KR20160050896A - Method for generating of access controllr based of virtualization annd server thereof - Google Patents

Abstract

The present invention relates to a method to control a plurality of access devices and, more specifically, to a method to generate a virtualization based access controller and an integrated management server supporting the same capable of generating a controller capable of controlling a plurality of access devices by applying a virtualization technology. For this, the method to generate a virtualization based controller according to an embodiment of the present invention, in a cloud access control system including an integrated management server to allocate an access controller to each site formed by a plurality of access devices and an access device control server to treat a message generated through an access device in a specific site through the access controller allocated to the site, comprises the steps of: by the integrated management server, generating a virtualization based access controller in consideration of an access device capable of being stored in the site according to the occurrence of an access controller generation request; and by the integrated management server, storing information for the plurality of the access devices forming the site by corresponding the access devices to the generated access controllers.

Description

TECHNICAL FIELD [0001] The present invention relates to a virtualization-based access controller generation method and an integrated management server supporting the same.

The present invention relates to a method of controlling a plurality of connection devices, and more particularly, to a virtualization-based connection controller generation method capable of generating a control device for controlling a plurality of connection devices by applying virtualization technology, And an integrated management server.

The contents described in this section merely provide background information on the present embodiment and do not constitute the prior art.

With the development of information and communication technology, various wireless communication technologies are being developed. Among these, a wireless local access network (WLAN) may be a personal digital assistant (PDA), a laptop computer, a portable multimedia player (PMP), a smart phone Refers to a technology that enables a user to access the Internet wirelessly from a specific service providing site such as a home, a business, or an airport by using a portable terminal such as a smart phone.

One of the core devices necessary for constructing such a wireless LAN system is an access device called an access point. Such a connection device provides a function similar to that of a base station to a portable terminal, such as a base station of a mobile communication network, and plays a role of supporting connection of a communication network. Also, as described above, the connection device can be established for each specific service providing site such as an enterprise, an airport, and the like. Such a connection device has a frequency band that is different from a supporting station of the mobile communication network, In order to provide services, it is necessary to install many sites in the site as well as to install many sites.

Further, in order to provide a smooth wireless LAN service to a terminal located in the site, it is necessary to construct a control device that can control the connection device in cooperation with a plurality of connection devices in the site.

However, up to now, a control device for controlling an access device is physically constructed and connected to each site, and a control device is physically constructed and assigned to each site, and the number of accessable devices in the site There is a problem that it is difficult to organically design the performance of the control device.

Korean Patent Publication No. 2012-0070488, June 29, 2012 (name: access point control method and apparatus)

It is an object of the present invention to provide a virtualization-based access controller generation method capable of generating a control device for controlling a plurality of access devices for each site by applying virtualization technology, The goal is to provide a server.

However, the object of the present invention is not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood from the following description.

According to another aspect of the present invention, there is provided a virtualization-based access controller creation method for a virtualization-based access controller, including: an integrated management server for allocating access controllers to respective sites formed by a plurality of access devices; And a connection device control server for controlling the generated message to be processed through a connection controller pre-assigned to the site, the system comprising: Creating a virtualization-based access controller in consideration of the access device; And storing the information on the plurality of connection devices constituting the site by the integrated management server correspondingly to the generated connection controller.

At this time, the step of generating the access controller may include: checking the available resources of the access point control server by the integrated management server; If it is determined that the access point control server has available resources capable of creating a connection controller, the integrated management server transmits a connection controller creation command to the access point control server; The access point control server allocating a resource for creating a connection controller to generate a connection controller; The access point control server informing the integrated management server that creation of a connection controller is completed; And completing the generation of the connection controller by giving the IP address of the connection controller generated by the integrated management server.

If it is determined that the access point control server does not have available resources capable of creating a connection controller, the integrated management server checks the available resources of another access point control server Or supporting the adjustment of the number of connection devices constituting the site.

The storing step may include the steps of the integrated management server confirming input of an IP address of the connected device; And the integrated management server storing an IP address for the connection device corresponding to the connection controller.

The method may further include, after the step of storing, generating and storing a connection device ID in the form of a serial number for the access device in the stored order.

Transmitting the connection controller deletion command to the access point control server after the connection management controller deletion request is generated by the integrated management server after the storing step; And the access point control server retrieving resources allocated to the access controller to delete the access controller.

The method may further include, after the step of storing, deleting the connection device stored in association with the connection controller by the integrated management server, or adding and storing the connection device.

After the storing step, the integrated management server may receive query information about a connection controller from any one of the connection devices; And transmitting the information on the connection controller stored in the integrated management server corresponding to the connection device to the connection device.

In addition, the present invention can provide a computer readable recording medium on which a program for executing a virtualization-based access controller creation method according to an embodiment of the present invention as described above is recorded.

According to another aspect of the present invention, there is provided an integrated management server for creating a virtualization-based access controller in consideration of an accommodatable access device in a site including a plurality of access devices, A cloud manager for communicating information to the integrated management device; And a controller for requesting creation of a connection controller by the cloud manager and receiving information on the access controller from the cloud manager, storing information on a plurality of access devices constituting the site in response to the access controller, Device. ≪ / RTI >

According to the virtualization-based access controller generation method and the integrated management server supporting the virtualization-based access controller of the present invention, a control device for controlling a plurality of access devices for each site is generated by applying virtualization technology, By organizing control devices and building control devices through virtualization technology instead of building control devices that are physically connected to the site, it is possible to reduce system maintenance and maintenance costs as well as improve system availability. .

In addition, various effects other than the above-described effects can be directly or implicitly disclosed in the detailed description according to the embodiment of the present invention to be described later.

