WO2016070651A1 - 软件中心系统 - Google Patents
软件中心系统 Download PDFInfo
- Publication number
- WO2016070651A1 WO2016070651A1 PCT/CN2015/084855 CN2015084855W WO2016070651A1 WO 2016070651 A1 WO2016070651 A1 WO 2016070651A1 CN 2015084855 W CN2015084855 W CN 2015084855W WO 2016070651 A1 WO2016070651 A1 WO 2016070651A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- software
- server
- entity server
- service
- entity
- Prior art date
Links
- 238000007726 management method Methods 0.000 claims description 64
- 230000005540 biological transmission Effects 0.000 claims description 56
- 238000000034 method Methods 0.000 claims description 38
- 238000009434 installation Methods 0.000 claims description 32
- 230000008569 process Effects 0.000 claims description 25
- 238000012795 verification Methods 0.000 claims description 21
- 230000001360 synchronised effect Effects 0.000 claims description 17
- 230000001419 dependent effect Effects 0.000 claims description 11
- 238000012550 audit Methods 0.000 claims description 10
- 238000001514 detection method Methods 0.000 claims description 8
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 238000012797 qualification Methods 0.000 claims description 4
- 208000011580 syndromic disease Diseases 0.000 claims description 4
- 238000004422 calculation algorithm Methods 0.000 claims description 3
- 230000003247 decreasing effect Effects 0.000 claims description 2
- 238000012552 review Methods 0.000 claims description 2
- 238000012423 maintenance Methods 0.000 abstract description 7
- 239000003795 chemical substances by application Substances 0.000 description 31
- 230000006870 function Effects 0.000 description 29
- 238000010586 diagram Methods 0.000 description 6
- 230000004044 response Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 238000011144 upstream manufacturing Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 230000003139 buffering effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 239000002184 metal Substances 0.000 description 2
- 239000000523 sample Substances 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
Definitions
- the present invention relates to the field of computer technologies, and in particular, to a software center system.
- the problem that comes with it is that some software centers are not separated from the network management server.
- the security framework relies too much on the network management system.
- the software center and the network management server are heavily coupled and the interface is confusing.
- the software center is too simple in design and software access requirements. It is not high, the software version is confusing, the dependencies are not clear, the software center has a single function, and only provides inefficient functions for distributing software.
- the on-site network environment is complex, and the simple software center cannot meet the reliability requirements of users, for example, uploading software processes.
- the network anomaly can only be retransmitted, the network is abnormal during the distribution of software, and several megabytes of software are distributed to the majority of the progress, and there is an abnormality, which cannot be resumed. When a large number of data packets are congested in the network environment, the software is still distributed regardless of the network pressure. problem.
- the present invention has been proposed to provide a software center system.
- the present invention provides a software center system, which is deployed separately from a network management server, and the system includes:
- a software management module configured to provide a software service for the entity server with the proxy module set through the service interface according to a preset software service specification
- a service interface configured to provide an interface for the proxy module to interact with the software management module
- the agent module is deployed in the entity server interacting with the system, and is configured to interact with the software management module through the service interface, and obtain the software service for the entity server from the software management module.
- the software management module includes:
- the software access unit is set to verify the software to be uploaded according to the software access specification in the software service specification, and after the verification is successful, the corresponding software is allowed to be uploaded;
- the entity server feature discovery unit is configured to perform interaction with the agent module through the feature discovery interface in the service interface according to the feature specification in the software service specification, and perform registration and discovery of the entity server feature;
- the software redundancy transmission unit is configured to perform software redundancy upload and software redundancy distribution on the active and standby servers when the software center system is deployed at the same time.
- the congestion control unit is configured to calculate a congestion state of the data transmission link according to a delay of the already transmitted data packet, and adjust the subsequent transmission data according to the congestion state, when the software is distributed to the entity server, through the congestion control interface in the service interface.
- the size of the packet; when there is no software to be distributed, the speed of the data flowing into the local is controlled.
- the software management module further includes:
- the software installation unit is configured to drive the entity server to perform software installation through the silent module of the service interface according to the silent installation specification in the software service specification;
- the software upgrade unit is configured to drive the entity server to perform software upgrade through the remote upgrade interface in the service interface according to the remote upgrade specification in the service interface;
- the proxy download unit is set to download the interface according to the proxy in the software service specification, and through the proxy download interface in the service interface, proxy the physical server request for the software service not stored locally by the proxy module, and/or proxy another software Distribution software service for the central system.
- the software access unit includes:
- the software security authentication sub-module is configured to authenticate the operation authority of the client when receiving the software uploaded by the client, and store or receive the client to upload the software when the client has the software upload permission and the software registration permission.
- the terminal only has the software upload permission.
- the storage or receiving client uploads the software after waiting for the user with the software registration authority to pass the verification; and the security provided to the entity server when the entity server requests the software service.
- Information is reviewed and security information cannot be provided on the physical server Or the provided security information does not provide corresponding software, and refuses to provide software services for the entity server, wherein the security information is set in the proxy module of the entity server;
- the log audit sub-module is set to record the audit log for the operation of accepting the software service or rejecting the software service;
- the verification sub-module is set to perform basic information access and/or business rule access and/or software-dependent access to the software to be uploaded, and to store or receive the software after being verified by the software.
- the syndrome module is set to:
- the software dependency rule is configured in the software identification file of the software to be uploaded and the mandatory detection software dependency is configured, the dependency relationship of the software to be uploaded is calculated, and other softwares dependent on the software are searched for, when other softwares that depend on it exist. , store or receive the software.
- the verification sub-module is configured to: parse the software coordinate information from the header of the software to be uploaded; or parse the software coordinate information from the software identification file of the software to be uploaded.
- the entity server feature discovery unit includes:
- the entity server feature registration sub-module is set to receive the entity of the proxy module deployed on the entity server through the feature discovery interface in the service interface according to the feature specification in the software service specification after the entity server requests the installation service and installs the software successfully.
- Server feature registration request save the entity server feature list in the agent module;
- the entity server feature discovery submodule is set to check the minimum feature requirement list of the corresponding software when the entity server requests the software installation service or the upgrade service, and directly responds if there is no feature requirement; if requested by the attribute request, the agent module of the entity server is requested to provide A list of physical server characteristics, and check whether the physical server feature list meets the characteristics requirements of the software. If it meets, it responds to the service, otherwise it denies the service.
- the proxy module is set to:
- the entity server After the entity server requests to install the service and install the software successfully, if the installed software contains the feature requirements, the characteristics of the entity server are directly registered through the feature registration interface according to the feature specification, and the entity server feature list is saved; If the probe can be determined, the physical server detects the feature detection method, detects the feature, and then registers the feature of the entity server through the feature registration interface, and saves the entity server feature list.
- the software redundant transmission unit includes:
- the software redundancy uploading sub-module is configured to upload the software to the primary server and the standby server when the client uploads the software central system when the two servers are deployed simultaneously on the active and standby servers, and the software is uploaded to the primary server and the standby server.
- the synchronous control interface performs software synchronization between the primary server and the standby server;
- the software redundancy distribution sub-module is configured to send the software to be distributed in the primary server to the main server of the entity server when the software package to be distributed exists on the primary and secondary servers, when the software package is distributed through the distribution control interface in the service interface.
- the software verification sub-module is configured to: after uploading the software from the client, verify whether the second message MD5 code of the first message digest algorithm of the software and the second MD5 code parsed from the identification information of the software identification file or the software package header are Consistently, if they are consistent, the user is prompted to upload successfully; otherwise, the user is prompted to upload failed; after distributing the software to the entity server, the requesting entity server returns the first MD5 code of the software in its local server through the control link, and verifies the Whether the second MD5 code parsed from the identification information of the software identification file or the software package header is consistent. If they are consistent, the distribution is confirmed to be successful, and the entity server is notified to end the distribution. Otherwise, the entity server is notified that the distribution fails.
- the software redundancy upload submodule is set to:
- the software is uploaded to the standby server. After the upload to the standby server is successful, the software is detected and synchronized to the primary server through the synchronous control interface, and the software is uploaded to the standby.
- the software is uploaded to the primary server. After being successfully uploaded to the primary server, the software is detected and synchronized to the standby server through the synchronous control interface, and the software is uploaded to the primary and secondary servers for transmission.
- interrupted the client is notified that the network is abnormal and the software cannot be uploaded.
- the congestion control unit is set to:
- the receiving entity server After the entity server receives the packet body and the control data of the first packet data, the receiving entity server transmits the data of the first packet data sent by the control link and the other link transmission data, and performs buffering;
- the entity server Before transmitting the Nth packet data to the entity server, estimating the current network congestion value according to the average value of the transmission delay of the previous N-1 packet data and the average value of the other link transmission data, and performing the network congestion value with a preset threshold value. Comparing, if greater than or equal to the threshold, reducing the size of the Nth packet data; if less than the threshold, increasing the size of the Nth packet data, where N is an integer greater than or equal to 1;
- the speed of the data flowing into the local area is controlled, and the data flowing into the locality is added to the preset inflow queue, and the size of the sent data packet is calculated according to the inflow inflow queue and the network congestion value.
- the software installation unit is set to:
- the installation software request from the entity server After receiving the installation software request from the entity server, verify whether the user information provided by the entity server has sufficient rights, and if there is sufficient authority, check whether the software to be installed exists, and whether the dependent software of the software to be installed exists, in the judgment If both are available, prepare the software to be installed, and request the feature discovery from the entity server. After obtaining the identity of the entity server and the list of physical server characteristics, check the minimum installation feature requirements according to the identity of the entity server and the list of physical server characteristics. After the check is passed, the requesting entity server provides a silent installation configuration, selects a distribution software according to the installation software request of the entity server, performs software distribution, and performs software installation according to the silent installation configuration to drive the entity server.
