconnects the network connection with described collection front end processor 1, described application server 3 and described backup server 6, described second databases server 4 starts the network connection of itself and described collection front end processor 1, described application server 3 and described backup server 6, receive the electricity consumption data that described collection front end processor 1 transmits, and it is passed to described application server 3, and these electricity consumption data are kept in real time in the disk array of the disk array of described second databases server 4 and described backup server 6.In case described main database server 2 is resumed work, described second databases server 4 disconnects itself and described collection front end processor 1, described application server 3 and described backup server 6, and described main database server 2 reconnects immediately described collection front end processor 1, described application server 3 and is connected the connection of backup server 4.
Described main database server 2 or second databases server 4 possess the ability of long-distance disaster; For the described electricity consumption data of preserving in main database server 2, second databases server 4 and the described backup server 6, consider to adopt the measure of data encryption; Access to database server 2, second databases server 4 and described backup server 6 will have strict checking and review mechanism, and has recorded Operation Log.
Described work station 7 connects respectively described main database server 2, described application server 3 and described second databases server 4.
The effect of described work station 7 mainly is: preserve the system file of described (SuSE) Linux OS, and work and the operation of described main website managed.The effect of described work station also is: the running status to described main website is switched, and the state of described main website has three kinds, production status, test mode and training state.
Described production status be described main website carry out the operating state of power information when gathering.
Described training state is that described work station carries out the state that parameter arranges to described main website.
State when described test mode is carried out the parameter setting and tested described main website.
In described training state and described test mode, described second databases server 4, described backup server 6 and described encryption equipment 5 are not connected in the internal lan 100 of described main website.As seen, described second databases server 4, described backup server 6 and described encryption equipment 5 are not necessity configuration of described main website.
Under the training state, described collection front end processor 1 is called training and gathers front end processor, and described main database server 2 is called training data storehouse server, and described application server 3 is called the training application server.
Under the test mode, described collection front end processor 1 is called test and gathers front end processor, and described main database server 2 is called the test database server, and described application server 3 is called the Test Application server.
The another one effect of described work station 7 is: some important parameters for described collection terminal 20 are made amendment, and such as pre-payment parameter, period, step price parameter etc., and described collection terminal are controlled, such as load control, pre-payment control etc.Before carrying out aforesaid operations, can adopt software mode to verify, such as the secondary password authentication; Perhaps the two-stage security authentication mechanism of software and hardware combining such as electronics mobile cryptographic key or U shield etc., is guaranteed the fail safe of described work station 7 control operations.Operating process information needs detail record, and long preservation is in the disk array of described work station 7.These operational orders, all be by described work station 7 through described application server 3,, described fire compartment wall 9 preposition 1 through described harvester and described security protection platform 8 through described communication channel 100, and finally pass to described collection terminal 20 again.
Described main website 7 has also disposed password card and has been used for identifying operation person's identity, loads the communication key in the described password card in the communication of described electricity consumption data, prevents that the hacker from invading described work station sending controling instruction.
Those of ordinary skill in the art will be appreciated that, above embodiment illustrates the utility model, and be not to be used as restriction of the present utility model, as long as in connotation scope of the present utility model, all will drop in claims scope of the present utility model variation, the modification of the above embodiment.
Claims (5)
1. a main website that is used for the power information acquisition system comprises: gather front end processor (1), main database server (2), application server (3), work station (7), security protection platform (8) and fire compartment wall (9); Described collection front end processor (1) connects described main database server (2) and described application server (3), described application server (3) connects described main database server (2), described main database server (2) be connected application server (3) and connect described work station (7);
It is characterized in that: described collection front end processor (1), described main database server (2), described application server (3), described work station (7) form internal lan (100); Described fire compartment wall (9) connects described collection front end processor (1), and described security protection platform (8) connects described fire compartment wall (9).