FIG. 1 is a configuration diagram schematically showing a main configuration of a cloud connection device control system according to an embodiment of the present invention.
2 is an exemplary diagram for explaining a message transmission / reception process between a connection device and a connection device control server according to an embodiment of the present invention.
3 is a block diagram showing a main configuration of a connection device according to an embodiment of the present invention.
4 is a block diagram illustrating a main configuration of a connection device control server according to an embodiment of the present invention.
5 is a block diagram illustrating a main configuration of an integrated management server according to an embodiment of the present invention.
FIG. 6 is a flowchart schematically illustrating a message processing method according to an embodiment of the present invention.
7 is a data flow diagram for explaining a message processing method according to an embodiment of the present invention in more detail.
8 is an exemplary diagram illustrating a message structure according to an embodiment of the present invention.
FIG. 9 is a flowchart for explaining a virtualization-based access controller creation method according to an embodiment of the present invention.
FIG. 10 is a data flow chart for explaining the virtualization-based access controller creation method according to an embodiment of the present invention in more detail.
11 is a data flow chart for explaining a message processing method according to an initial access procedure according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, the detailed description of known functions and configurations incorporated herein will be omitted when it may unnecessarily obscure the subject matter of the present invention. This is to omit the unnecessary description so as to convey the key of the present invention more clearly without fading. While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. However, it should be understood that the invention is not limited to the specific embodiments thereof, It is to be understood that the invention is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

Also, terms including ordinal numbers such as first, second, etc. are used to describe various elements, and are used only for the purpose of distinguishing one element from another, Not used. For example, without departing from the scope of the present invention, the second component may be referred to as a first component, and similarly, the first component may also be referred to as a second component.

In addition, when referring to an element as being "connected" or "connected" to another element, it means that it can be connected or connected logically or physically. In other words, it is to be understood that although an element may be directly connected or connected to another element, there may be other elements in between, or indirectly connected or connected.

Also, the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. It is also to be understood that the terms such as " comprising "or" having ", as used herein, are intended to specify the presence of stated features, integers, It should be understood that the foregoing does not preclude the presence or addition of other features, numbers, steps, operations, elements, parts, or combinations thereof.

Now, a virtualization-based access controller creation method and an integrated management server supporting the virtualization-based access controller according to an embodiment of the present invention will be described in detail with reference to the drawings. Here, the same reference numerals are used for similar functions and functions throughout the drawings, and a duplicate description thereof will be omitted.

First, a cloud access control system supporting a virtualization-based access controller creation method according to an embodiment of the present invention will be described.

FIG. 1 is a configuration diagram schematically showing a main configuration of a cloud connection device control system according to an embodiment of the present invention.

The cloud access point control system according to the embodiment of the present invention may operate various types of messages such as call processing / authentication generated through the access device 200 supporting the connection of the communication network 1000 to the terminal 100, The access device control server 300 of the present invention.

Referring to FIG. 1, components of the cloud connection device control system of the present invention will be schematically described. The terminal 100 is connected to any one of the connection devices 200, Refers to a user apparatus that is connected to the communication network 1000 through the connected connection apparatus 200 and is capable of transmitting and receiving various data. Herein, the terminal 100 may search for one or more access devices 200 located within a predetermined radius in an active or passive manner according to the IEEE 802.11 protocol, and perform a procedure for performing a connection with the discovered access device 200 have. When the connection with any one of the access devices 200 is completed, the terminal 100 can be connected to the communication network 1000, that is, a core network (not shown) And various kinds of information can be transmitted and received.

The connection device 200 refers to a device that supports connection of the communication network 1000 of the terminal 100 according to the embodiment of the present invention. For example, an access point may correspond to the connection device 200 of the present invention. However, the present invention is not limited thereto, and any device capable of supporting the connection of the communication network 1000 of the terminal 100 can operate as the connection device 200 of the present invention.

Particularly, the connection device 200 according to the embodiment of the present invention can constitute a site covering at least a certain range. Here, a site may be a point having the same logical characteristics as a company or a school, and may mean a range of a certain size, such as within a radius of 100 m. One site may preferably be composed of a plurality of connection devices 200.

In the prior art, a control device for processing various messages generated in connection with the connection device 200 of the terminal 100 is allocated for each site, and a control device for physically connecting to at least one access device 200 located in the site . For example, if there are 100 sites, there would also be a need for 100 control devices to control the access device 200 in each site. In addition, the number of connection devices 200 constituting the first site and the second site may be different from each other. The construction of the control device considering the characteristics of the site including the number of different connection devices 200 There is a problem in that it is impossible to organically control the apparatus according to the number of the receiving and connecting apparatuses 200. [

However, in the cloud access control system according to the embodiment of the present invention, the control device for processing various messages generated through the access device 200, that is, the access device control server 300, And a virtual connection controller as a device is allocated to process various messages generated through the connection device 200. [

The access point control server 300 supports the process of creating, changing and deleting access controllers for processing various messages generated through the access device 200 in the site for each site by using virtualization technology as described above, And supports the entire process of processing various messages generated through the device 200 by the connection controller. That is, various messages generated according to a procedure such as call processing and authentication for accessing the communication network 1000 of the terminal 100 may be processed through a connection controller implemented in a virtualization technology. In addition, it can perform various functions for billing, such as statistical processing on data packets generated in association with the terminal 100.

At this time, a message transmitted and received between the access device 200 and the access controller in the access device control server 300 generated in advance and allocated to the site constituted by the access device 200 is transmitted to the predetermined protocol .

Here, the predetermined protocol means a protocol defined in advance between the access device 200 and the access point control server 300 according to the embodiment of the present invention, and the message at this time is transmitted to the access point control server 300 And the IP address information of the access controller allocated to the access device 200. The term " tunneling message "

2, a message transmitted / received between the access point 200 and the access point 200 is a general message compliant with the TCP / IP protocol, whereas a message transmitted / received between the access point 200 and the access point 200 Means a tunneling message in which a tunneling header is added to a message transmitted / received between the AT 100 and the access point 200 according to a predefined UDP protocol. The tunneling header at this time includes the port information (for example, 2233) corresponding to the access point control server 300 and the IP address information of the access controller 200 allocated to the access point 200, A virtual tunneling period (referred to as an R6 tunneling period in the present invention) may be formed so that a message generated through the tunneling period can be transmitted to a corresponding access controller of the access point control server 300. [

A message processing method between the access device 200 and the access device control server 300 will be described later. In order to perform the above-described operation, the access controller 200, in response to a site including a plurality of access devices 200, And the information about the access device 200 located in the site is provided to the access controller in advance and registered.