- the software upgrade unit is set to:
- the entity server After receiving the upgrade software request sent by the entity server, check whether the user information provided by the entity server has sufficient rights, and if there is sufficient authority, check whether the upgrade package of the software to be upgraded exists, and if yes, to the entity server Request feature discovery, after obtaining the identity of the entity server and the list of the characteristics of the entity server, performing the check of the minimum upgrade feature requirement according to the identity of the entity server and the list of the characteristics of the entity server, and after the check is passed, requesting the entity server to provide the upgrade step configuration, according to The installation software of the physical server requests to select a distribution software to distribute the upgrade package, and configure the drive entity server to perform software upgrade according to the upgrade procedure.
- the proxy download unit is set to:
- the download path is calculated, and the software is obtained from other software centers or from the wide area network according to the download path, and then distributed to the physical server after the software is distributed to the local.
- the problem of inefficiency of the software center function in the prior art in the prior art is solved by separately deploying the software center system and the network management server, and providing software services for the physical server with the proxy module set through the service interface according to the preset software service specification. It can ensure that the software center system provides high-reliability software services to other physical servers, which greatly improves the efficiency of deployment and operation and maintenance.
- FIG. 1 is a schematic structural diagram of a software center system according to an embodiment of the present invention.
- FIG. 2 is a schematic diagram of a deployment manner of a software center system and a communication relationship with an entity server according to an embodiment of the present invention
- FIG. 3 is a flowchart of software injection processing according to an embodiment of the present invention.
- FIG. 4 is a flowchart of a software redundancy distribution service according to an embodiment of the present invention.
- FIG. 5 is a schematic diagram of functions and interactions of modules in a software center for performing congestion control according to an embodiment of the present invention
- FIG. 6 is a flow chart of a software installation service implemented by the present invention.
- FIG. 7 is a flowchart of a software upgrade service according to an embodiment of the present invention.
- FIG. 8 is a flowchart of a proxy download software service according to an embodiment of the present invention.
- the present invention provides a highly reliable software center system, which is independently deployed on a server or a single board, and has independent security authentication modules and logs. Audit module.
- the software hosted in the software center may include network management software, software that carries the network management system, and other software used by the network management system.
- high-reliability software center systems can provide software-related services, such as installation, upgrade, and agent download software, in addition to managing software versions and distributing software.
- the system is software-accessible and redundant. The functions of uploading/distributing, server feature discovery, and congestion control ensure high reliability of the service provided by the software center.
- the system includes a complete set of specifications and service interfaces, and a software center agent module (hereinafter referred to as a proxy module) that can be independently deployed and implemented with a service interface.
- a software center agent module hereinafter referred to as a proxy module
- any physical server can be connected and interacted with the software center.
- a network management server for example, a network management server, a database server, a router or even another software center.
- FIG. 1 is a schematic structural diagram of a software center system according to an embodiment of the present invention. As shown in FIG. 1, a software center according to an embodiment of the present invention is shown. The system includes: a software management module 10, a service interface 12, and a proxy module 14. The various modules of the embodiments of the present invention are described in detail below.
- the software management module 10 is configured to provide a software service for the entity server provided with the proxy module 14 through the service interface 12 according to a preset software service specification;
- the service interface 12 is configured to provide the proxy module 14 with an interface for interacting with the software management module 10;
- the agent module 14 is deployed in a physical server that interacts with the system, and is configured to interact with the software management module 10 through the service interface 12, and obtain software services from the software management module 10 for the entity server.
- the software management module 10 includes: a software admission unit 101, a physical server characteristic discovery unit 102, a software redundancy transmission unit 103, and a congestion control unit 104. The following describes each unit in detail:
- the software access unit 101 is configured to perform verification on the software to be uploaded according to the software access specification in the software service specification. After the verification succeeds, the corresponding software is allowed to be uploaded; the software access unit 101 includes:
- the software security authentication sub-module is configured to authenticate the operation authority of the client when receiving the software uploaded by the client, and store or receive the client to upload the software when the client has the software upload permission and the software registration permission.
- the terminal only has the software upload permission.
- the storage or receiving client uploads the software after waiting for the user with the software registration authority to pass the verification; and the security provided to the entity server when the entity server requests the software service.
- the information is reviewed, and when the entity server cannot provide the security information or the provided security information does not have the corresponding authority, the software service is refused to be provided to the entity server, wherein the security information is set in the agent module 14 of the entity server;
- the log audit sub-module is configured to accept the operation of the software service or reject the software service to perform audit log records, and subsequently provide the audit log to the administrator for viewing;
- the verification sub-module is set to perform basic information access and/or business rule access and/or software-dependent access to the software to be uploaded, and to store or receive the software after being verified by the software.
- the syndrome module is set to:
- the software dependency rule is configured in the software identification file of the software to be uploaded and the mandatory detection software dependency is configured, the dependency relationship of the software to be uploaded is calculated, and other softwares dependent on the software are searched for, when other softwares that depend on it exist. , store or receive the software.
- the verification sub-module may parse the software coordinate information from the header of the software to be uploaded; or parse the software coordinate information from the software identification file of the software to be uploaded.
- the entity server feature discovery unit 102 is configured to interact with the agent module 14 to perform registration and discovery of the entity server characteristics through the feature discovery interface in the service interface 12 according to the feature specification in the software service specification; the entity server feature discovery unit 102 Includes:
- the entity server feature registration sub-module is configured to receive the agent module 14 deployed on the entity server through the feature discovery interface in the service interface 12 according to the feature specification in the software service specification after the entity server requests to install the service and install the software successfully. Entity server feature registration request, save the entity server feature list in the agent module 14;
- the entity server feature discovery submodule is configured to check the minimum feature requirement list of the corresponding software when the entity server requests the software installation service or the upgrade service, and directly respond if there is no feature requirement; if the feature request is requested, the proxy module 14 of the entity server is requested. Provide a list of physical server characteristics, and check whether the physical server feature list meets the software's characteristic requirements. If it meets, respond to the service, otherwise refuse the service.
- the feature registration interface directly registers the feature of the entity server according to the feature specification, and saves the entity server feature.
- the physical server detects the feature detection method, detects the characteristics, registers the characteristics of the entity server through the feature registration interface, and saves the entity server feature list.
- the software redundancy transmission unit 103 is configured to perform software redundancy upload and software redundancy distribution on the active and standby servers when the software center system is deployed on both the active and standby servers; the software redundancy transmission unit 103 includes:
- the software redundancy uploading sub-module is configured to upload the software to the primary server and the standby server and upload the software to the primary server and the secondary server when the software center system is deployed on both the primary and secondary servers.
- the synchronous control interface performs software synchronization between the primary server and the standby server; the software redundancy uploading submodule is set to: when the transmission interruption occurs during the process of uploading the software to the primary server, the software is uploaded to the standby server and is to be uploaded to the standby server. After successful, the software is detected and synchronized to the primary server through the synchronous control interface.
- the transmission interruption occurs during the process of uploading the software to the standby server, the software is uploaded to the primary server, and after being successfully uploaded to the primary server, the detection is performed.
- the software is synchronized to the standby server through the synchronous control interface.
- the software is uploaded to the primary and secondary servers, the transmission is interrupted, and the client is notified that the network is abnormal and the software cannot be uploaded.
- the software redundancy distribution sub-module is configured to send the software to be distributed in the primary server to the entity server when the software is to be distributed through the distribution control interface in the service interface 12 when the software to be distributed exists on the primary and secondary servers.
- the primary server sends the software to be distributed in the standby server to the standby server of the physical server, and creates a data link of the primary server to the standby server of the physical server, and a data link of the standby server to the active server of the physical server. Detecting the connection and occupancy of four data links. When any of the occupied data links has a problem, select the responsibility of creating an unoccupied data link to bear the problem data link.
- the software verification sub-module is configured to: after uploading the software from the client, whether the first MD5 code of the verification software is consistent with the second MD5 code parsed from the software identification file or the identification information of the software package header, if they are consistent, The user is prompted to upload successfully. Otherwise, the user is prompted to upload failed.
- the requesting entity server After distributing the software to the entity server, the requesting entity server returns the first MD5 code of the software in the local server through the control link, and verifies the same with the software identification file or Whether the second MD5 code parsed in the identifier information of the software package header is consistent. If they are consistent, the distribution is confirmed to be successful, and the entity server is notified to end the distribution. Otherwise, the entity server is notified that the distribution fails.
- the congestion control unit 104 is configured to calculate a congestion state of the data transmission link according to a delay of the already transmitted data packet through the congestion control interface in the service interface 12 when distributing the software to the entity server, and adjust the subsequent state according to the congestion state.
- the size of the transmitted data packet; when there is no software to be distributed, the speed of the data flowing into the local (that is, the data flowing in upstream, the data flowing in the upstream refers to the data flowing in the local or the data received locally) is controlled.
- the congestion control unit 104 is configured to:
- the proxy module 14 When the entity server requests to distribute the software, two links are established with the proxy module 14 on the physical server, one of which is the control link and the other is the data transmission link; when the first packet data is ready to be transmitted to the entity server, Controlling the size of the data requested by the link, transmitting the packet of the first packet data through the data transmission link according to the data size, transmitting the control data through the control link; receiving the packet and control of the first packet data at the entity server After the data, the receiving entity server transmits the data of the first packet data sent by the control link and the other link transmission data, and performs buffering; before transmitting the Nth packet data to the entity server, according to the data of the previous N-1 packet
- the average value of the transmission delay and the average value of the other link transmission data are used to estimate the current network congestion value, and compare the network congestion value with a preset threshold.
- the size of the Nth packet data is reduced; If the value is less than the threshold, the size of the Nth packet data is increased, where N is an integer greater than or equal to 1; when the software to be distributed does not exist, the convection The local data speed is controlled, and the incoming local data is added to the preset inflow queue, and the size of the sent data packet is calculated according to the inflow inflow queue and the network congestion value.
- the software management module 10 may further include: a software installation unit, a software upgrade unit, and a proxy download unit.
