JP6433012B2 - Data distribution system - Google Patents

Description

  The present invention relates to a data distribution system, and more particularly to a data distribution system that distributes data from a server to a client via a wide area network.

  Conventionally, there has been a video distribution system using an IP network (see, for example, Patent Document 1). In the video distribution system disclosed in Patent Document 1, the compressed data stream stored in the content server is transmitted from the content server to the switch via the IP network and temporarily stored in the buffer of the switch. Based on the distribution request from the information processing apparatus used by the viewer, the switch selects the compressed data stream requested for distribution from the buffer and distributes the compressed data stream to the information processing apparatus.

JP 2011-87070 A

  In the video distribution system configured as described above, the compressed data stream is transmitted from the content server to the switch via the IP network. Incidentally, a device connected to the IP network generally incorporates a firewall that prevents unauthorized intrusion from the outside by permitting or not permitting communication with the outside. When a firewall is built in the above content server, when a large amount of data such as video and audio is sent from the content server to the switch, the large amount of data passes through the firewall, so the firewall requires high processing capability. There was a problem of becoming.

  The present invention has been made in view of the above problems, and an object of the present invention is to provide a data distribution system capable of distributing a large amount of data while improving security.

  The data distribution system of the 1st form which concerns on this invention is provided with the 1st server connected to a wide area network, and the 2nd server which transmits distribution data to the said 1st server. The second server includes a control unit that receives control data from the first server via a first transmission line, and the distribution data via the second transmission line having a communication protocol different from that of the first transmission line. A transmission unit that transmits to the first server. When the control unit receives a delivery request for the delivery data transmitted from the client to the first server via the wide area network, the control unit receives the delivery data from the first server via the first transmission path. The transmission unit is configured to instruct transmission. The transmission unit is configured to transmit the distribution data to the first server via the second transmission path when instructed to transmit the distribution data. The first server is configured to distribute the distribution data transmitted from the transmission unit to the client via the wide area network.

  A data distribution system according to a second aspect of the present invention includes a storage device that accumulates the distribution data transmitted from the transmission unit, and the first server stores the distribution data retrieved from the storage device in the client And the transmission unit and the first server are configured to communicate with the storage device according to a communication protocol compliant with a storage area network standard. And

  In the data distribution system according to the third aspect of the present invention, when the transmission unit receives the instruction from the control unit and transmits the distribution data to the storage device, the transmission process of the distribution data is normally performed. A notification signal for notifying the communication device is output to the control unit, and when the control unit receives the notification signal, the control unit transmits the notification signal to the first server via the first transmission path, and One server is configured to take out the distribution data from the storage device when the notification signal is received via the first transmission path.

  In a data distribution system according to a fourth aspect of the present invention, the transmission unit is configured to directly transmit the distribution data to the first server according to a communication protocol compliant with a storage area network standard. It is characterized by.

  In the data distribution system according to the fifth aspect of the present invention, the communication protocol compliant with the storage area network standard is a fiber channel protocol.

  According to the first aspect of the present invention, the second transmission path for transmitting large-volume distribution data and the first transmission path for transmitting a request signal with a smaller data amount than the distribution data are physically separated. It has been. By not using an IP protocol such as TCP / IP for transmission of large-volume distribution data via the second transmission path, the possibility of cracking such as unauthorized intrusion from the outside is reduced, and a firewall function is provided. Since there is no need, a large amount of distribution data can be transmitted at high speed. Further, since the request signal has a smaller data amount than the distribution data and is transmitted through the first transmission path, even when the firewall function is provided in the first transmission path, the load on the firewall function can be reduced. Therefore, there is an effect that it is possible to transmit a large amount of distribution data while improving the security performance.

  According to the second aspect of the present invention, the distribution data stored in the storage device can be distributed to a plurality of clients. In addition, since communication on the second transmission path is performed according to a communication protocol compliant with the storage area network standard, large-capacity data can be transmitted at high speed.

  According to the third aspect of the present invention, when the first server receives the notification signal via the first transmission path, the first server extracts the distribution data from the storage device. By the way, it is preferable to write and read data to and from the storage device in units of blocks. When data is written, it is directly written to the disk without going through the write cache, and when data is read, it is not passed through the read cache. Since data is directly read from the disk, the time required for data transfer can be reduced. Here, when data is written to and read from the storage device in units of blocks, if data is always read, the burden on the first server increases. However, the data distribution system according to claim 3 When the first server receives the notification signal from the second server, the distribution data is read from the storage device, so the burden on the first server can be reduced.

  According to the fourth aspect of the present invention, the transmission of the distribution data via the second transmission path is performed according to a communication protocol compliant with the storage area network standard, so that a large amount of data is transmitted at high speed. be able to. Further, since the second server directly transmits the distribution data to the first server, the system configuration can be simplified as compared with the case where a storage device that temporarily stores the distribution data is provided.