This process can be performed through the interworking of the access control server 300 and the integrated management server 400.

The integrated management server 400 is a component that supports the overall management process for the access point control server 300 according to the embodiment of the present invention. In particular, the integrated management server 400 according to an exemplary embodiment of the present invention generates a connection controller for a site composed of a plurality of access devices 200 in accordance with a virtualization scheme in consideration of available resources of the access point control server 300 . Then, information on the connection device 200 constituting the site covered by the connection controller is stored and registered in response to the generated connection controller. For example, if there are 50 access devices 200 in one site, the integrated management server 400 allocates resources in the access point control server 300 to accommodate 50 access devices 200, You can create a controller. By providing information on the 50 access apparatuses 200 to the access controller and registering them, the access controller can support processing of messages to be transmitted. For example, if there are 100 access devices 200 in one site, the integrated management server 400 allocates resources in the access point control server 300 to accommodate 100 access devices 200 A connection controller is created and the connection device 200 is registered.

Here, the integrated management server 200 can transmit / receive information according to the TCP / IP protocol with the access point control server 300. [ The integrated management server 200 and the access point control server 300 generate a tunneling interval according to the designated protocol and send and receive messages between the access point 200 and the access point control server 300. The integrated management server 200 and the access point control server 300 transmit / And transmits and receives information according to the information. However, at this time, instead of creating and terminating the TCP session whenever necessary, the TCP session is continuously maintained.

As described above, it is possible to organically control devices by considering the number of connection devices 200 constituting the site through the cloud connection device control system according to the embodiment of the present invention, By constructing a control device through virtualization technology rather than building a control device, the system availability can be improved in cost reduction due to system construction and maintenance.

Although the integrated management server 400 and the access point control server 300 are implemented separately from each other in the embodiment of the present invention, May be implemented as a single cloud solution system and may exist as a single module of a single cloud solution system.

Although only one integrated management server 400 and one access point control server 300 are shown in the drawing, a plurality of access point control servers 300 managed by one integrated management server 400 may exist .

The main configuration and operation method of the connection device 200, the connection device control server 300 and the integrated management server 400 will be described later in detail. The connection device 200, The processor mounted on the server 300 and the integrated management server 400 may process program instructions for executing the method according to the present invention. In one implementation, the processor may be a single-threaded processor, and in other embodiments, the processor may be a multithreaded processor. Further, the processor is capable of processing instructions stored on a memory or storage device.

In addition, the communication network 1000 according to the embodiment of the present invention refers to a communication network for transmitting and receiving information between the respective components. In particular, the communication network 1000 according to an embodiment of the present invention includes various types of communication networks, such as an intranet network, The communication network implemented using the wired / wireless communication technology of the type can be mixed. In addition, the communication network 1000 according to the embodiment of the present invention may refer to the same intra-company network based on the site where the connection device 200 is located, or may refer to an external network.

Hereinafter, the main configuration and operation method of the connection device 200 according to the embodiment of the present invention will be described first.

3 is a block diagram showing a main configuration of a connection device according to an embodiment of the present invention.

1 and 3, a connection apparatus 200 according to an embodiment of the present invention includes a communication interface unit 210, a terminal connection management unit 220, an integrated management server interface unit 230, Unit 240, and a message processing unit 250. [0035]

First, the communication interface unit 210 plays a role of supporting transmission and reception of information between the terminal 100, the access point control server 300 and the integrated management server 400. In particular, the communication interface 210 of the present invention can transmit / receive various information related to the connection procedure and data transmission / reception with the terminal 100, and the terminal 100 ) And a variety of information for supporting data transmission and reception.

The terminal connection management unit 220 plays a role of supporting a connection procedure and a data transmission / reception procedure with the terminal 100 located within a certain radius covered by the terminal connection management unit 220. More specifically, the terminal connection managing unit 220 may support a process of transmitting a beacon to one or more terminals 100 located within a predetermined radius according to the IEEE 802.11 protocol. The terminal connection management unit 220 can receive a probe request message from the terminal 100 that sensed the beacon through the communication interface unit 210. In response to the probe request message, And transmitting the message to the corresponding terminal 100 through the communication interface unit 210. Since various known methods can be used for the above process, a detailed description thereof will be omitted.

Thereafter, the terminal connection management unit 220 can support the connection procedure of the terminal 100 in cooperation with the connection device control server interface unit 240, which will be described later, and can transmit and receive data packets to and from the terminal 100, Process. Also, the terminal connection management unit 220 may store and manage information on IP information, MAC information, traffic usage, and the like of the connected terminal.

The integrated management server interworking unit 230 plays a role of supporting interworking with the integrated management server 400. Particularly, the integrated management server interworking unit 230 according to the embodiment of the present invention controls the connection controller of the connected device control server 300, which is linked to itself through the communication interface unit 210, And transmits the query information. The integrated management server interworking unit 230 receives information on the access point control server 300 from the integrated management server 400 through the communication interface unit 210, that is, port information and IP Information is received, it is transmitted to the access point control server interworking unit 240. In addition, in one embodiment of the present invention, when the connection device 200 is turned on for the first time, the information on the connection device control server 300 and the connection controller 300 is transmitted to the integrated management server 400 through the communication interface 210 But may be input by the administrator when the connection device 200 is established at a specific site. In addition, the integrated management server interworking unit 230 can support the process of performing the operation according to the received various control information for the operation such as the frequency change, the SSID setting, and the output adjustment from the integrated management server 400. [