- a software installation unit a software installation unit
- a software upgrade unit a software upgrade unit
- a proxy download unit a software download unit
- the software installation unit is set to perform software installation according to the silent installation specification in the software service specification and through the silent installation interface in the service interface 12 through the proxy module to drive the entity server; the software installation unit is set to:
- the installation software request from the entity server After receiving the installation software request from the entity server, verify whether the user information provided by the entity server has sufficient rights, and if there is sufficient authority, check whether the software to be installed exists, and whether the dependent software of the software to be installed exists, in the judgment If both are available, prepare the software to be installed, and request the feature discovery from the entity server. After obtaining the identity of the entity server and the list of physical server characteristics, check the minimum installation feature requirements according to the identity of the entity server and the list of physical server characteristics. After the check is passed, the requesting entity server provides a silent installation configuration, selects a distribution software according to the installation software request of the entity server, performs software distribution, and performs software installation according to the silent installation configuration to drive the entity server.
- the software upgrade unit is set to be driven according to the remote upgrade specification in the software service specification, and is driven by the remote upgrade interface in the service interface 12, and the software upgrade is performed through the proxy module entity server; the software upgrade unit is set to:
- the entity server After receiving the upgrade software request sent by the entity server, check whether the user information provided by the entity server has sufficient rights, and if there is sufficient authority, check whether the upgrade package of the software to be upgraded exists, and if yes, to the entity server Request feature discovery, after obtaining the identity of the entity server and the list of the characteristics of the entity server, performing the check of the minimum upgrade feature requirement according to the identity of the entity server and the list of the characteristics of the entity server, and after the check is passed, requesting the entity server to provide the upgrade step configuration, according to The installation software of the physical server requests to select a distribution software to distribute the upgrade package, and configure the drive entity server to perform software upgrade according to the upgrade procedure.
- the proxy download unit is set to download the interface according to the proxy in the software service specification, and through the proxy download interface in the service interface 12, proxy the physical server request for the software service not stored locally by the proxy module, and/or proxy another Distribution software services for software center systems.
- the proxy download unit is set to:
- the download path is calculated, and the software is obtained from other software centers or from the wide area network according to the download path, and then distributed to the physical server after the software is distributed to the local.
- the software center system of the embodiment of the present invention has the following features:
- the software coordinate mechanism can ensure that the software of the software center is unique, and the manageability of the software is enhanced, and the visibility of the software dependence is stronger.
- the basic access rule means that the software must have software identification information or software identification file containing coordinate information.
- the software must also comply with the software before being uploaded to the software center. Business rules and dependency specifications. All software uploaded to the software center will need to be verified at the end to ensure the correctness of the content.
- the software redundancy upload mechanism ensures that the software uploaded to the software center will be uploaded to the two primary and backup software centers at the same time, avoiding the need to re-upload during the process of uploading to the software center; the software redundancy distribution will be distributed through the active and standby software centers.
- the software is connected to the active and standby network management servers. The other link has a problem. Other unoccupied links take over the distribution tasks, and the distribution fails to be distributed to the software center.
- the server feature discovery function can determine the qualification and capability of the server requesting the service in advance, and eliminate the unreliable factors of transmission as early as possible, so as to avoid the problem of interrupting the service due to insufficient characteristics of the server after actually providing the service, and establishing the two sides of the transmission.
- the trust mechanism of the server ensures the high reliability of the service provided by the software center.
- the software center distributes the software, in addition to the FTP download with the breakpoint resuming feature of the physical server, it also provides a way of congestion control push software.
- the end result of increasing network pressure is likely to cause distribution software to fail or be abnormal, and the use of congestion control to distribute software can avoid large packets from being transmitted in the case of network congestion, or even optimally adjusting data according to network traffic.
- the package size of the package makes it more reasonable to utilize various network environments.
- the Software Center also provides installation or upgrade services for physical servers.
- the software center no longer only has a single function of distributing software, but also can drive the network management server to install or upgrade the operating system, database or network management software.
- the agent module that implements the software center interface is deployed. The entire system can be installed in one point through the software center, and the purpose of direct delivery to the office can be achieved, which can greatly reduce the workload of the opening.
- the software center can also provide proxy download service, you can understand the current software center to implement the software required for the physical server LAN private service. Entity servers do not directly face the WAN, making physical servers more secure when using services or implementing core business functions.
- the software center system (hereinafter also referred to as a software center) must establish a set of specifications and a complete communication interface with the agent module, and the following specific description is made:
- Software access specification Including the format of the software identification file, the extraction method of the software identification file, the name specification of the three elements of the software coordinate, the software basic information access specification, the software business rule access specification and the software dependent access specification, the supported software verification method and the school Description of the rules.
- Characteristic specifications Includes physical server identity definitions, feature definitions, generic methods for feature detection, and descriptions of minimum feature requirements for software services.
- Feature discovery interface It includes the feature discovery request and response interface of the software center, as well as interfaces such as software center identity registration, feature registration, identity query, and feature query.
- the request and response interface for transmitting data by the software center data transmission module, and the control module bidirectionally transmits the format and attribute description of the control data.
- synchronous control interface Includes synchronization check and implementation of the synchronization interface.
- the software to be installed must provide an executable silent installation script and a silent installation configuration file.
- Agent download specification and interface Includes domain definitions for proxy downloadable software and proxy download and entity server request response interfaces.
- FIG. 2 is a schematic diagram of a deployment manner of a software center system and a communication relationship with an entity server according to an embodiment of the present invention. As shown in FIG. 2, in a highly reliable software center system, any service is provided with a guarantee of relying on high reliability functions. . The following describes the high reliability features of the Software Center:
- the Software Center has a complete set of software access specifications.
- the software center's independent security certification architecture ensures that authorized users can upload and distribute software;
- the software access specification proposes the concept of software coordinates and the method of extracting software coordinates;
- the software to be uploaded passes basic access, business access and dependency access.
- the rules are checked and finally verified by the software before being admitted to the software center.
- the Software Center has an independent security certification module that ensures secure control of uploading and distributing software. After logging in to the client, the user selects a local software to upload to the software center. The user must have two operation rights of software upload and software registration. If only the software uploads the right, the software can only wait for the user to review the software with the software registration authority. Can be formally admitted to the software center.
- the entity server requests the software center to provide the service
- the software center first requests the entity server to provide security information that can use the corresponding service, and the security information is shipped from the agent module deployed on the entity server, if the entity server cannot provide security information, or provides The security information does not have corresponding permissions, and the software center will refuse to provide the service.
- the software center ensures that the software center rejects the network emulation request packet, and ensures that only the physical server that correctly installs the proxy module can use the software service of the software center.
- the software center records the audit log for requests that are accepted or rejected.
- the software center has an independent log auditing module that allows administrators to audit every operation related to software services in order to detect unauthorized actions in a timely manner.
- the software coordinates introduce order for the network management software and the software or application software that carries the network management software.
- the software of each software center must have clear and unique coordinates to identify the software, and the coordinates are indexed and stored by the software center.
- the software coordinates include the following three elements:
- Software Type Define the actual classification of the software, such as network management software, operating system software, database software, and so on.
- Software function type Define the function classification of the software.
- the network management software is divided into business upgrade software, business installation software, configuration upgrade software, configuration installation software, etc.
- the operating system is divided into windows, linux, etc., and the database is divided into oracle, sybase, and the like.
- Software version number The current version number of the software.
- the software center defines a set of specifications for the version number.
- the above three elements can uniquely identify one software in the software center, and software with the same coordinates does not allow duplicate storage. Since the software of the software center has software coordinates, the management software of the software center is more convenient, the operable software is more reliable, and the query software is faster.
- the software center supports two coordinate extraction methods:
- the specification of the software package header is included in the admission specification.
- the first 512 bytes of the specification definition software file are the software package header, and the header includes information about the software identification. If the software has a 512-byte header format as required by the specification, the software coordinate information is parsed from the header. After the analysis is successful, the header is stripped into the software.
- the specification of the coordinate file is included in the admission specification, including the naming of the coordinate file, the format of the coordinate file, and the like.
- the software identification file includes software coordinate information and other key information. If the software includes a software identification file, the software coordinate information can be parsed from the software identification file.
- the software center supports at the same time. If the pending software does not have coordinate information, it will be rejected for storage.
- Basic information access means that the software center must extract the software coordinate information from the software to be entered, and the coordinate information should conform to the specifications of the software type, software function type and software version number, especially the specification of the software version number. If the software to be entered does not meet the basic information access specifications, the software center will refuse the software storage.
- Business rules are allowed to enter.
- Business rule access refers to another set of rules for verifying whether a pending software is eligible for storage based on the business requirements of the software provider. For example, a software package with the same software function type must have the same version number before being stored in the library. Rules for rule access have certain flexibility.
- the software center adopts configuration file configuration, supports expression language, and is configured in the software identification file.
- FIG. 3 is a flowchart of software injection processing according to an embodiment of the present invention. As shown in FIG. 3, the following processing is included:
- Step S300 Networking, the software center is set on a separate server, and is deployed separately from the network management server.
- the user terminal and the software center are connected by a client server, and the agent module provided by the software center is deployed on the network management server.
- Step S301 The user terminal logs in to the software center, selects a software package, and prepares to upload.
- Step S302 The system determines whether the user has the right to store the software, and if the user does not have the permission, the user software cannot be stored in the library.
- Step S303 The software center extracts the software identification file from the software package, where the coordinate information and other key information of the software are included, and if the software coordinate information cannot be extracted, the software is rejected.
- Step S304 The software center performs basic information access verification, and the coordinate information extracted from the software to be entered must conform to the basic information specification, that is, the coordinate information should conform to the specifications of the software type, the software function type, and the software version number, respectively. If the specification is not met, the software center refuses to accept the software.
- step S305 the software center performs the business rule admission verification, and the software to be entered must comply with the software business rules. If the business rules are not met, the software center refuses to receive the software.