  According to the fifth aspect of the present invention, data communication can be performed at high speed using a fiber channel.

It is a system configuration figure of an embodiment. It is a system configuration figure explaining distribution processing by an embodiment. It is a system configuration figure explaining distribution processing by an embodiment. It is a system configuration figure explaining distribution processing by an embodiment. It is a schematic system block diagram which shows the modification of embodiment. It is a system configuration figure explaining communication processing by an embodiment. It is a system configuration figure showing a modification of an embodiment. It is a system configuration figure explaining preservation processing by an embodiment. It is a system configuration figure explaining preservation processing by an embodiment. It is a system configuration figure explaining preservation processing by an embodiment. It is a system configuration figure explaining preservation processing by an embodiment.

  Hereinafter, a data distribution system according to the present embodiment will be described with reference to the drawings.

  For example, the data distribution system of the present embodiment distributes video data of a video camera installed in a monitored area (for example, an office, an office building, or a commercial facility) via a wide area network such as the Internet. It is a distribution system. However, the configuration described below is merely an example of the present invention. The present invention is not limited to the following embodiments, and various modifications can be made according to the design and the like as long as they do not depart from the technical idea of the present invention. The data distributed by the data distribution system is not limited to the video data of the video camera that captured the monitored area, but may be video data of video works, music data, data such as game software, etc. It may be business related data.

  As shown in FIG. 1, the data distribution system of this embodiment includes a first server 10, a second server 20, a firewall function unit 30, and a storage device 40.

  The first server 10 is an external server connected to a wide area network 100 such as the Internet, and includes a network connection device 11 and an external control device 12.

  The network connection device 11 is connected to the wide area network 100. The network connection device 11 has a function of performing communication using the TCP / IP with the terminal device 110 via the wide area network 100. The terminal device 110 is, for example, a personal computer, a tablet terminal, a smartphone, or the like, and is used by a user who receives video data distribution from a data distribution system (for example, a manager of a company that uses a monitored area). The terminal device 110 includes a user interface such as a display function for performing various displays and an input function for receiving an operation input. Further, the terminal device 110 has a function of connecting to the wide area network 100 by wired or wireless communication and a function of a Web browser, and reproduces (displays) video data distributed from the first server 10 via the wide area network 100. ) The terminal device 110 is not limited to a device used by a company administrator, and may be used by a general individual as long as the user is permitted to use the data distribution system.

  The network connection device 11 is connected to the second server 20 via the LAN cable 50 and has a function of performing communication with the second server 20 using TCP / IP. Here, a firewall function unit 30 is provided in the LAN cable 50 (first transmission path) that connects the first server 10 and the second server 20.

  The external control device 12 is composed of, for example, a mother board on which a CPU (Central Processing Unit) and its peripheral components are mounted. The external control device 12 includes a control function unit 121, a network interface card (hereinafter abbreviated as NIC) 122, and a host bus adapter (hereinafter abbreviated as HBA) 123. ing.

  The control function part 121 implement | achieves the various functions which the 1st server 10 provides, when CPU runs the program stored in memory (not shown). This program may be stored in advance in a memory, may be downloaded through a communication line such as the Internet, or may be provided from a storage medium (not shown) storing this program.

  In addition, the control function unit 121 has a task storage area 125 for storing a task command such as a request signal transmitted from the terminal device 110 in a memory (not shown). The second server 20 periodically accesses the first server 10 to monitor the presence / absence of a request signal. When accessed from the second server 20, the control function unit 121 is stored in the task storage area 125. The task command is transmitted from the network connection device 11 to the second server 20.

  The NIC 122 is an interface card for exchanging data between the control function unit 121 and the network connection device 11.

  The HBA 123 is an interface card for exchanging data between the control function unit 121 and the storage apparatus 40. The HBA 123 has a function of mutually converting an electrical signal and an optical signal, and is connected to the storage apparatus 40 via an optical fiber cable 60 and a fiber channel switch (hereinafter referred to as FC switch) 61. The optical fiber cable 60 and the FC switch 61 constitute a storage area network (SAN). The HBA 123 performs data communication by a communication method compliant with a storage area network communication standard. The HBA 123 of the present embodiment employs, for example, a fiber channel (Fibre Channel) standardized by the International Committee for Information Technology Standards (INCITS) as a communication method. Fiber Channel uses optical fibers and coaxial cables for connection between devices, and the maximum transfer speed is currently 1 Gbps, 2 Gbps, 4 Gbps, etc., but further increases in speed are expected in the future. In the present embodiment, only one first server 10 is connected to the FC switch 61. However, a plurality of first servers 10 are connected to the FC switch 61, and the plurality of first servers 10 are connected to the storage device 40. The video data captured from may be distributed to the client.

  The second server 20 includes a network connection device 21, an internal control device 22, and a transmission device 23.