The access device control server interworking unit 240 may perform a role of transmitting and receiving various messages in accordance with the connection procedure of the terminal 100 in cooperation with the access device control server 300. In particular, when the port information for the access point control server 300 and the IP information for the assigned access controller are transmitted through the integrated management server interworking unit 230, To the message processing unit 250 so that various messages according to the connection procedure of the terminal 100 are transmitted to the connection controller 300 through the connection control server 300. More specifically, the connection device control server interworking unit 240 of the present invention generates various messages according to the connection procedure of the terminal 100 through the message processing unit 250, A tunneling header including port information for the access point control server 300 and IP information for the access controller to be transmitted to the access controller of the access control server 300, . At this time, the access point control server interworking unit 240 uses various known tunneling methods such as IP inIP (IP encapsulation within IP encapsulation) tunneling, MEIP (Minimal Encapsulation within IP) tunneling, GRE (Generic Routing Encapsulation) tunneling, The tunneling process can be performed. The access point control server interworking unit 240 supports the process of transmitting the tunneled tunneling message to the communication interface unit 210.

When the response message to the message transmitted from the access point control server 300 through the communication interface unit 210 is received, the access control server interworking unit 240 also transmits the response message in the form of a tunneled packet , It can support the process of processing the message by removing the tunneling header from the response message and confirming the content of the message from which the tunneling header has been removed.

The message processing unit 250 generates various messages according to an embodiment of the present invention and transmits the generated messages to the terminal connection management unit 220 and the access device control server interface unit 240 or to the terminal connection management unit 220 and the access device control server And performing a specific operation according to a message transmitted through the communication unit 240.

The main configuration and operation of the connection device 200 according to the embodiment of the present invention have been described above. 3, the connection device 200 of the present invention includes a communication interface 210, a terminal connection management unit 220, an integrated management server interlock 230, an access control server interlock 240, and a message processor 250 However, the present invention is not limited to this, and the connection device 200 may be composed of various components. For example, it is possible to execute a web browser for parameter control, a Web CM processing unit (not shown) for transmitting a command message through a web browser to a corresponding processing block (not shown), an AP internal An authentication / billing processing unit (not shown) for performing processing according to the RADIUS protocol with the authentication server for authentication and accounting for the access terminal, an F / A log storage / processing unit (not shown) that stores and manages the terminal connection related messages in a log form, a user connection processing unit (not shown) that supports login of the terminal, an SSID, an authentication method, A parameter processing unit (not shown) for notifying the corresponding processing unit or changing the setting when various parameters such as IP address information change, output change, and channel change are changed, A DHCP processor (not shown) performing IP pool management for terminal IP allocation and assignment, a status check processor (not shown) for checking the status of the connection controller, a driver provided by the wireless LAN communication chipset vendor, (Not shown) and the like.

Hereinafter, the main configuration and operation of the access device control server 300 according to the embodiment of the present invention will be described.

4 is a block diagram illustrating a main configuration of a connection device control server according to an embodiment of the present invention.

Referring to FIG. 1 and FIG. 4, the access point control server 300 according to the embodiment of the present invention refers to a server operating through virtualization technology. The access device control server 300 may include at least one or more virtual machines, such as a connection controller 330, a host OS 320, and hardware 310.

Host OS 320 and hardware 310 refer to the host machine. Here, the host machine refers to an actual physical server in which virtual hardware is created, the host OS 320 refers to an OS running on the host machine, and the hardware 310 is an actual physical hardware resource of the host machine A communication module 311, a storage module 312, and the like.

Among them, the host OS 320 may include a hypervisor 321. The hypervisor 321 generates and manages a plurality of connection controllers 330 under the control of the integrated management server 400. The hypervisor 321 has various virtualization methods such as full virtualization and anti- Can be applied. In particular, the hypervisor 321 according to an embodiment of the present invention may be implemented in a Linux kernel-based virtual machine (KVM) and may be replaced with other hypervisors providing equivalent or similar effects / effects. In addition, the hypervisor 321 may include an emulator (not shown) that imitates the hardware of the virtual machine 300. The emulator (not shown) requests the hypervisor 321 to generate the connection controller 330 and resource allocation, which are virtual machines, and performs input / output (I / O) processing with the connection controller 330. The emulator (not shown) may be mapped and operated according to the connection controller 330, and the emulator (not shown) mapped to each connection controller 330 may be implemented as a different emulator.

In particular, the hypervisor 321 according to the embodiment of the present invention can transmit information on available resources to the integrated management server 400 according to a request of the integrated management server 400, And generates the connection controller 330 using the allocated resource information. When information on at least one connection device 200 constituting a site mapped to the connection controller 330, that is, IP information, is received from the integrated management server 400, the generated connection controller 330 corresponds to the generated connection controller 330 And then storing the data. When the hypervisor 321 receives a message from the access device 200 through the communication module 311 of the hardware 310, the hypervisor 321 confirms the access controller 330 through the received message, The controller 330 can support the process of delivering the message to the terminal 330.

At least one connection controller 330 operates in the access point control server 300 applied to the server virtualization environment. Here, the number of connection controllers 330 is not limited, and a plurality of connection controllers 330 may be generated in the available resource environment.

In particular, the connection controller 330 of the present invention can be allocated on a site-by-site basis including a plurality of connection devices 200 as described above. For example, when the number of connected devices in the mapped site is 50, the connection controller 330 is generated by allocating resources that can be interlocked with 50 access devices under the control of the hypervisor 321, The connection device 200 can support the processing of the message transmitted from the access device 200. At this time, when the message according to the predetermined protocol is delivered through the hypervisor 321, the connection controller 330 removes the tunneling header of the message, checks the content of the message, An authentication procedure through interworking, etc., generates a response message according to the generated response message, and tunnels the generated response message to support the process of delivering the response message to the access device 200.

The connection controller 330 may be configured to include a guest OS (not shown) and an application (not shown) for message processing, though it is not shown in the figure. The guest OS (not shown) in each connection controller 330 can be implemented by different kinds of OSs, and the type and number of applications (not shown) held by each connection controller 330 can be controlled by the corresponding connection controller 330 May vary depending on the type and number of connection apparatuses 200 to be processed.