- Step S306 the software center performs the dependency admission check, and searches for the software dependency in the software identification file. If there is a dependency and a mandatory check dependency is configured, the software center checks whether all the dependencies of the software exist, as long as there is a dependency. If there is, the software center refuses to accept the software.
- step S307 the software package is uploaded from the user terminal to the software center, and the software center is deployed in active/standby mode, and the software is concurrently uploaded to the primary and backup servers of the software center.
- the process of uploading to the primary server is considered to be the end of the upload.
- the synchronization module is used to synchronize the software between the primary and secondary servers to ensure that the software is available on both the primary and backup servers.
- Step S308 The software center verifies the md5 code of the file uploaded to the active and standby servers, and compares with the md5 code provided in the software identification file to ensure the correctness of the uploaded file. If the file is inconsistent, the user is prompted to upload and fail.
- step S309 the software package is officially put into storage, and the uploading process ends.
- the server features found When the software center provides services, it can discover the identity and characteristics of the physical server, which is called feature discovery.
- Feature registration is generally performed after the entity server requests the software center to install the service and is successfully installed. It is implemented by the agent module deployed on the entity server and is divided into two types: normal registration and probe registration. After the entity server requests to install the service and installs successfully, if the installed software contains a certain feature, the agent module directly registers the characteristics of the machine through the feature registration interface; if some features are required to be detected, the agent module will The machine detects by the characteristic detection method, and then detects the characteristics and then registers the characteristics of the machine through the feature registration interface.
- the software center agent module deployed on the network management server starts the local FTP service and executes the TYPE I, PASV, and REST commands in sequence. If the execution is successful, the physical server is considered to have The breakpoint resume feature is registered and registered as a feature of the server.
- the entity server When the entity server requests the software installation or upgrade service of the software center, first check the minimum feature requirement list of the software, and if there is no characteristic requirement, directly respond; if there is a feature request, the software center requests the entity service.
- the server provides a list of features.
- the agent module on the entity server returns to the software center according to the previous feature registration list, and the software center checks the feature list. If the minimum feature requirement of the software is met, the service is responded, otherwise the service is denied.
- the network management server requests the software center to upgrade the network management software.
- the software requires the network management server to have at least the file downloading feature, the dual-machine feature, and the transmission breakpoint retransmission feature.
- the software center After the software center receives the feature list of the network management server from the proxy module, it checks whether the network management server characteristics meet the minimum requirements for providing the service, and refuses to provide the service if the minimum requirement is not met. If the minimum requirements are met, the upgrade package is started to be sent, and the request for upgrading the network management software of the network management server is responded to.
- feature discovery The above processes are collectively referred to as feature discovery.
- the synchronization module will automatically detect the software and synchronize to the primary server, and prompt the terminal when starting synchronization. The user uploads the software successfully because the synchronization module ensures that the software can always be synchronized to the specified standby. Similarly, when a transfer is interrupted during uploading to the standby server, the synchronization module automatically detects the software and synchronizes it to the standby server. If the transmission is interrupted when the software is uploaded to the active and standby servers, the software center will notify the end user that the network is abnormal and cannot upload the software.
- the software redundancy upload mechanism improves the reliability of software uploads and provides hardware and software conditions for software redundancy distribution.
- the software redundancy is distributed.
- the software on the active and standby servers in the software center has the prerequisite for redundant distribution. Therefore, before distributing the software, the software center will simply check whether the software to be distributed exists on the primary and secondary servers.
- the primary server of the software center distributes the software to the primary server of the physical server
- the backup server of the software center distributes the software to the standby server of the physical server
- the standby of the software center uses the standby and software center of the physical server.
- the primary link to the physical server will also be created, waiting to be occupied at any time.
- the distribution control module of the software center continuously checks the connection and occupancy of the four links.
- the distribution control module will pick up the responsibility of creating an unoccupied link to bear the problem link.
- the primary server distributed to the physical server by software ends the end of the distribution, and then the agent module of the entity server notifies the software center to distribute the finished message, and the other links stop distributing.
- Primary and backup machines on the physical server The data synchronization between the two can be guaranteed by the synchronization software on the network management server or by the proxy module implementing the synchronization interface.
- FIG. 4 is a flowchart of a software redundancy distribution service according to an embodiment of the present invention. As shown in FIG. 4, the service includes the following steps:
- Step S400 establishing a connection between the network management server and the software center server.
- Step S401 The network management server requests the software center to distribute the software, and provides coordinate information of the software to be distributed and security information required by the software center.
- Step S402 The software center verifies the security information provided by the network management server, and refuses to distribute the software if the verification fails.
- Step S403 The software center calculates a dependency relationship of the software to be distributed, and sorts out the distribution software list.
- Step S404 The software center requests feature discovery, and requests the network management server to provide a feature list.
- step S405 the network management server provides a feature list, and the software center check feature list must have dual-machine characteristics and a resume feature. If the minimum feature requirements are not met, the Software Center refuses to distribute the software.
- step S406 the software center starts to distribute the software package to the active/standby dual-node server of the network management server, and distributes it to the network management main server to end the distribution.
- Step S407 The network management server returns the md5 code of the local software through the control link, and the software center checks whether the md5 code is consistent with the md5 code of the warehouse software, and if it is inconsistent, the distribution software fails.
- Step S408 the software center records the service log, and the redundant distribution process ends.
- FIG. 5 is a schematic diagram of functions and interactions of modules in a software center for performing congestion control according to an embodiment of the present invention. As shown in FIG. 5, the following describes the basic principles of congestion control implementation:
- the software center adopts the congestion control mode to push the software, establishes two links with the agent module on the entity server, a control link (control module), and a data transmission link (transmission). Module).
- the software center (the software center master control module) prepares to transmit the first packet data to the entity server, first applies to the control link for the current transmission data size, and then transmits separately through two links: the first packet is transmitted through the data link.
- the packet data which transmits control data (such as packet size, check code, etc.) through the control link.
- the entity server After receiving the first packet body data and control data, the entity server performs data verification. After the verification is passed, the entity server returns the transmission delay of the first packet data and other link transmission data to the software center through the control link. .
- the control link Before the software center transmits the Nth packet data to the entity server, the control link simply estimates the current network congestion based on the average value of the transmission delay of the previous N-1 packet data and the average value of other link transmission data, and uses the average. The value is compared with the ideal value. If it is greater than the ideal value, the size of the Nth packet data is reduced; if it is less than the ideal value, the data size of the Nth packet is increased; pay attention to reducing the packet size, the base number is decreased, and the data is increased. The packet size should increase slowly.
- the software center is an agent role, the software to be distributed does not exist in the current software center, but is downloaded through the current software center agent in the WAN software warehouse or another software center. In this case, current congestion control needs to increase the consideration of the upstream inflow data rate.
- the upstream inflow data is first added to a queue called the inflow queue.
- the control link calculates the size of the transmitted packet and needs to integrate the inbound queue and the historical transmission control data, neither congesting the outgoing network nor causing no data to be sent.
- the software center can provide services with high reliability.
- the software center can also provide software installation, software upgrade, and agent download software services, all of which are based on software distribution services.
- the software center can drive the physical server installation software.
- the entity server requests the software center to install the software.
- the software center After receiving the request, the software center first determines whether the user information provided by the entity server has sufficient rights, and then checks whether the software to be installed exists, and checks whether the dependent software of the software to be installed exists.
- the software center After the software to be installed is ready, the software center requests feature discovery from the entity server. After obtaining the identity and feature list of the entity server, the software center checks the minimum installation feature requirements. Because it is an installation service, the software center also requests the physical server to provide a silent installation configuration. After all the above checks are passed, the software center starts to distribute the software by selecting a distribution software according to the request information of the physical server.
- the software distribution methods include physical server FTP download and software center to avoid network congestion push. The distribution process to the main server of the physical server ends the distribution process, and the software center installs the software based on the silent installation configuration to drive the physical server.
- FIG. 6 is a flow chart of a software installation service implemented by the present invention. As shown in FIG. 6, the service includes the following steps:
- Step S600 establishing a connection between the network management server and the software center server.
- Step S601 The network management server requests the software center to install a certain software, and provides the software coordinate information to be loaded and the security information required by the software center.
- Step S602 The software center verifies the security information provided by the network management server, and refuses to install the software if the verification fails.
- step S603 the software center performs feature discovery, and the network management server is required to provide a feature list.
- Step S604 the network management server provides a feature list, and the software center verification feature list must have an FTP downloadable feature, a dual-machine feature, and a resume feature. If the minimum feature requirements are not met, the Software Center refuses to install the software.
- step S605 the software center requests to obtain a silent installation configuration.
- Step S606 The network management server responds to the silent installation configuration, and the software center checks whether the information required for the static is complete according to the silent installation specification.
- step S607 the software center distributes the software successfully.
- Step S608 the software center silently installs the driver software according to the silent installation configuration.
- Step S609 the software center records the service log, and the software installation process ends.
- the software center can drive the physical server to upgrade the software.
- the entity server requests the software center to upgrade the software.
- the software center After receiving the request, the software center first determines whether the user information provided by the entity server has Have sufficient permissions and check if the upgrade package for the software to be upgraded exists. Then, the software center requests entity discovery from the entity server, and after obtaining the identity and feature list of the entity server, the software center checks according to the minimum upgrade characteristic requirement. Because it is an upgrade service, the software center also requests the physical server to provide the configuration of the upgrade steps. After all the above checks are passed, the software center starts to distribute the upgrade package by selecting a distribution software according to the request information of the entity server.
- the software distribution method includes physical server FTP download and software center to avoid network congestion push. After the distribution package is distributed to the main server of the physical server, the distribution process ends.
- the software center configures the driver entity server to upgrade the software according to the upgrade procedure.
- FIG. 7 is a flowchart of a software upgrade service according to an embodiment of the present invention. As shown in FIG. 7, the service includes the following steps:
- Step S700 Establish a connection between the network management server and the software center server.