  The network connection device 21 is connected to a local area network 200 different from the wide area network 100 and has a function of performing communication using the TCP / IP with the network camera 210 via the local area network 200. The network camera 210 is a video camera having a communication function of TCP / IP communication. The network camera 210 controls the shooting state according to a control command received via the local area network 200, and converts the shot video data into a data format such as a still image such as JPEG or a moving image such as MPEG4. The data is converted and transmitted to the second server 20 via the local area network 200. In the present embodiment, a plurality of network cameras 210 are connected to the local area network 200, and the plurality of network cameras 210 are divided into a plurality of (for example, two) groups G1 and G2 depending on the installation location, for example.

  The network connection device 21 is connected to the first server 10 via the LAN cable 50 and performs communication using the TCP / IP with the first server 10. As described above, the firewall function unit 30 is provided in the middle of the LAN cable 50 connecting the first server 10 and the second server 20 in order to prevent unauthorized entry from the wide area network 100.

  The internal control device 22 is composed of, for example, a mother board on which a CPU and its peripheral components are mounted. The internal control device 22 includes a control function unit 221 and a network interface card (hereinafter abbreviated as NIC) 222.

  The control function unit 221 implements the function of the control unit when the CPU executes a program stored in a memory (not shown). This program may be stored in advance in a memory, may be downloaded through a communication line such as the Internet, or may be provided from a storage medium (not shown) storing this program.

  The NIC 222 is an interface card for exchanging data between the control function unit 221 and the network connection device 21.

  The transmission device 23 has a function of transmitting the video data transmitted from the network camera 210 to the second server 20 to the storage device 40 and storing it in the storage device 40. The transmission device 23 includes a transmission function unit 231, a network interface card (hereinafter abbreviated as NIC) 232, and a host bus adapter (hereinafter abbreviated as HBA) 233.

  The transmission function unit 231 realizes the function of the transmission unit when the CPU executes a program stored in a memory (not shown). This program may be stored in advance in a memory, may be downloaded through a communication line such as the Internet, or may be provided from a storage medium (not shown) storing this program.

  The NIC 232 is an interface card for exchanging data between the transmission function unit 231 and the network connection device 21.

  The HBA 233 is an interface card for exchanging data between the transmission function unit 231 and the storage device 40. The HBA 233 has a function of mutually converting an electrical signal and an optical signal, and is connected to the storage apparatus 40 via an optical fiber cable 62 and a fiber channel switch (hereinafter referred to as an FC switch) 63. Here, the optical fiber cable 62 and the FC switch 63 constitute a storage area network. The HBA 233 performs data communication using a communication method compliant with a storage area network communication standard. In this embodiment, for example, a fiber channel communication method is used. In the present embodiment, only one second server 20 is connected to the FC switch 63, but a plurality of second servers 20 are connected to the FC switch 63, and the plurality of second servers 20 to the storage device 40 are connected. The video data of the network camera may be transmitted.

  The firewall function unit 30 copes with cracking such as unauthorized intrusion from the wide area network 100 to the second server 20 by permitting or blocking communication between the first server 10 and the second server 20.

  The storage device 40 includes a recording medium 41 and host bus adapters (hereinafter abbreviated as HBAs) 42 and 43.

  The recording medium 41 is composed of, for example, a large-capacity hard disk device, and stores the video data transferred from the second server 20. Note that audio data may be added to the video data. The data format of the video data may be a data format used for general purposes such as a still image data format such as JPEG and a moving image data format such as MPEG4.

  The HBA 42 is an interface card for exchanging data with the external control device 12. The HBA 42 has a function of mutually converting an electrical signal and an optical signal, and is connected to the external control device 12 via the optical fiber cable 60 and the FC switch 61.

  The HBA 43 is an interface card for exchanging data with the transmission device 23. The HBA 43 has a function of converting electrical signals and optical signals to each other, and is connected to the transmission device 23 via the optical fiber cable 62 and the FC switch 63.

  Data is transmitted between the storage device 40 and the external control device 12 via the optical fiber cable 60 and the FC switch 61 which are the second transmission paths. In addition, data is transmitted between the storage device 40 and the transmission device 23 via the optical fiber cable 62 and the FC switch 63 which are the second transmission paths.

  Next, the video data distribution operation by the data distribution system of this embodiment will be described with reference to FIGS. The arrows in FIGS. 2 to 4 schematically show the signal flow.

  When the user performs an operation for requesting distribution of desired video data using the terminal device 110, a request signal D1 requesting distribution of video data is transmitted from the terminal device 110 to the first server 10 via the wide area network 100. (Process S1 in FIG. 2).