In addition, the access point control server 300 according to the embodiment of the present invention may further comprise a security management unit 340. [ Here, the security manager 340 detects a malicious internal access device and a terminal, and performs a function of detecting and automatically blocking a threat of a hacking attack.

Hereinafter, the main configuration and operation of the integrated management server 400 according to the embodiment of the present invention will be described.

5 is a block diagram illustrating a main configuration of an integrated management server according to an embodiment of the present invention.

1 and 5, the integrated management server 400 according to an exemplary embodiment of the present invention may include an integrated management device 410, a cloud manager 420, and a device manager 430.

More specifically, the integrated management apparatus 410 manages the access device management unit 411 and the access device control server 300 that manage the access device 200 that constitutes the system of the present invention A connection controller management unit 412, and a server management unit 413 for managing the access point control server 300. [ Here, the access point management unit 411 stores and manages information such as IP information and serial number of the access point 200 constituting the site. Information such as IP information and serial number of the connection device 200 can be directly input by the administrator through the input device 432 and can be input to the connection device 200 when the connection device 200 is first turned on 200 and can register them.

The connection controller management unit 412 registers IP information, ID information, MAC information, and the like of the connection controller generated through the cloud manager 420, and stores information about the connection device 200 constituting the site allocated to the connection controller May be stored and managed corresponding to the connection controller. In particular, the connection controller management unit 412 can request the cloud manager 420 to create a connection controller at the request of the manager. At this time, the connection controller managing unit 412 may include information on the type and the number of the connected apparatuses 200 constituting the site allocated to the connection controller, and a connection controller may be created using the resources allocated according to the information .

The server management unit 413 stores and manages information on the access point control server 300. [ That is, there may be a plurality of access device control servers 300 of the present invention, and the server management unit 413 may store information on a plurality of access device control servers 300, a connection controller of the access device control server 300 And the like.

The cloud manager 420 may include a server processing unit 412 and a connection controller processing unit 422. The server processing unit 412 can support a process of processing information of the access point control server 300 to be registered in the server management unit 413 when the access point control server 300 is initially constructed. The connection controller processing unit 422 can support the process of generating the connection controller using the resource environment of one connection device control server 300. [ In particular, the connection controller processor 422 of the present invention requests information on the available resources held by the access device control server 300, and if it is determined that the access controller can be created, 300) to request the connection controller to be created. When the connection completion information for the connection controller is received from the connection device control server 300, the process can be transferred to the connection controller management unit 412 of the integrated management device 410.

In addition, the connection controller processing unit 422 can transmit a delete command for the connection controller generated in response to the user's request to the access device control server 300. Accordingly, the hypervisor of the access device control server 300 can access the corresponding connection The access controller can be deleted by retrieving the resources allocated to the controller.

In addition, the connection controller processing unit 422 may perform a process of increasing or deleting the number of registered connection devices corresponding to the connection controller.

In addition, the device manager 430 may include a communication device 431, an input device 432, an output device 433, and a storage device 434. The integrated management device 410 and the cloud manager 420 ) To access each device.

As described above, the main configuration of the integrated management server 400 according to the embodiment of the present invention has been described. However, the integrated management server 400 may be implemented by more components than the components shown in FIG. For example, the integrated management server 400 may further include an administrator management unit (not shown) for storing and managing information on the administrator, and an SON processing unit (not shown) for processing and managing the functions of the SON (Self Organizing Network) Lt; / RTI >

Each of the devices constituting the cloud connection device control system of the present invention has been described above. The memory mounted on each of these devices stores information in the device. In one implementation, the memory is a computer-readable medium. In one implementation, the memory may be a volatile memory unit, and in other embodiments, the memory may be a non-volatile memory unit. In one implementation, the storage device is a computer-readable medium. In various different implementations, the storage device may include, for example, a hard disk device, an optical disk device, or any other mass storage device.

In addition, the term '~ module' used in the embodiment of the present invention means a software component, and '~ module' performs certain roles. By way of example, '~ module' may include components such as software components, object-oriented software components, class components and task components, and processes, functions, attributes, procedures, Routines, segments of program code, drivers, data, databases, data structures, tables, arrays, and variables. In addition, the functions provided in the components and 'modules' may be combined into a smaller number of components and '~ modules' or further separated into additional components and 'modules'.

Although the present specification and drawings describe exemplary device configurations, the functional operations and subject matter implementations described herein may be embodied in other types of digital electronic circuitry, or alternatively, of the structures disclosed herein and their structural equivalents May be embodied in computer software, firmware, or hardware, including, or in combination with, one or more of the foregoing. Implementations of the subject matter described herein may be embodied in one or more computer program products, i. E. One for computer program instructions encoded on a program storage medium of the type for < RTI ID = 0.0 & And can be implemented as a module as described above. The computer-readable medium can be a machine-readable storage device, a machine-readable storage substrate, a memory device, a composition of matter that affects the machine readable propagation type signal, or a combination of one or more of the foregoing.

Hereinafter, a virtualization-based access controller creation method according to an embodiment of the present invention will be described with reference to a method of processing a message according to an embodiment of the present invention.

FIG. 6 is a flowchart schematically illustrating a message processing method according to an embodiment of the present invention.

1 and 6, the access point control server 300 according to the embodiment of the present invention receives a message according to a predetermined protocol from any one of the plurality of access points 200 constituting the site (S101). At this time, the message is transmitted in the form of a tunneling message in which a tunneling header including the port information (for example, 2233) of the access point control server 300 and the IP address of the access controller of the access controller is added as a message according to the UDP protocol.

The access point control server 300 confirms the tunneling header of the received message and transmits the message to the access controller allocated to the access point 200. [ 4, when a message is transmitted through the communication module 311 of the hardware 310, the hypervisor 320 transmits the message to the access controller 330, which can process the corresponding message through the tunneling header of the message, ).