- Step S701 The network management server requests the software center to upgrade a certain software, and provides the software coordinate information to be loaded and the security information required by the software center.
- Step S702 The software center verifies the security information provided by the network management server, and refuses to upgrade the software if the verification fails.
- step S703 the software center performs feature discovery, and the network management server is required to provide a feature list.
- Step S704 the network management server provides a feature list, and the software center verification feature list must have an FTP downloadable feature, a dual-machine feature, and a resume feature. If the minimum feature requirements are not met, the Software Center refuses to upgrade the software.
- Step S705 The software center requests to obtain a remote upgrade configuration.
- Step S706 The network management server responds to the remote upgrade configuration, and the software center checks whether the required information is complete according to the remote upgrade specification.
- step S707 the software center distributes the upgrade package successfully.
- Step S708 The software center drives the software upgrade according to the remote upgrade configuration.
- Step S709 the software center records the service log, and the software upgrade process ends.
- the agent download service, the software center can proxy the request of the network management server for other software, and can also distribute the software service of another software center.
- the software is obtained from the software center or the library or package is obtained from the WAN.
- the software is distributed to the current software center and finally distributed to the physical server.
- Entity servers do not directly face the WAN, making physical servers more secure during installation and upgrades.
- FIG. 8 is a flowchart of a proxy download software service according to an embodiment of the present invention. As shown in FIG. 8, the service includes the following steps:
- Step S800 establishing a connection between the network management server and the software center server.
- Step S801 The network management server requests the software center to download a service of the non-software center software, provides software coordinates, and provides security information required by the software center.
- Step S802 The software center verifies the security information provided by the network management server, and refuses to download the software if the verification fails.
- step S803 the software center calculates the software acquisition mode, and if the check fails to obtain, the proxy download service is rejected.
- Step S804 the software center accesses the central warehouse or other software center, and downloads the software of the specified coordinates.
- step S805 the software center redundant uploading software process is successfully executed.
- Step S806 the software center redundant distribution software process is successfully executed.
- Step S807 the software center agent software download process ends.
- the high reliability software center system of the embodiment of the present invention can provide related functions and services for the network management software.
- the software center system of the embodiment of the present invention highlights highly reliable features and value-added services, including: the software center system establishes a set of software access specifications, and access
- the specification includes basic information access, business rule access and dependency access.
- the basic information access requires that the software of the software center has software coordinate information that conforms to the specification.
- the software coordinates uniquely identifies the software, and the software is easier to query and manage.
- the software center provides a reliable upload service in a redundant manner, so that the active and standby software centers have the ability to transfer software.
- the software center When the network management server requests the software service, the software center requires security authentication. After the feature discovery, the network management server meets the minimum characteristic requirements, and the software center begins to distribute the software.
- the software center also provides a reliable distribution service in a redundant manner.
- the distribution methods provided by the software center include the FTP download of the network management server and the active congestion control distribution of the software center. The congestion control can make more reasonable use of the network environment and improve the reliability of distribution.
- the software center In addition to providing basic distribution software services, the software center also provides drivers for silent installation and remote upgrade services. It also supports proxy network management server to download software services, decoupling software-related functions from the network management server, and making the network management server more professionally responsible. Core industry Related functions.
- the software center has developed a series of specifications and interfaces, and implemented a lightweight software center agent.