  When the network connection device 11 receives the request signal D1 transmitted from the terminal device 110, the network connection device 11 outputs the received request signal D1 to the external control device 12. The request signal D1 output from the network connection device 11 is input to the control function unit 121 via the NIC 122. ID information of the terminal device 110 that has transmitted the request signal D1 is added to the request signal D1, and the control function unit 121 is registered as a video data distribution destination based on this ID information. Authenticate If the authentication is successful, the control function unit 121 stores the request signal D1 transmitted from the terminal device 110 in the task storage area 125. Here, the control function unit 121 may limit video data that can be provided according to the authentication result. For example, when the second server 20 collects video data from the network cameras 210 of the plurality of groups G1 and G2, the video of the network camera 210 belonging to the group that the user of the distribution destination terminal device 110 is permitted to view. Only data may be distributed to the terminal device 110.

  When the encryption key D2 for encryption is transmitted together with the request signal D1 from the terminal device 110 to the first server 10, the control function unit 121 stores the encryption key D2 together with the request signal D1 in the task storage area 125. To do. When the encryption key D2 is not transmitted from the terminal device 110, the control function unit 121 may generate the encryption key and store it in the task storage area 125. Note that when the video data transmitted from the first server 10 to the terminal device 110 is not encrypted, the encryption key D2 is unnecessary.

  The internal control device 22 of the second server 20 controls the network connection device 21 to periodically access the first server 10 and monitor whether task instructions are stored in the task storage area 125 (see FIG. 2 processing S2). When accessed from the network connection device 21 of the second server 20, the network connection device 11 of the first server 10 outputs a monitoring request from the second server 20 to the control function unit 121. When receiving a monitoring request from the second server 20, the control function unit 121 checks whether or not a task command is stored in the task storage area 125. If the request signal D1 is stored as a task command in the task storage area 125, the control function unit 121 extracts the request signal D1 from the task storage area 125 and transmits the request signal D1 from the network connection device 11 to the second server 20. Let When the encryption signal D2 is stored together with the request signal D1 in the task storage area 125, the encryption key D2 is also transmitted to the second server 20 together with the request signal D1.

  When the request signal D1 and the encryption key D2 are transmitted from the first server 10 to the second server 20, the network connection device 21 internally controls the request signal D1 and the encryption key D2 transmitted from the first server 10. Output to the device 22. When the internal control device 22 receives the request signal D1 and the encryption key D2 transmitted from the first server 10, the internal control device 22 outputs the request signal D1 and the encryption key D2 to the transmission device 23 (process S3 in FIG. 3). . When the request signal D1 is input from the internal control device 22, the transmission device 23 controls the network connection device 21 to access the network camera 210 to be transmitted. The transmission device 23 causes the network camera 210 to transmit video data for a time designated by the request signal D1 (processing S4 in FIG. 3). When the network connection device 21 receives the video data transmitted from the network camera 210, the network connection device 21 outputs this video data to the transmission device 23. When the transmission function unit 231 of the transmission device 23 acquires the video data D20 captured by the transmission target network camera 210, the transmission function unit 231 transmits the video data D20 from the HBA 233 to the storage device 40 (processing S5 in FIG. 3). When the video data D20 is input from the second server 20, the storage device 40 stores the video data D20 in the recording medium 41. When the encryption key D2 is input from the control function unit 221 to the transmission function unit 231, the transmission function unit 231 encrypts the video data D20 using the encryption key D2 and transmits the encrypted data to the storage device 40. Let When the process of transmitting the video data D20 to the storage device 40 ends normally, the transmission function unit 231 outputs data D3 indicating the transfer result to the control function unit 221 (process S6 in FIG. 3).

  Upon receiving the data D3 indicating the transfer result from the transmission function unit 231, the control function unit 221 transmits the data D3 from the network connection device 21 to the first server 10 via the firewall function unit 30 (processing S7 in FIG. 4). ). In the first server 10, when the network connection device 11 receives the transfer result data D 3 transmitted from the second server 20, the data D 3 is sent from the network connection device 11 to the external control device 12, and the control function unit 121 Data D3 is stored in the task storage area 125.

  When the control function unit 121 determines that the transfer process is normal based on the transfer result data D3 stored in the task storage area 125, the control function unit 121 reads the video data D20 to be transmitted from the storage device 40, and stores the storage unit (FIG. (Not shown) (step S8 in FIG. 4). Then, the control function unit 121 transmits the video data D20 read from the storage device 40 from the network connection device 11 to the terminal device 110 (processing S9 in FIG. 4). Here, the control function unit 121 may decrypt the video data D20 using the encryption key D2 stored in the task storage area 125, and cause the terminal device 110 to transmit the decrypted video data D20.

  Further, if the video data D20 cannot be read even after executing the process S8 for reading the video data from the storage device 40, the control function unit 121 re-registers the request signal D1 in the task storage area 125 as an error process, and the video Data D20 may be read again. However, if the video data D20 cannot be captured even after the preset number of retries has been exceeded, the control function unit 121 sends data notifying that the video data D20 has failed to be captured from the network connection device 11. The request is transmitted to the requesting terminal device 110. When the control function unit 121 determines from the transfer result data D3 that the transfer process is abnormal, the control function unit 121 sends data notifying that the transfer process of the video data is abnormal from the network connection apparatus 11 to the requesting terminal. Transmit to device 110.