Thereafter, the access controller of the access point control server 300 deletes the tunneling header, checks the content of the message, and performs a corresponding process, such as a process of generating a response message, (S105).

FIG. 7 shows a more detailed view of the above process.

7 is a data flow diagram for explaining a message processing method according to an embodiment of the present invention in more detail.

Referring to FIG. 7, it is possible to perform a process of searching for one or more access devices 200 located within a certain radius of the terminal 100, and to perform an access procedure for connection with the discovered access device 200 have. When the terminal 100 transmits a message to the access point 200 according to this connection procedure (S1101), the access point 200 according to the embodiment of the present invention transmits the message to the access point 200 And tunneling the message to the controller (S1103). To this end, the access device 200 generates the tunneling header using the information in the state in which the port information of the access device control server 300 and the IP address of the access controller allocated to the access device are acquired in advance, A tunneling header is added to the message to generate a tunneling message, and the generated tunneling message can be transmitted to the access point control server 300 (S1105).

Upon receiving the message, the access point control server 300 confirms the access controller that can process the message through the tunneling header of the received message, and allows the access controller to process the message. That is, the connection controller removes the tunneling header (S1107), confirms the contents of the message, performs an operation according to the contents of the confirmed message, and generates a response message, which is the result information thereof (S1109). After that, the access controller performs tunneling using the tunneling header to transmit a response message to the access device 200, and then transmits the tunneled response message to the access device 200 (S1111 to S1113) . In this manner, the access point 200 and the access point control server 300 form a tunneling interval according to the R6 protocol, and can transmit and receive messages through the corresponding interval.

In addition, the access point 200 removes the tunneling header of the response message (S1115), and transmits a response message to the terminal 100 that transmits / receives the message according to the TCP / IP protocol (S1117).

In addition, a message according to a predetermined protocol according to an embodiment of the present invention is structured by a message header 710 and a control message body 720 as shown in FIG. 8A, The header includes a Reserved, a Version, a Flags, a Message ID, a Length, a Station ID, a Domain ID, a Connection Controller ID, , A connection ID (AP ID), a transaction ID (ID), a connection device RF ID (ID), and a connection device VAP ID (VAP ID). The message body may include at least one of an element ID, a length, and information defined according to each element as shown in FIG. 8B .

The outline of the structure of the message header is as follows.

Message item Explanation Reserved It is for distinguishing control signal or data signal. The length of the field is 4 bytes. Version Information about the currently used version of the R6 protocol. The length of the field is 1 Byte. Flags 802.16 (WiMAX / WiBro) Information on the definition of TLV usage, field length is 1 Byte Message ID This field defines the type of message. The length of the field is 2 bytes.
For example, the message ID of the join request message is 05, and the message ID of the keepalive message is 03 Length The length of the message, including the length of the message header. Station Id Means the MAC address of the transmitting station, and the length of the field is 6 bytes Domain ID This field identifies the site where the access point is installed. The length of the field is 1 Byte. AC ID Information about the ID (ID) of the assigned access controller, the length of the field is 1 Byte AP ID Information on the ID of an access device created by the integrated management server, the length of the field is 2 bytes Transaction ID Information about the transaction ID of the message according to the R6 protocol. The length of the field is 2 bytes. RF ID Information on the RF ID of the access device, the length of the field is 1 Byte VAP ID Information separated by the SSID of the access device, the length of the field is 1 Byte

In order to perform the above process, first, a connection controller for processing a message transmission / reception with the connection device 200 is created, and information on the connection device to be linked to the generated connection controller is registered.

This will be described with reference to FIG.

FIG. 9 is a flowchart for explaining a virtualization-based access controller creation method according to an embodiment of the present invention.

Referring to FIGS. 1 and 9, when a site composed of a plurality of connection devices is constructed, a connection controller creation request may be generated by an administrator managing the integrated management server 400 (S201). If the integrated management server 400 determines that such a connection controller creation request has been generated, it checks the available resources to the access point control server 300 (S203). Thereafter, when the available resources of the access point control server 300 are resources capable of generating access controllers, the integrated management server 400 allocates resources to support the access controller creation process (S205).

When the connection controller is normally created (S207), the integrated management server 400 registers the generated connection controller (S209), and transmits information about the plurality of connection devices 200 constituting the site to the connection controller (S211). ≪ / RTI >

The above process can be performed through interlocking between the integrated management apparatus constituting the integrated management server 400 and the cloud manager.

This will be described with reference to FIG.

FIG. 10 is a data flow chart for explaining the virtualization-based access controller creation method according to an embodiment of the present invention in more detail.

10, when the integrated management apparatus 410 of the integrated management server 400 has completed construction of a site including a plurality of access devices 200 and a connection controller creation request is generated, the integrated management apparatus 410 transmits the request to the cloud manager 420 (S301). At this time, the integrated management apparatus 410 may transmit information to the cloud manager 420, including information on the number and type of the access devices 200 constituting the site.

The cloud manager 420 confirms the available resources of the access point control server 300 in order to create the access controller based on the virtualization in consideration of the number and type of the access points 200 constituting the site (S303 ). If the cloud manager 420 is monitoring the resource environment for the real-time access device control server 300, it can be checked separately by querying the information about the available resources to the access device control server 300 Can be confirmed without a query process.

As a result of checking, if there is available resources available for creating a connection controller in the access point control server 300, the cloud manager 420 transmits a connection controller creation command to the access point control server 300. The hypervisor of the access point control server 300 that has received the request may generate a connection controller by allocating resources according to the command (S307). Herein, the resource refers to information related to the hardware performance of the access point control server 300, and refers to information related to memory size, CPU performance, etc., and the hypervisor of the access point control server 300 generates access controller It is possible to create a connection controller that is a virtual machine.

When the connection controller creation is completed, the connection device control server 300 can notify the completion of the creation to the cloud manager 420 (S309).