2. a kind of main website for the power information acquisition system according to claim 1, it is characterized in that: described internal lan (100) also comprises: second databases server (4), encryption equipment (5), backup server (6); Described second databases server (4) connects described collection front end processor (1), described backup server (6) connects described main database server (2), described application server (3) and described second databases server (4), described second databases server (4) also connects described work station (7), and described encryption equipment (5) connects described collection front end processor (1).
3. a kind of main website for the power information acquisition system according to claim 2 is characterized in that: described collection front end processor (1) and described encryption equipment (5) are arranged in the DNZ zone (101) of described internal lan (100).
4. a kind of main website for the power information acquisition system according to claim 1 is characterized in that: between described main database server (2) and the described collection front end processor (1) the second fire compartment wall is arranged.
5. it is characterized in that: between described second databases server (4) and the described collection front end processor (1) the 3rd fire compartment wall is arranged according to claim 2 or 4 described a kind of main websites for the power information acquisition system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201220273819 CN202713367U (en) | 2012-06-12 | 2012-06-12 | Main station applicable to power utilization information acquisition system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201220273819 CN202713367U (en) | 2012-06-12 | 2012-06-12 | Main station applicable to power utilization information acquisition system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN202713367U true CN202713367U (en) | 2013-01-30 |
Family
ID=47593622
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 201220273819 Expired - Fee Related CN202713367U (en) | 2012-06-12 | 2012-06-12 | Main station applicable to power utilization information acquisition system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN202713367U (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105681456A (en) * | 2016-03-01 | 2016-06-15 | 江阴长仪集团有限公司 | User power information collection system and Web master station prepayment method thereof |
CN106599733A (en) * | 2016-12-14 | 2017-04-26 | 新开普电子股份有限公司 | Encryption architecture of smart card |
-
2012
- 2012-06-12 CN CN 201220273819 patent/CN202713367U/en not_active Expired - Fee Related
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105681456A (en) * | 2016-03-01 | 2016-06-15 | 江阴长仪集团有限公司 | User power information collection system and Web master station prepayment method thereof |
CN106599733A (en) * | 2016-12-14 | 2017-04-26 | 新开普电子股份有限公司 | Encryption architecture of smart card |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103391216B (en) | A kind of illegal external connection is reported to the police and blocking-up method | |
CN106789015B (en) | Intelligent power distribution network communication safety system | |
CN102752289A (en) | Master station for power utilization information collecting system | |
Ganame et al. | A global security architecture for intrusion detection on computer networks | |
CN102842001B (en) | System and method for detecting computer security information based on U disc authentication | |
CN108270716A (en) | A kind of audit of information security method based on cloud computing | |
CN105516081A (en) | Method and system for issuing safety strategy by server and message queue middleware | |
CN106992984A (en) | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net | |
CN109120599A (en) | A kind of external connection managing and control system | |
CN104580061B (en) | The polymerization and system of fault-tolerant and resisting differential attack are supported in a kind of intelligent grid | |
CN101197715A (en) | Method for centrally capturing mobile data service condition | |
CN103036883B (en) | A kind of safe communication method of security server and system | |
CN102170424A (en) | Mobile medium safety protection system based on three-level security architecture | |
CN109165508A (en) | A kind of external device access safety control system and its control method | |
CN106503524A (en) | A kind of computer network security guard system | |
CN107920089A (en) | A kind of intelligent network lotus interactive terminal protecting information safety authentication encryption method | |
US20150256962A1 (en) | M2m gateway device and applying method thereof | |
CN103618613A (en) | Network access control system | |
CN202713367U (en) | Main station applicable to power utilization information acquisition system | |
CN112383573B (en) | Security intrusion playback equipment based on multiple attack stages | |
CN110049015A (en) | Network security situation sensing system | |
CN203827381U (en) | Novel network safety equipment | |
CN111885179B (en) | External terminal protection device and protection system based on file monitoring service | |
CN111147427A (en) | Management system for computer network security | |
KR100933986B1 (en) | Integrated Signature Management and Distribution System and Method for Network Attack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130130 Termination date: 20190612 |