  As described above, the data distribution system according to this embodiment includes the first server 10 connected to the wide area network 100 and the second server 20 that transmits distribution data to the first server 10. The second server 20 includes an internal control device 22 (control unit) and a transmission device 23 (transmission unit). The internal control device 22 receives control data from the first server 10 via the LAN cable 50 (first transmission path). The transmission device 23 transmits distribution data to the first server 10 via a second transmission path (consisting of optical fiber cables 60 and 62, FC switches 61 and 63, etc.) having a communication protocol different from that of the LAN cable 50. Further, when the internal control device 22 receives a distribution data distribution request transmitted from the terminal device 110, which is a client, to the first server 10 via the wide area network 100, from the first server 10 via the LAN cable 50, The transmission apparatus 23 is instructed to transmit distribution data. The transmission device 23 is configured to transmit distribution data to the first server 10 via the second transmission path when instructed to transmit distribution data. The first server 10 is configured to distribute the distribution data transmitted from the transmission device 23 to the terminal device 110 via the wide area network 100.

  Here, the distribution request from the terminal device 110 is received by the first server 10 connected to the wide area network 100. Therefore, the terminal device 110 does not communicate directly with the second server 20, the internal control device 22 of the second server 20 receives the distribution request from the first server 10 via the first transmission path, and the transmission device 23 The distribution data corresponding to the distribution request (large capacity) is transmitted to the first server 10 via the second transmission path. As described above, the second transmission path for transmitting a large amount of distribution data and the first transmission path for transmitting a request signal having a smaller data amount than the distribution data are physically separated. Therefore, by not using an IP protocol such as TCP / IP for transmission of large-volume distribution data, the possibility of occurrence of cracking such as unauthorized intrusion from the outside is reduced, and it is not necessary to provide a firewall function. , Large-capacity distribution data can be transmitted at high speed. Further, since the request signal has a smaller data amount than the distribution data and is transmitted through the first transmission path, even when the firewall function is provided in the first transmission path, the load on the firewall function can be reduced. Therefore, there is an effect that it is possible to transmit a large amount of distribution data while improving the security performance. When the first server 10 receives the distribution request from the terminal device 110, the first server 10 may transmit the distribution request as it is to the second server 20, or creates a control command for instructing distribution data distribution. A control command may be transmitted to the second server 20.

  In this embodiment, communication using TCP / IP is performed on the first transmission path, and host bus communication such as fiber channel is performed on the second transmission path. In the case of distribution data, high-speed writing with sequential write and high-speed reading with sequential read are possible. By transmitting distribution data with host bus communication, security performance is improved and high-speed data transmission is possible. Is possible. On the other hand, since the request signal has a smaller data amount than the distribution data, there is an advantage that even when the firewall function is provided in the first transmission path, the load of the firewall function can be reduced and the security performance is improved.

  In addition, the data distribution system of the present embodiment may include a storage device 40 that stores distribution data transmitted from the transmission device 23 (transmission unit). The first server 10 is configured to distribute the distribution data retrieved from the storage device 40 to the terminal device 110 (client). In addition, the transmission device 23 and the first server 10 are configured to communicate with the storage device 40 according to a communication protocol compliant with the storage area network standard.

  Thereby, the distribution data stored in the storage device 40 can be distributed to a plurality of clients. In addition, the transmission of the distribution data via the second transmission path is performed according to a communication protocol compliant with the storage area network standard, so that a large amount of data can be transmitted at high speed.

  Also, in the data distribution system of this embodiment, when the transmission device 23 (transmission unit) transmits distribution data to the storage device 40 in response to an instruction from the internal control device 22 (control unit), the transmission processing of distribution data Data D3 (notification signal) for notifying that the operation has been normally performed may be output to the internal control device 22. When the internal control device 22 receives the data D3, it transmits the data D3 to the first server 10 via the first transmission path. The first server 10 is configured to take out the distribution data from the storage device 40 when receiving the data D3 via the first transmission path.

  Incidentally, it is preferable to write and read data to and from the storage device 40 in units of blocks. When data is written, the data is directly written to the disk without going through the write cache, and when the data is read, the data is directly read from the disk without going through the read cache, so that the time required for data transfer can be shortened. In addition, since data is written to and read from the storage device 40 in units of blocks, the burden on the first server 10 increases when data is constantly read. Therefore, the first server 10 only needs to read the distribution data from the storage device 40 when the data D3 notifying the transfer result is input from the internal control device 22, and the burden on the first server 10 can be reduced. When the internal control device 22 receives from the transmission device 23 a notification signal notifying that the distribution data transmission processing has been performed normally, the internal control device 22 may transmit this notification signal to the first server 10 as it is. A signal indicating that the process has been normally performed may be created and transmitted to the first server 10.