On the other hand, if it is determined that the available resources of the access point control server 300 are not sufficient as a result of checking the available resources in step S303, the cloud manager 420 notifies the other access points of the plurality of access point control servers 300, If there is insufficient available resources in all the access point control servers 300, the cloud manager 420 notifies the integrated management unit 410 of the available resources of the control server 300, And a process of adjusting the number of pixels 200 may be performed.

After step S309, the cloud manager 420 assigns an IP address to the generated access controller, and transmits the generated completion information including the IP address of the access controller to the integrated management device 410 (S311). The integrated management apparatus 410 registers the IP address of the connection controller (S313), and then accesses the connection device information with the connection controller. The IP address of the connected device is registered (S315). The process of registering the access device information may be performed by an administrator. In response to the access controller, when accessing the IP address of the access device, an access device ID in the form of a serial number for the access device 200 is generated Can be stored.

Thereafter, the integrated management device 410 transmits the connection device information to be interlocked with the connection controller to the connection device control server 300 (S317), and the connection device control server 300 transmits the connection device information And stores information on the connected device (S319).

In addition, the integrated management apparatus 410 of the present invention may transmit a delete command to any one of the access controllers created in response to a user's request to the cloud manager 420, and the cloud manager 420 may connect To the device control server 300, and the hypervisor of the access point control server 300 can delete the access controller by retrieving resources allocated to the access controller.

In addition, the integrated management apparatus 410 of the present invention may perform a process of increasing or deleting the number of registered access devices corresponding to the access controller.

When the creation of the connection controller is completed through this process, the connection controller of the connection device control server 300 may process the related message in cooperation with the connection device 200.

Among them, a message processing method according to the initial connection procedure will be briefly described.

11 is a data flow chart for explaining a message processing method according to an initial access procedure according to an embodiment of the present invention.

The connection device 200 transmits inquiry information about the connection controller of the connection device control server 300 to be connected to the connection control device 300 to the integrated management server 400 at the first power-on time (S401). When receiving the response from the integrated management server 400, that is, the port information of the access point control server 300 and the assigned IP address information of the access controller (S403), the subsequent access point 200 transmits the above- It is possible to form an R6 tunneling interval with the access point control server 300 as described above and transmit and receive information to and from the access point control server 300 through the interval, The transmitted and received messages can be tunneled and transmitted without any explanation.

Thereafter, the access point 200 transmits an initial interconnection request (DISCOVER REQUEST) message to the access point control server 300 to inquire whether the access point 200 is registered in the server and the access controller (S405). The message is a message generated when the access device 200 and the access point control server 300 first communicate with each other and includes an AP IP address, access device model information (AP Model Name), access device vendor information AP Vender Name), and access device hardware information (AP Hw Info).

Then, when the connection controller of the access point control server 300 receives the initial interworking connection request message, the access point 200 transmits the initial interworking connection request message to the integrated management server 400 It is possible to confirm whether or not it is the connection device 200 assigned to itself. If it is determined that the connection device 200 is a connection device assigned to the connection device 200, the connection controller of the connection device control server 300 is designated by the integrated management server 400 in correspondence with the connection device 200 Generates a DISCOVER RESPONSE message including the registered access point ID, and transmits the generated initial interworking connection request response message to the access point 200 (S407).

After the above process, the access device 200 transmits a keep alive request message (KEEP ALIVE REQUSET message) to notify the access device control server 300 that the access device 200 is normally operating in a predetermined cycle unit, for example, To the access device control server 300 in step S409 and the access device control server 300 may transmit a KEP ALIVE RESPONSE message as a response message to the access device 200 in step S411, . Here, if the corresponding connection controller of the access point control server 300 fails to receive the keep-alive request message from the access point 200 for a preset time, for example, 10 seconds or more (for example, three times or more) It may determine that the device 200 is in an abnormal state and perform a procedure of releasing all the terminals 100 connected to the access device 200. [

After this process, the connection controller of the access point 200 and the access point control server 300 can now perform an association procedure of the terminal 100. [ In other words, the access point 200 and the access point control server 300 transmit the ASSOCIATION REQUEST message according to the connection procedure, the ASSOCIATION RESPONSE message, the ASSOCIATION RESPONSE message, , A STATION CONNECTION INFO NOTIFY message according to the authentication, and the like.

The connection controller of the access point 200 and the access point control server 300 transmits and receives a DISASSOCIATION REQUEST message and a DISASSOCIATION RESPONSE message, which is a response message thereto, can do.

The virtualization-based access controller creation method according to the embodiment of the present invention has been described above.

The virtualization-based access controller creation method of the present invention as described above may be provided in the form of a computer-readable medium suitable for storing computer program instructions and data. The program recorded on the recording medium for implementing the virtualization-based access controller creation method according to an embodiment of the present invention is a program for accessing a virtualization-based connection A step of creating a controller, and a step of storing the information on the plurality of access devices constituting the site by the integrated management server in correspondence with the generated access controller.

At this time, the program recorded on the recording medium can be read and installed in the computer and executed, thereby executing the above-described functions.

In order to allow a computer to read a program recorded on a recording medium and to execute functions implemented by the program, the above-mentioned program may be stored in a computer-readable medium such as C, C ++, JAVA, machine language, and the like.

The code may include a function code related to a function or the like that defines the functions described above and may include an execution procedure related control code necessary for the processor of the computer to execute the functions described above according to a predetermined procedure. In addition, such code may further include memory reference related code as to what additional information or media needed to cause the processor of the computer to execute the aforementioned functions should be referenced at any location (address) of the internal or external memory of the computer . In addition, when a processor of a computer needs to communicate with any other computer or server that is remote to execute the above-described functions, the code may be stored in a memory of the computer using a communication module of the computer, It may further include a communication-related code such as how to communicate with another computer or a server, and what information or media should be transmitted or received during communication.