  In this embodiment, communication performed between the first server 10 and the second server 20 via the first transmission path includes a request task monitoring process and a transfer result task registration process. The requested task monitoring process periodically polls the first server 10 from the second server 20 to monitor whether a task instruction such as a request signal is stored in the task storage area 125 of the first server 10. It is processing to do. In the transfer result task registration process, when the distribution data is transferred from the second server 20 to the first server 10, the transfer result is transmitted from the second server 20 to the first server 10. 125 is a process of storing the data of the transfer result in 125. Request task monitoring processing and transfer result task registration processing are both internal to external communication, and do not allow external to internal communication, so they are safe against cracking such as unauthorized intrusion from the outside. Improves. In addition, since the request signal transmitted through the first transmission path has a smaller data amount than the distribution data transmitted through the second transmission path, the load on the firewall function is reduced even when the firewall function is added. it can.

  In this embodiment, the external control device 12 and the transmission device 23 are connected to the storage device 40 one by one, but a plurality of external control devices 12 may be connected to the storage device 40, or the storage device 40 A plurality of transmitters 23 may be connected to each other (see FIG. 5). As described above, when the distribution data is transmitted through the second transmission path by transmitting the distribution data from each of the plurality of transmission apparatuses 23 to the corresponding external control apparatus 12 via the second transmission path. Compared to this, it is possible to transmit a large amount of distribution data at a higher speed. FIG. 5 is a schematic system configuration diagram of the data distribution system, and only the main part of the data distribution system is shown for ease of illustration.

  By the way, in the data distribution system of this embodiment, the data of the encryption key D2 is transmitted from the external control device 12 of the first server 10 to the internal control device 22, and the data of the encryption key D2 is transmitted from the internal control device 22. Sent to the device 23. Accordingly, the transmission device 23 encrypts the video data D20 using the encryption key D2, and then transmits the encrypted video data D20 to the storage device 40. Since the encrypted video data D20 is transmitted from the storage device 40 to the external control device 12, even if a third party illegally accesses the external control device 12 and browses the video data D20, the encryption is performed. It is difficult to confirm the contents of the video data D20.

  Here, the decryption processing of the encrypted video data may be performed by the external control device 12 or the terminal device 110.

  When the external control device 12 performs the decryption process of the video data D20, the external control device 12 decrypts the encrypted video data D20 using the encryption key D2, and then transmits the decrypted video data D20 to the network. Transmission is performed from the connection device 11 to the terminal device 110. In this case, the terminal device 110 does not need to have a program for decoding the video data D20.

  When the decoding process of the video data D20 is performed by the terminal device 110, the external control device 12 transmits the encrypted video data D20 from the network connection device 11 to the terminal device 110. In this case, the terminal device 110 needs to have a program for decrypting the video data D20, and performs the decryption process of the encrypted video data D20 using the encryption key D2. When the video data D20 is decrypted on the terminal device 110 side, the video data D20 transmitted from the first server 10 to the terminal device 110 is also encrypted, so even if the video data D20 is snooped during this time, The contents of the video data are less likely to be known to third parties.

  In the above description, the distribution process in which the first server 10 distributes the video data transferred from the second server 20 to the first server 10 to the terminal device 110 has been described. It is also possible to transfer the data sent to the second server 20. A communication procedure in this case will be described with reference to FIG.

  In this case, the terminal device 110 transmits data D21 to be transmitted to the second server 20 to the first server 10 (processing S10 in FIG. 6). When the external control device 12 of the first server 10 receives the data D21 from the network connection device 11, the external control device 12 stores transmission information D4 for notifying reception of transmission data in the task storage area 125. Further, the external control device 12 outputs the data D21 to the storage device 40 and stores the data D21 in the recording medium 41 (processing S11 in FIG. 6). The internal control device 22 periodically polls the external control device 12 and, if the transmission information D4 is stored in the task storage area 125, receives the transmission information D4 from the task storage area 125 (processing S12 in FIG. 6). ). When the internal control device 22 receives the transmission information D4 from the external control device 12, the internal control device 22 outputs the transmission information D4 to the transmission device 23 (step S13 in FIG. 6). Upon receiving the transmission information D4, the transmission device 23 takes in the data D21 from the storage device 40 (processing S14 in FIG. 6), and the data D21 transmitted from the terminal device 110 is input to the second server 20.

  By the way, in the data distribution system of this embodiment, as shown in FIG. 7, a storage device 70 for storing video data stored in the storage device 40 in an external recording medium 80 such as a DVD (Digital Versatile Disk) is further provided. You may prepare. Since the configuration other than the storage device 40 and the storage device 70 is the same as that of the data distribution system described above, common components are denoted by the same reference numerals and description thereof is omitted.

  The storage apparatus 40 further includes a host bus adapter (hereinafter referred to as HBA) 44. The HBA 44 is an interface card for exchanging data with the storage device 70. The HBA 44 has a function of mutually converting an electric signal and an optical signal, and is connected to the storage device 70 via the optical fiber cable 64.

  The storage device 70 includes a data storage function unit 71, a host bus adapter (hereinafter referred to as HBA) 72, and a network interface card (hereinafter referred to as NIC) 73.

  The data storage function unit 71 performs a process of writing data to an external recording medium 80 such as a DVD. The external recording medium 80 is not limited to a DVD, and may be an LTO (Linear Tape Open), a CD (Compact Disc), or a memory card as long as it has a storage capacity capable of recording video data for a desired time. But you can.

  The HBA 72 is an interface card for exchanging data with the storage apparatus 40. The HBA 72 has a function of mutually converting an electric signal and an optical signal, and is connected to the storage apparatus 40 via the optical fiber cable 64.

  The NIC 73 is connected to the network connection device 21 of the second server 20 via the LAN cable 201. The NIC 73 is an interface card for exchanging data between the storage device 70 and the network connection device 21.

  Next, processing for storing video data stored in the storage device 40 in the external recording medium 80 in this data distribution system will be described with reference to FIGS. The arrows in FIGS. 8 to 11 schematically show the flow of signals.

  When the user performs an operation for requesting storage of desired video data using the terminal device 110, a storage request signal D5 requesting storage of the video data is transmitted from the terminal device 110 to the first server 10 via the wide area network 100. (Processing S21 in FIG. 8).

  When the network connection device 11 receives the data storage request signal D5 transmitted from the terminal device 110, the network connection device 11 outputs the received storage request signal D5 to the external control device 12. The storage request signal D5 output from the network connection device 11 is input to the control function unit 121 via the NIC 122. ID information of the terminal device 110 that has transmitted the storage request signal D5 is added to the storage request signal D5, and the control function unit 121 is registered as a video data distribution destination based on the ID information. Authenticate whether or not If the authentication is successful, the control function unit 121 stores the save request signal D5 transmitted from the terminal device 110 in the task storage area 125. Here, the control function unit 121 may limit video data that can be provided according to the authentication result. For example, when the second server 20 collects video data from the network cameras 210 of the plurality of groups G1 and G2, the network camera belonging to the group permitted to be browsed by the user of the terminal device 110 that has transmitted the storage request Only the video data 210 may be stored in the external recording medium 80.

  When the encryption key D6 for encryption is transmitted from the terminal device 110 to the first server 10 together with the storage request signal D5, the control function unit 121 also stores the encryption key D6 together with the storage request signal D5 in the task storage area 125. To store. When the encryption key D6 is not transmitted from the terminal device 110, the control function unit 121 may generate the encryption key and store it in the task storage area 125. Note that when the video data stored in the external recording medium 80 is not encrypted, the encryption key D6 is unnecessary.

  The internal control device 22 of the second server 20 controls the network connection device 21 to periodically access the first server 10 and constantly monitor the presence or absence of a request signal (processing S22 in FIG. 8). When accessed from the network connection device 21 of the second server 20, the network connection device 11 of the first server 10 outputs a monitoring request from the second server 20 to the control function unit 121. When receiving a monitoring request from the second server 20, the control function unit 121 checks whether or not a task command is stored in the task storage area 125. If the storage request signal D5 is stored in the task storage area 125, the control function unit 121 extracts the storage request signal D5 from the task storage area 125 and transmits the storage request signal D5 from the network connection device 11 to the second server 20. Let When the encryption key D6 is stored together with the save request signal D5 in the task storage area, the encryption key D6 is also transmitted to the second server 20 together with the save request signal D5.

  When the storage request signal D5 and the encryption key D6 are transmitted from the first server 10 to the second server 20, the network connection device 21 receives the storage request signal D5 and the encryption key D6 transmitted from the first server 10. Output to the internal control device 22. When the internal control device 22 receives the storage request signal D5 and the encryption key D6 transmitted from the first server 10, the internal control device 22 outputs the storage request signal D5 and the encryption key D6 to the transmission device 23 (processing in FIG. 9). S23). When the storage request signal D5 is input from the internal control device 22, the transmission device 23 controls the network connection device 21 to access the target network camera 210. The transmission device 23 causes the network camera 210 to transmit the video data D21 for the time specified by the storage request signal D5 (processing S24 in FIG. 9). When the network connection device 21 receives the video data D21 transmitted from the network camera 210, the network connection device 21 outputs the video data D21 to the transmission device 23. When the transmission function unit 231 of the transmission device 23 acquires the video data D21 captured by the target network camera 210, the transmission function unit 231 transmits the video data D21 from the HBA 233 to the storage device 40 (process S25 in FIG. 9). When the video data D21 is input from the second server 20, the storage device 40 stores the video data D21 in the recording medium 41. Note that when the encryption key D6 is input from the control function unit 221 to the transmission function unit 231, the transmission function unit 231 encrypts the video data D21 using the encryption key D6 and then transmits it to the storage device 40. Let When the process of transmitting the video data D21 to the storage device 40 ends normally, the transmission function unit 231 outputs data D7 indicating the transfer result to the control function unit 221 (process S26 in FIG. 9).