Such computer-readable media suitable for storing computer program instructions and data include, for example, magnetic media such as hard disks, floppy disks and magnetic tape, compact disk read only memory (CD-ROM) Optical media such as a DVD (Digital Video Disk), a magneto-optical medium such as a floppy disk, and a ROM (Read Only Memory), a RAM , Random Access Memory), flash memory, EPROM (Erasable Programmable ROM), and EEPROM (Electrically Erasable Programmable ROM). The processor and memory may be supplemented by, or incorporated in, special purpose logic circuits.

The computer readable recording medium may also be distributed over a networked computer system so that computer readable code can be stored and executed in a distributed manner. The functional program for implementing the present invention and the related code and code segment may be implemented by programmers in the technical field of the present invention in consideration of the system environment of the computer that reads the recording medium and executes the program, Or may be easily modified or modified by the user.

While the specification contains a number of specific implementation details, it should be understood that they are not to be construed as limitations on the scope of any invention or claim, but rather on the description of features that may be specific to a particular embodiment of a particular invention Should be understood. Certain features described herein in the context of separate embodiments may be implemented in combination in a single embodiment. Conversely, various features described in the context of a single embodiment may also be implemented in multiple embodiments, either individually or in any suitable subcombination. Further, although the features may operate in a particular combination and may be initially described as so claimed, one or more features from the claimed combination may in some cases be excluded from the combination, Or a variant of a subcombination.

Likewise, although the operations are depicted in the drawings in a particular order, it should be understood that such operations must be performed in that particular order or sequential order shown to achieve the desired result, or that all illustrated operations should be performed. In certain cases, multitasking and parallel processing may be advantageous. Also, the separation of the various system components of the above-described embodiments should not be understood as requiring such separation in all embodiments, and the described program components and systems will generally be integrated together into a single software product or packaged into multiple software products It should be understood.

The present invention relates to a method of controlling a plurality of connection devices, and more particularly, to a virtualization-based connection controller generation method capable of generating a control device for controlling a plurality of connection devices by applying virtualization technology, And an integrated management server.

According to the present invention, by creating a control device for controlling a plurality of connection devices for each site by applying virtualization technology, it is possible to organically control devices in consideration of the number of connection devices constituting the site, By constructing the control device through the virtualization technology instead of building the connected control device, it is possible to improve the system availability as well as the cost of system construction and maintenance.

The present invention contributes to the development of the telecommunication service industry. In addition, the present invention is industrially applicable because the present invention is not only possible to be marketed or operated, but also can be practically and practically carried out.

100: terminal 200:
210: communication interface unit 220: terminal connection management unit
230: integrated management server interworking unit 240: connected device control server interworking unit
250: message processing unit 300: access device control server
310: hardware 320: host OS
330: connection controller 340: security manager
400: Integrated management server 410: Integrated management device
411: connection device management unit 412: connection controller management unit
413: Server Management Unit 420: Cloud Manager
421: server processing unit 422: connection controller processing unit
430: Device manager 431: Communication device
432: input device 433: output device
434: Storage device 1000: Cloud access control system

Claims (10)

An integrated management server for allocating a connection controller for each site constituted by a plurality of access devices and an access device control server for controlling a message generated through the access device in a specific site to be processed through a connection controller pre- 1. A cloud access control system comprising:
Generating a virtualization-based access controller in consideration of an access device in the site when the integrated management server generates a connection controller creation request; And
Storing information on a plurality of access devices constituting the site by the integrated management server corresponding to the generated access controller;
Wherein the virtualization-based access controller is a virtualization-based access controller. The method according to claim 1,
The step of creating the connection controller
Checking the available resources of the access point control server by the integrated management server;
If it is determined that the access point control server has available resources capable of creating a connection controller, the integrated management server transmits a connection controller creation command to the access point control server;
The access point control server allocating a resource for creating a connection controller to generate a connection controller;
The access point control server informing the integrated management server that creation of a connection controller is completed; And
Completing generation of a connection controller by giving the IP address of the connection controller generated by the integrated management server;
Wherein the virtualization-based access controller is a virtualization-based access controller. 3. The method of claim 2,
After the confirming step,
As a result of the checking, if it is determined that the access point control server does not have available resources capable of creating a connection controller, the integrated management server checks the available resources of another access point control server, Supporting a number adjustment;
Wherein the virtualization-based access controller is further configured to: The method according to claim 1,
The storing step
Confirming that the integrated management server inputs an IP address for the access point; And
Storing, by the integrated management server, an IP address for the access device corresponding to the access controller;
Wherein the virtualization-based access controller is a virtualization-based access controller. The method according to claim 1,
After the storing step,
Generating and storing a connection device ID in the serial number form for the connection device in the stored order;
Wherein the virtualization-based access controller is further configured to: The method according to claim 1,
After the storing step,
Transmitting, by the integrated management server, a connection controller deletion command to the access point control server when a connection controller deletion request is generated; And
The access point control server retrieving resources allocated to the access controller and deleting the access controller;
Wherein the virtualization-based access controller is further configured to: The method according to claim 1,
After the storing step,
Deleting the connection device stored in association with the connection controller by the integrated management server, or adding and storing the connection device;
Wherein the virtualization-based access controller is further configured to: The method according to claim 1,
After the storing step,
Receiving, by the integrated management server, query information about a connection controller from any one of the connection devices; And
Transmitting, by the integrated management server, information on a connection controller stored corresponding to the connection device to the connection device;
Wherein the virtualization-based access controller is further configured to: A computer-readable recording medium on which a program for executing the virtualization-based connection controller creation method according to any one of claims 1 to 8 is recorded. A cloud manager for creating a virtualization-based access controller in consideration of an accommodatable access device in a site composed of a plurality of access devices, and transmitting information on the generated access controller to the integrated management device; And
An integrated management device for requesting creation of a connection controller from the cloud manager and storing information on a plurality of access devices constituting the site in response to the access controller when information on the access controller is received from the cloud manager, ;
And an integrated management server.

Images