  When the control function unit 221 determines that the transfer result is normal based on the data D7 transmitted from the transmission function unit 231, the control function unit 221 transmits the storage request signal D5 from the network connection device 21 to the storage device 70 (FIG. 10). Process S27). In the storage device 70, when the data storage function unit 71 receives the storage request signal D5 transmitted from the second server 20, the video data D21 to be stored is read from the storage device 40 via the optical fiber cable 64 (processing in FIG. 10). S28). When the reading of the video data D21 is completed, the data storage function unit 71 records the video data D21 on the external recording medium 80 mounted in the disk slot (not shown). When the data storage function unit 71 succeeds in recording the video data D21 on the external recording medium 80, the data storage function unit 71 transmits data D8 indicating the storage result to the internal control device 22 (step S29 in FIG. 10).

  When the internal control device 22 receives the data D8 indicating the storage result, the internal control device 22 transmits the data D8 from the network connection device 11 to the external control device 12. When the external control device 12 receives the data D8 transmitted from the internal control device 22, the data D8 is stored in the task storage area 125 by the control function unit 121 (process S30 in FIG. 11).

  When the storage result data D8 is stored in the task storage area 125, the control function unit 121 causes the network connection device 11 to transmit the storage result data D8 to the terminal device 110 (processing S31 in FIG. 11). When the external control device 12 generates the encryption key D6, the external control device 12 causes the terminal device 110 to transmit the encryption key D6 together with the data D8. When the encryption key D6 is transmitted from the terminal device 110, the external control device 12 transmits only the data D8 to the terminal device 110, and transmission of the encryption key D6 is unnecessary.

  The external recording medium 80 on which the video data is recorded by the storage device 70 is sent to the user of the terminal device 110 who has requested the storage of the data by an appropriate method such as mailing by the administrator of the data distribution system. Sent. Thereby, desired video data can be stored in the external recording medium 80.

  In the above embodiment, the video data transmitted from the second server 20 is stored in the storage device 40, and the first server 10 reads the video data stored in the storage device 40. It may be lost. That is, the transmission function unit 23 (transmission unit) may directly transmit the distribution data to the external control device 22 of the first server 10 in accordance with a communication protocol compliant with the storage area network standard.

  Thus, the transmission of the distribution data via the second transmission path is performed according to a communication protocol compliant with the storage area network standard, so that a large amount of data can be transmitted at high speed. Further, the system configuration can be simplified by eliminating the storage device 40.

  The communication protocol compliant with the storage area network standard is, for example, a fiber channel, and data communication can be performed at high speed using the fiber channel.

10 1st server 20 2nd server 22 Internal control device (control part)
23 Transmitter (Transmitter)
40 Storage device 50 LAN cable (first transmission line)
60, 62 Optical fiber cable (second transmission line)
61, 63 FC switch (second transmission line)
100 Wide area network 110 Terminal device (client)

Claims (5)

A first server connected to the wide area network;
A second server for transmitting distribution data to the first server,
The second server includes a control unit that receives control data from the first server via a first transmission line, and the distribution data via the second transmission line having a communication protocol different from that of the first transmission line. A transmission unit for transmitting to the first server,
When the control unit receives a delivery request for the delivery data transmitted from the client to the first server via the wide area network, the control unit receives the delivery data from the first server via the first transmission path. Configured to instruct the transmitting unit to transmit,
The transmission unit is configured to transmit the distribution data to the first server via the second transmission path when instructed to transmit the distribution data,
The data distribution system, wherein the first server is configured to distribute the distribution data transmitted from the transmission unit to the client via the wide area network. A storage device for storing the distribution data transmitted from the transmission unit;
The first server is configured to distribute the distribution data retrieved from the storage device to the client;
The data according to claim 1, wherein each of the transmission unit and the first server is configured to communicate with the storage apparatus according to a communication protocol compliant with a storage area network standard. Distribution system. When the transmission unit receives the instruction from the control unit and transmits the distribution data to the storage device, the transmission unit outputs a notification signal notifying that the distribution data transmission process has been normally performed to the control unit. And
When the control unit receives the notification signal, the control unit transmits the notification signal to the first server via the first transmission path,
The data distribution system according to claim 2, wherein the first server is configured to take out the distribution data from the storage device when the notification signal is received via the first transmission path. The data distribution system according to claim 1, wherein the transmission unit is configured to directly transmit the distribution data to the first server according to a communication protocol compliant with a storage area network standard. The data distribution system according to any one of claims 2 to 4, wherein the communication protocol compliant with the storage area network standard is a fiber channel protocol.

Images