- the network management server can deploy the agent on bare metal, or it can be inserted into the network management server as a module, and the agent guarantees communication with the software center. Only after providing high-reliability services will the software center be used more widely, which will greatly improve the efficiency of deployment and operation and maintenance.
- modules in the client in the embodiment can be adaptively changed and placed in one or more clients different from the embodiment.
- the modules in the embodiments can be combined into one module, and further they can be divided into a plurality of sub-modules or sub-units or sub-components.
- any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the client are combined.
- Each feature disclosed in this specification may be replaced by alternative features that provide the same, equivalent or similar purpose.
- the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
- a microprocessor or digital signal processor may be used in practice to implement some or all of the functionality of some or all of the components loaded with the ordered web address in accordance with an embodiment of the present invention.
- the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
- a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
- the foregoing technical solution provided by the embodiment of the present invention solves the prior art by separately deploying a software center system and a network management server, and providing a software service for a physical server provided with a proxy module through a service interface according to a preset software service specification.
- the problem of inefficient function of the software center can ensure that the software center system provides high-reliability software services to other physical servers, which greatly improves the efficiency of the deployment and operation and maintenance.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
本发明公开了一种软件中心系统。该系统与网管服务器分离部署,该系统包括:软件管理模块,设置为根据预先设置的软件服务规范,通过服务接口为设置了代理模块的实体服务器提供软件服务;服务接口,设置为为代理模块提供与软件管理模块进行交互的接口;代理模块,部署于与系统交互的实体服务器中,设置为通过服务接口与软件管理模块进行交互,从软件管理模块为实体服务器获取软件服务。借助于本发明的技术方案,能够保证软件中心系统向其他实体服务器提供高可靠性的软件服务,极大的提高开局和运维的效率。
Description
本发明涉及计算机技术领域,特别是涉及一种软件中心系统。
在相关技术中,为了减少网管开局和运维的工作量,在设备开通阶段,逐步推荐使用软件中心驱动网管服务器一键安装承载网管软件的操作系统、数据库、双机软件和网管软件;在日常运维阶段,逐步推荐使用软件中心驱动一键升级网管软件及其他软件。这些趋势都极大地减少了用服的运维工作,软件中心逐步成长为网管软件的另一分支。
但随之而来的问题是,有的软件中心没有与网管服务器剥离,安全框架过于依赖网管系统,软件中心与网管服务器耦合严重,接口混乱;另外,软件中心的设计过于简单,软件准入要求不高,软件版本混乱,依赖关系不明晰,软件中心职能单一,只提供分发软件的低效职能;另外,现场网络环境复杂,简单的软件中心无法满足用户的可靠性要求,例如:上传软件过程中出现网络异常只能重传,分发软件过程中网络异常,几兆的软件分发到进度大半时出现异常,无法续传,在网络环境中拥塞大量数据包时,仍不顾网络压力分发软件等等问题。
从研发角度上看,由于软件中心展现的低效职能,绝大部分网管研发人员对软件中心的重要性认识不足,投入力量也不大。只有构建出高可用性和高可靠性的软件中心系统,实现稳定安全的上传和分发软件,并提供可靠的安装和升级服务,软件中心才会成为开局和运维必备的利器。
发明内容
鉴于现有技术中软件中心低效的问题,提出了本发明以便提供一种软件中心系统。
本发明提供了一种软件中心系统,该系统与网管服务器分离部署,该系统包括:
软件管理模块,设置为根据预先设置的软件服务规范,通过服务接口为设置了代理模块的实体服务器提供软件服务;
服务接口,设置为为代理模块提供与软件管理模块进行交互的接口;
代理模块,部署于与系统交互的实体服务器中,设置为通过服务接口与软件管理模块进行交互,从软件管理模块为实体服务器获取软件服务。
在本发明实施例中,软件管理模块包括:
软件准入单元,设置为根据软件服务规范中的软件准入规范,对待上传的软件进行校验,在校验成功后,允许上传相应软件;
实体服务器特性发现单元,设置为根据软件服务规范中的特性规范,通过服务接口中的特性发现接口,与代理模块进行交互,进行实体服务器特性的注册和发现;
软件冗余传输单元,设置为在采用主备两台服务器同时部署软件中心系统时,对主备两台服务器进行软件冗余上传和软件冗余分发;
拥塞控制单元,设置为在将软件分发到实体服务器时,通过服务接口中的拥塞控制接口,根据已经发送的数据包的延时计算数据传输链路的拥塞状态,并根据拥塞状态调整后续传输数据包的大小;在不存在待分发的软件时,对流入本地的数据速度进行控制。
在本发明实施例中,软件管理模块还包括:
软件安装单元,设置为根据软件服务规范中的静默安装规范,通过服务接口中的静默安装接口,通过代理模块驱动实体服务器进行软件安装;
软件升级单元,设置为根据软件服务规范中的远程升级规范,通过服务接口中的远程升级接口,通过代理模块驱动实体服务器进行软件升级;
代理下载单元,设置为根据软件服务规范中的代理下载规范,并通过服务接口中的代理下载接口,通过代理模块代理实体服务器对未在本地存储软件的软件服务请求,和/或代理另一个软件中心系统的分发软件服务。
在本发明实施例中,软件准入单元包括:
软件安全认证子模块,设置为在接收到客户端上传的软件时,对客户端的操作权限进行认证,在客户端具备软件上传权限和软件注册权限时,存储或接收客户端上传该软件,在客户端仅具备软件上传权限,不具备软件注册权限时,在等待具备软件注册权限的用户审核通过后,存储或接收客户端上传该软件;在实体服务器请求提供软件服务时,对实体服务器提供的安全信息进行审核,在实体服务器无法提供安全信息
或者提供的安全信息没有相应权限时,拒绝为实体服务器提供软件服务,其中,安全信息设置于实体服务器的代理模块中;
日志审计子模块,设置为对接受软件服务或拒绝软件服务的操作进行审计日志的记录;
校验子模块,设置为对待上传的软件进行基本信息准入和/或业务规则准入和/或软件依赖准入的软件准入规范检查,并通过软件校验后,存储或接收该软件。
在本发明实施例中,校验子模块设置为:
从待上传的软件上获取软件坐标信息,判断软件坐标信息是否符合软件类型、软件功能类型和软件版本号的基本信息准入规范,如果不符合,则拒绝上传该软件;其中,软件坐标信息包括:软件类型、软件功能类型、以及软件版本号;或者,
根据软件提供方提出的业务需求制定的业务规则检验待上传的软件是否具备准入资格,如果不具备,则拒绝上传该软件;其中,业务规则配置于待上传的软件的软件标识文件中;或者,
在待上传的软件的软件标识文件中配置了软件依赖规则且配置了强制检测软件依赖时,计算待上传的软件的依赖关系,查找该软件依赖的其他软件,在其依赖的其他软件都存在时,存储或接收该软件。
在本发明实施例中,校验子模块设置为:从待上传的软件的包头中解析出软件坐标信息;或者,从待上传的软件的软件标识文件中解析出软件坐标信息。
在本发明实施例中,实体服务器特性发现单元包括:
实体服务器特性注册子模块,设置为在实体服务器请求安装服务并安装软件成功之后,根据软件服务规范中的特性规范,通过服务接口中的特性发现接口,接收部署于实体服务器上的代理模块的实体服务器特性注册请求,将实体服务器特性清单保存在代理模块中;
实体服务器特性发现子模块,设置为在实体服务器请求软件安装服务或升级服务时,检查相应软件的最低特性需求清单,如果没有特性要求则直接响应;如果有特性要求则请求实体服务器的代理模块提供实体服务器特性清单,并检查实体服务器特性清单是否符合该软件的特性要求,如果符合,则响应服务,否则拒绝服务。
在本发明实施例中,代理模块设置为:
在实体服务器请求安装服务并安装软件成功后,如果安装的软件中包含特性要求,则根据特性规范通过特性注册接口直接注册该实体服务器的特性,并保存实体服务器特性清单;在某些特性是需要探测才能确定的情况下,在实体服务器按特性探测方法进行探测,探测出特性后再通过特性注册接口注册该实体服务器的特性,并保存实体服务器特性清单。
在本发明实施例中,软件冗余传输单元包括:
软件冗余上传子模块,设置为在主备两台服务器同时部署软件中心系统时,当客户端将某个软件上传后,并发向主用服务器和备用服务器上传该软件,并通过服务接口中的同步控制接口对主用服务器与备用服务器进行软件同步;
软件冗余分发子模块,设置为在主备服务器上都存在待分发软件时,通过服务接口中的分发控制接口分发软件包时,将主用服务器中的待分发软件发送到实体服务器的主用服务器,将备用服务器中的待分发软件发送到实体服务器的备用服务器,并创建主用服务器到实体服务器的备用服务器的数据链路、以及备用服务器到实体服务器的主用服务器的数据链路;检测四条数据链路的连接和占用情况,任何一条被占用的数据链路出现问题时,选择已创建未占用的数据链路承担问题数据链路的职责,在软件分发到实体服务器的主用服务器后,接收实体服务器的代理模块发送的分发结束消息,断开其他数据链;
软件校验子模块,设置为在从客户端上传软件后,校验软件的第一消息摘要算法第五版MD5码与从软件标识文件或软件包头的标识信息中解析出的第二MD5码是否一致,如果一致,则提示用户上传成功,否则,则提示用户上传失败;在分发软件到实体服务器后,请求实体服务器通过控制链路传回其本地服务器中软件的第一MD5码,校验其与从软件标识文件或软件包头的标识信息中解析出的第二MD5码是否一致,如果一致,则确认分发成功,并通知实体服务器分发结束,否则,通知实体服务器分发失败。
在本发明实施例中,软件冗余上传子模块设置为:
在软件上传到主用服务器过程中发生传输中断时,保持软件上传到备用服务器,待上传到备用服务器成功后,检测到该软件并通过同步控制接口同步到主用服务器上,在软件上传到备用服务器过程中发生传输中断时,保持软件上传到主用服务器,待上传到主用服务器成功后,检测到该软件并通过同步控制接口同步到备用服务器上,在软件上传到主备服务器都发生传输中断时,通知客户端网络异常,无法上传软件。
在本发明实施例中,拥塞控制单元设置为:
当实体服务器请求分发软件时,与实体服务器上的代理模块建立两条链路,其中一条为控制链路,另一条为数据传输链路;
在准备向实体服务器传送第一包数据时,向控制链路申请本次传送的数据大小,根据数据大小通过数据传输链路传送第一包数据的包体,通过控制链路传送控制数据;
在实体服务器收到第一包数据的包体和控制数据后,接收实体服务器通过控制链路发送的第一包数据的发送时延及其他链路传输数据,并进行缓存;
在传送第N包数据到实体服务器前,根据前N-1包数据的发送时延的平均值和其他链路传输数据的平均值估计当前网络拥塞值,将网络拥塞值与预先设置的阈值进行比较,如果大于或等于阈值,则减小第N包数据的大小;如果小于阈值,则增大第N包数据的大小,其中,N为大于或等于1的整数;
在待分发的软件不存在时,对流入本地的数据速度进行控制,将流入本地的数据加入预先设置的流入队列,根据流入流入队列和网络拥塞值计算发送数据包的大小。
在本发明实施例中,软件安装单元设置为:
在收到实体服务器的安装软件请求后,检验实体服务器提供的用户信息是否具备足够权限,在具备足够权限的情况下,检查待安装软件是否存在,以及待安装软件的依赖软件是否存在,在判断均存在的情况下,准备待安装软件,并向实体服务器请求特性发现,在获取到实体服务器的身份和实体服务器特性清单后,根据实体服务器的身份和实体服务器特性清单进行最低安装特性要求的检查,在检查通过后,请求实体服务器提供静默安装配置,根据实体服务器的安装软件请求选择一种分发软件的方式进行软件分发,并根据静默安装配置驱动实体服务器进行软件安装。
在本发明实施例中,软件升级单元设置为:
收到实体服务器发送的升级软件请求后,检验实体服务器提供的用户信息是否具备足够权限,在具备足够权限的情况下,检查待升级软件的升级包是否存在,在存在的情况下,向实体服务器请求特性发现,在获取到实体服务器的身份和实体服务器特性清单后,根据实体服务器的身份和实体服务器特性清单进行最低升级特性要求的检查,在检查通过后,请求实体服务器提供升级步骤配置,根据实体服务器的安装软件请求选择一种分发软件的方式进行升级包分发,并根据升级步骤配置驱动实体服务器进行软件升级。
在本发明实施例中,代理下载单元设置为:
收到实体服务器发送的代理下载请求后,计算下载路径,根据下载路径从其他软件中心或从广域网获取软件,在该软件被分发到本地后,再分发到实体服务器。
本发明有益效果如下:
通过将软件中心系统与网管服务器分离部署,并根据预先设置的软件服务规范通过服务接口为设置了代理模块的实体服务器提供软件服务,解决了现有技术现有技术中软件中心职能低效的问题,能够保证软件中心系统向其他实体服务器提供高可靠性的软件服务,极大的提高开局和运维的效率。
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:
图1是本发明实施例的软件中心系统的结构示意图;
图2是本发明实施例的软件中心系统的部署方式和与实体服务器的通讯关系的示意图;
图3是本发明实施例的软件注入处理的流程图;
图4是本发明实施例的软件冗余分发服务的流程图;
图5是本发明实施例的软件中心进行拥塞控制时各模块的职能和交互的示意图;
图6是本发明实施的软件安装服务的流程图;
图7是本发明实施例的软件升级服务的流程图;
图8是本发明实施例的代理下载软件服务的流程图。
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。
为了解决现有技术中软件中心低效职能的问题,本发明提供了一种高可靠性的软件中心系统,该系统独立部署在一台服务器或一块单板上,有独立的安全认证模块和日志审计模块。托管在软件中心的软件可包括网管软件、承载网管的软件和网管系统使用的其他软件。与传统的软件仓库相比,高可靠性的软件中心系统除了可以管理软件版本、分发软件之外,还提供软件相关服务,如安装、升级、代理下载软件等,该系统通过软件准入、冗余上传/分发、服务器特性发现、拥塞控制等功能,保证软件中心提供服务的高可靠性。该系统包括一整套规范和服务接口以及一个可以独立部署,已实现服务接口的软件中心代理模块(下文简称代理模块),在部署了代理模块后,与软件中心连接并交互的可以是任何实体服务器,比如一个网管服务器,一个数据库服务器,一个路由器甚至是另一个软件中心。以下结合附图以及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不限定本发明。
根据本发明的实施例,提供了一种软件中心系统,与网管服务器分离部署,图1是本发明实施例的软件中心系统的结构示意图,如图1所示,根据本发明实施例的软件中心系统包括:软件管理模块10、服务接口12、以及代理模块14,以下对本发明实施例的各个模块进行详细的说明。
软件管理模块10,设置为根据预先设置的软件服务规范,通过服务接口12为设置了代理模块14的实体服务器提供软件服务;
服务接口12,设置为为代理模块14提供与软件管理模块10进行交互的接口;
代理模块14,部署于与系统交互的实体服务器中,设置为通过服务接口12与软件管理模块10进行交互,从软件管理模块10为实体服务器获取软件服务。
在本发明实施例中,软件管理模块10包括:软件准入单元101、实体服务器特性发现单元102、软件冗余传输单元103、以及拥塞控制单元104,以下对各个单元进行详细说明:
软件准入单元101,设置为根据软件服务规范中的软件准入规范,对待上传软件进行校验,在校验成功后,允许上传相应软件;软件准入单元101包括:
软件安全认证子模块,设置为在接收到客户端上传的软件时,对客户端的操作权限进行认证,在客户端具备软件上传权限和软件注册权限时,存储或接收客户端上传该软件,在客户端仅具备软件上传权限,不具备软件注册权限时,在等待具备软件注册权限的用户审核通过后,存储或接收客户端上传该软件;在实体服务器请求提供软件服务时,对实体服务器提供的安全信息进行审核,在实体服务器无法提供安全信息或者提供的安全信息没有相应权限时,拒绝为实体服务器提供软件服务,其中,安全信息设置于实体服务器的代理模块14中;
日志审计子模块,设置为接受软件服务或拒绝软件服务的操作进行审计日志的记录,后续可以将审计日志提供给管理员以供查看;
校验子模块,设置为对待上传的软件进行基本信息准入和/或业务规则准入和/或软件依赖准入的软件准入规范检查,并通过软件校验后,存储或接收该软件。
校验子模块设置为:
从待上传的软件上获取软件坐标信息,判断软件坐标信息是否符合软件类型、软件功能类型和软件版本号的基本信息准入规范,如果不符合,则拒绝上传该软件;其中,软件坐标信息包括:软件类型、软件功能类型、以及软件版本号;或者,
根据软件提供方提出的业务需求制定的业务规则检验待上传的软件是否具备准入资格,如果不具备,则拒绝上传该软件;其中,业务规则配置于待上传的软件的软件标识文件中;或者,
在待上传的软件的软件标识文件中配置了软件依赖规则且配置了强制检测软件依赖时,计算待上传的软件的依赖关系,查找该软件依赖的其他软件,在其依赖的其他软件都存在时,存储或接收该软件。
在本发明实施例中,校验子模块可以从待上传的软件的包头中解析出软件坐标信息;或者,从待上传的软件的软件标识文件中解析出软件坐标信息。
实体服务器特性发现单元102,设置为根据软件服务规范中的特性规范,通过服务接口12中的特性发现接口,与代理模块14进行交互,进行实体服务器特性的注册和发现;实体服务器特性发现单元102包括:
实体服务器特性注册子模块,设置为在实体服务器请求安装服务并安装软件成功之后,根据软件服务规范中的特性规范,通过服务接口12中的特性发现接口,接收部署于实体服务器上的代理模块14的实体服务器特性注册请求,将实体服务器特性清单保存在代理模块14中;
实体服务器特性发现子模块,设置为在实体服务器请求软件安装服务或升级服务时,检查相应软件的最低特性需求清单,如果没有特性要求则直接响应;如果有特性要求则请求实体服务器的代理模块14提供实体服务器特性清单,并检查实体服务器特性清单是否符合该软件的特性要求,如果符合,则响应服务,否则拒绝服务。
此时,代理模块14在实体服务器请求安装服务并安装软件成功后,如果安装的软件中包含某种特性要求,则根据特性规范通过特性注册接口直接注册该实体服务器的特性,并保存实体服务器特性清单;在某些特性是需要探测才能确定的情况下,在实体服务器按特性探测方法进行探测,探测出特性后再通过特性注册接口注册该实体服务器的特性,并保存实体服务器特性清单。
软件冗余传输单元103,设置为在采用主备两台服务器同时部署软件中心系统时,对主备两台服务器进行软件冗余上传和软件冗余分发;软件冗余传输单元103包括:
软件冗余上传子模块,设置为在主备两台服务器同时部署软件中心系统时,当客户端将某个软件上传后,并发向主用服务器和备用服务器上传该软件,并通过服务接口12中的同步控制接口对主用服务器与备用服务器进行软件同步;软件冗余上传子模块设置为:在软件上传到主用服务器过程中发生传输中断时,保持软件上传到备用服务器,待上传到备用服务器成功后,检测到该软件并通过同步控制接口同步到主用服务器上,在软件上传到备用服务器过程中发生传输中断时,保持软件上传到主用服务器,待上传到主用服务器成功后,检测到该软件并通过同步控制接口同步到备用服务器上,在软件上传到主备服务器都发生传输中断时,通知客户端网络异常,无法上传软件。
软件冗余分发子模块,设置为在主备服务器上都存在待分发软件时,开始通过服务接口12中的分发控制接口分发软件包时,将主用服务器中的待分发软件发送到实体服务器的主用服务器,将备用服务器中的待分发软件发送到实体服务器的备用服务器,并创建主用服务器到实体服务器的备用服务器的数据链路、以及备用服务器到实体服务器的主用服务器的数据链路;检测四条数据链路的连接和占用情况,任何一条被占用的数据链路出现问题时,选择已创建未占用的数据链路承担问题数据链路的职责,
在软件分发到实体服务器的主用服务器后,接收实体服务器的代理模块14发送的分发结束消息,断开其他数据链;
软件校验子模块,设置为在从客户端上传软件后,校验软件的第一MD5码与从软件标识文件或软件包头的标识信息中解析出的第二MD5码是否一致,如果一致,则提示用户上传成功,否则,则提示用户上传失败;在分发软件到实体服务器后,请求实体服务器通过控制链路传回其本地服务器中软件的第一MD5码,校验其与从软件标识文件或软件包头的标识信息中解析出的第二MD5码是否一致,如果一致,则确认分发成功,并通知实体服务器分发结束,否则,通知实体服务器分发失败。
拥塞控制单元104,设置为在将软件分发到实体服务器时,通过服务接口12中的拥塞控制接口,根据已经发送的数据包的延时计算数据传输链路的拥塞状态,并根据拥塞状态调整后续传输数据包的大小;在不存在待分发的软件时,对流入本地的数据(即,上流流入的数据,上流流入的数据是指流入本地的数据或者本地接收到的数据)速度进行控制。拥塞控制单元104设置为:
当实体服务器请求分发软件时,与实体服务器上的代理模块14建立两条链路,其中一条为控制链路,另一条为数据传输链路;在准备向实体服务器传送第一包数据时,向控制链路申请本次传送的数据大小,根据数据大小通过数据传输链路传送第一包数据的包体,通过控制链路传送控制数据;在实体服务器收到第一包数据的包体和控制数据后,接收实体服务器通过控制链路发送的第一包数据的发送时延及其他链路传输数据,并进行缓存;在传送第N包数据到实体服务器前,根据前N-1包数据的发送时延的平均值和其他链路传输数据的平均值估计当前网络拥塞值,将网络拥塞值与预先设置的阈值进行比较,如果大于或等于阈值,则减小第N包数据的大小;如果小于阈值,则增大第N包数据的大小,其中,N为大于或等于1的整数;在待分发的软件不存在时,对流入本地的数据速度进行控制,将流入本地的数据加入预先设置的流入队列,根据流入流入队列和网络拥塞值计算发送数据包的大小。
在本发明实施例中,为了提供更加丰富的软件服务,软件管理模块10还可以包括:软件安装单元、软件升级单元、以及代理下载单元,以下对上述各个单元进行详细说明。
软件安装单元,设置为根据软件服务规范中的静默安装规范,并通过服务接口12中的静默安装接口,通过代理模块驱动实体服务器进行软件安装;软件安装单元设置为:
在收到实体服务器的安装软件请求后,检验实体服务器提供的用户信息是否具备足够权限,在具备足够权限的情况下,检查待安装软件是否存在,以及待安装软件的依赖软件是否存在,在判断均存在的情况下,准备待安装软件,并向实体服务器请求特性发现,在获取到实体服务器的身份和实体服务器特性清单后,根据实体服务器的身份和实体服务器特性清单进行最低安装特性要求的检查,在检查通过后,请求实体服务器提供静默安装配置,根据实体服务器的安装软件请求选择一种分发软件的方式进行软件分发,并根据静默安装配置驱动实体服务器进行软件安装。
软件升级单元,设置为根据软件服务规范中的远程升级规范,并通过服务接口12中的远程升级接口驱动,通过代理模块实体服务器进行软件升级;软件升级单元设置为:
收到实体服务器发送的升级软件请求后,检验实体服务器提供的用户信息是否具备足够权限,在具备足够权限的情况下,检查待升级软件的升级包是否存在,在存在的情况下,向实体服务器请求特性发现,在获取到实体服务器的身份和实体服务器特性清单后,根据实体服务器的身份和实体服务器特性清单进行最低升级特性要求的检查,在检查通过后,请求实体服务器提供升级步骤配置,根据实体服务器的安装软件请求选择一种分发软件的方式进行升级包分发,并根据升级步骤配置驱动实体服务器进行软件升级。
代理下载单元,设置为根据软件服务规范中的代理下载规范,并通过服务接口12中的代理下载接口,通过代理模块代理实体服务器对未在本地存储软件的软件服务请求,和/或代理另一个软件中心系统的分发软件服务。代理下载单元设置为:
收到实体服务器发送的代理下载请求后,计算下载路径,根据下载路径从其他软件中心或从广域网获取软件,在该软件被分发到本地后,再分发到实体服务器。
从上面的描述可以看出,本发明实施例的软件中心系统具有以下特点:
1、独立于网管服务器外部署,有独立安全认证系统,网管软件中心的安全认证不依赖于网管系统。终端或网管服务器对于软件中心服务的请求和响应有独立的日志记录和审核模块,以上两点使得独立部署的软件中心拥有更好的安全性。
2、拥有一套完整的软件准入规范。软件坐标机制可以保证软件中心的软件唯一,并加强了软件的可管理性,软件依赖的可视性更强。基本准入规则是指软件必须有包含坐标信息的软件标识信息或软件标识文件,软件上传到软件中心之前还必须符合软
件的业务规则和依赖规范。所有上传到软件中心的软件最后都需要进行校验,保证内容的正确性。
3、提供可靠的软件上传和分发服务。软件冗余上传机制保证上传到软件中心的软件会同时上传到主备用两个软件中心上,避免上传到软件中心的过程中失败需要重新上传;软件冗余分发会通过主备两个软件中心分发软件到主备两个网管服务器上,其他一条链路发生问题,其他已建立未占用的链路接管其分发任务,避免分发到软件中心的过程中失败需要重新分发。
4、服务器特性发现功能可以提前确定请求服务的服务器的资质和能力,尽早排除传输不可靠的因素,从而避免在实际提供服务后才发现因为服务器的特性不足而中断服务的问题,建立对传输双方服务器的信任机制,保证了软件中心提供服务的高可靠性。
5、软件中心在分发软件时除了可以通过实体服务器具备断点续传特性的FTP下载外,还提供了一种拥塞控制的推送软件的方式。增大网络压力的最终结果很可能是导致分发软件失败或异常,而使用拥塞控制的方式分发软件可以避免在网络拥塞的情况下大包传送数据包,甚至是根据网络的流量最优调整传送数据包的包大小,更加合理的利用各种网络环境。
6、除提供分发软件的基础服务之外,软件中心还提供对于实体服务器的安装或升级服务。软件中心不再只有分发软件的单一职能,还可以驱动网管服务器一键安装或升级操作系统、数据库或网管软件,当一台裸机连接到软件中心后,部署了实现软件中心接口的代理模块,就可以通过软件中心一键安装整个系统,达到直接交付局方的目的,这可以大大降低开局的工作量。
7、软件中心还可以提供代理下载服务,可以理解当前软件中心实现为实体服务器所需软件的局域网内部私服。实体服务器不直接面对广域网,也使得实体服务器在使用服务或实施核心业务功能时更加安全。
8、代理网管服务器的一切内部和外部的软件需求,对外只暴露软件中心,也将网管服务器与软件相关的功能剥离开来,集中力量实现网管的核心功能,体现了专业的服务器负责专业的事情的思想。
以下结合附图,对本发明实施例的上述技术方案进行详细说明。
在本发明实施例中,软件中心系统(以下也称为软件中心)为了实现以上的功能和服务,必须建立一套规范和与代理模块完整的通信接口,以下进行具体说明:
1、软件准入规范。包括软件标识文件的格式,软件标识文件的提取方式,软件坐标三要素的名称规范,软件基本信息准入规范,软件业务规则准入规范和软件依赖准入规范,支持的软件校验方式及校验规则描述。
2、特性规范。包括实体服务器身份定义,特性定义,特性探测的通用方法和软件服务的最低特性要求的描述。
3、特性发现接口。包括软件中心的特性发现请求和响应接口,以及软件中心身份注册、特性注册、身份查询、特性查询等接口。
4、请求服务接口。包括实体服务器的服务请求和软件中心提供服务响应的接口。
5、拥塞控制接口。包括软件中心数据传输模块传输数据的请求和响应接口,控制模块双向传输控制数据的格式和属性描述。
6、分发控制接口。包括分发软件的链路控制和链路占用检测接口。
7、同步控制接口。包括同步检查和实施同步接口。
8、静默安装规范和接口。待安装的软件必须提供一个可执行的静默安装脚本和静默安装配置文件。
9、远程升级规范和接口。待升级的软件必须实现步骤驱动请求的响应,还必须提供远程升级步骤配置文件。
10、代理下载规范和接口。包括可代理下载软件的范畴定义和代理下载与实体服务器请求响应接口。
图2是本发明实施例的软件中心系统的部署方式和与实体服务器的通讯关系的示意图,如图2所示,高可靠性的软件中心系统中,提供任何服务都依赖高可靠性功能的保证。以下描述软件中心的高可靠性功能:
一、软件准入。软件中心有一套完整的软件准入规范。软件中心独立的安全认证架构保证有权限的用户才能上传和分发软件;软件准入规范提出了软件坐标的概念和提取软件坐标的方法;待上传软件通过基本准入、业务准入和依赖准入规则检查,最后经过软件校验后,方可准入软件中心。
1、软件中心安全认证。软件中心拥有独立的安全认证模块,保证了对于上传和分发软件的安全控制。用户登陆客户端后,选择某个本地软件上传到软件中心,该用户必须具备软件上传和软件注册两个操作权限,如果只有软件上传的权限,该软件只能等待具备软件注册权限的用户审核方可正式准入软件中心。实体服务器请求软件中心提供服务时,软件中心首先要求该实体服务器提供可以使用对应服务的安全信息,该安全信息由部署在实体服务器上的代理模块出厂,如果实体服务器无法提供安全信息,或者提供的安全信息没有对应的权限,软件中心将拒绝提供服务。如此设计保证了软件中心拒绝网络模拟请求包,保证只有正确安装代理模块的实体服务器,才可以使用软件中心的软件服务。另外,软件中心对于接受或拒绝的请求,都会记录审计日志。软件中心拥有独立的日志审计模块,管理员可以审计每次和软件服务相关的操作,以便及时发现越权行为。
2、软件坐标。软件坐标为网管软件及承载网管软件的软件或应用软件引入了秩序,每个软件中心的软件都必须有明确的、唯一的坐标来标识该软件,该坐标被软件中心索引和存储。软件坐标包括以下3个元素:
软件类型:定义软件的实际分类,例如网管软件、操作系统软件、数据库软件等等。
软件功能类型:定义软件的功能分类,例如网管软件分为业务升级软件、业务安装软件、配置升级软件、配置安装软件等,操作系统分为windows、linux等,数据库分为oracle、sybase等。
软件版本号:软件当前的版本号,软件中心定义了一套版本号的规范。
通过以上3个元素可以唯一确定软件中心中的一个软件,拥有同一坐标的软件不允许重复入库。由于软件中心的软件都具有软件坐标,软件中心的管理软件更加简便,可操作的软件更加可靠,查询软件也更加快捷。
软件中心支持两种坐标提取方式:
软件包头。准入规范中包括了软件包头的规范,规范定义软件文件的前512个字节为软件包头,该包头包括软件标识的相关信息。如果该软件具有规范要求的512字节的包头格式,则从包头中解析出软件坐标信息。解析成功后,将该包头剥离待入软件。
软件标识文件。准入规范中包括了坐标文件的规范,包括坐标文件的命名,坐标文件的格式等。软件标识文件包括了软件坐标信息及其他关键信息,如果该软件中包括软件标识文件,则可以从软件标识文件中解析出软件坐标信息。
以上两种方式,软件中心同时支持。如果待入软件不具有坐标信息,将被拒绝入库。
3、基本信息准入。基本信息准入是指软件中心必须从待入软件上提取出软件坐标信息,且坐标信息应分别符合软件类型、软件功能类型和软件版本号的规范,特别是软件版本号的规范。如果待入软件不符合基本信息准入规范,软件中心将拒绝软件入库。
4、业务规则准入。业务规则准入是指根据软件提供方提出的业务需求制定的另一套检验待入软件是否具备入库资格的规则。比如:多个软件功能类型一致的软件包入库前必须要求版本号一致。规则准入的规则具备一定的灵活性,软件中心采取配置文件配置,支持表达式语言,配置在软件标识文件中。
5、软件依赖准入。当软件标识文件中配置了软件依赖且配置了强制检测依赖时,软件中心会计算待入软件的依赖关系,查找该软件依赖的其他软件,只有其依赖的软件都存在于软件中心时,才允许软件入库。注意依赖具有传递性,当软件A依赖于软件B,软件B又依赖于软件C,那么软件A就依赖于软件C。软件A、B、C都特指具备坐标的软件,不同版本的软件可能依赖有所不同。依赖关系形成一颗庞大的依赖树,树上的每个叶子节点成为待入软件最深的依赖节点。
图3是本发明实施例的软件注入处理的流程图,如图3所示,包括如下处理:
步骤S300、组网,软件中心设置于独立服务器,与网管服务器分离部署,用户终端与软件中心以客户端服务器方式连接,软件中心提供的代理模块部署在网管服务器上。
步骤S301、用户终端登陆软件中心,选择软件包,准备上传。
步骤S302、系统判断用户是否具备软件入库的权限,如果不具备权限则提示用户软件无法入库。
步骤S303、软件中心从软件包中提取软件标识文件,其中包括坐标信息和软件其他的关键信息,如果无法提取软件坐标信息则拒绝接收该软件。
步骤S304、软件中心进行基本信息准入校验,从待入软件提取出的坐标信息必须符合基本信息规范,即坐标信息应分别符合软件类型、软件功能类型和软件版本号的规范。如果不符合规范则软件中心拒绝接收该软件。
步骤S305、软件中心进行业务规则准入校验,待入软件必须符合软件业务规则。如果不符合业务规则软件中心拒绝接收该软件。
步骤S306、软件中心进行依赖准入校验,在软件标识文件中查找软件的依赖关系,如果存在依赖且配置了强制检查依赖,则检查软件中心是否存在该软件的所有依赖,只要有一个依赖不存在则软件中心拒绝接收该软件。
步骤S307、开始从用户终端上传软件包至软件中心,软件中心采用主备部署,软件将并发上传至软件中心主用和备用服务器上。上传至主用服务器的流程结束认为上传结束,上传结束后,主备服务器间采用同步模块同步软件包,保证主备服务器上都有该软件。
步骤S308、软件中心对上传至主备服务器上的文件校验md5码,与软件标识文件中提供的md5码比较,保证上传文件的正确性,如果不一致,提示用户上传失败和失败原因。
步骤S309、软件包正式入库,上传流程结束。
二、服务器特性发现。软件中心在提供服务时可以发现实体服务器的身份及特性,称为特性发现。
特性发现的前提是在实体服务器上进行特性注册。特性注册一般是在实体服务器请求软件中心安装服务并安装成功之后进行,由部署在实体服务器上的代理模块实施,分为普通注册和探测注册两种注册方式。当实体服务器请求安装服务并安装成功后,如果安装的软件中包含某种特性,则代理模块通过特性注册接口直接注册本机的特性;如果某些特性是需要探测才能确定的,代理模块会在本机按特性探测方法探测,探测出特性后再通过特性注册接口注册本机的特性。例如当网管服务器请求安装FTP服务器,安装成功之后,网管服务器上部署的软件中心代理模块会启动本机FTP服务,并依次执行TYPE I,PASV和REST指令,如果执行成功,则认为该实体服务器具备了断点续传特性,并将此特性注册为本服务器的特性。
当实体服务器请求软件中心的软件安装或升级服务时,首先检查该软件的最低特性需求清单,如果没有特性要求则直接响应;如果有特性要求则软件中心请求实体服
务器提供特性清单。实体服务器上的代理模块根据之前的特性注册情况组织特性清单列表返回给软件中心,软件中心检查该特性清单,如果符合该软件的最低特性需求,才响应服务,否则拒绝服务。例如网管服务器向软件中心请求升级网管软件,该软件要求网管服务器至少具备文件下载特性,双机特性和传输断点续传特性。当软件中心从代理模块接收到网管服务器的特性清单后,检查该网管服务器特性是否符合提供服务所需的最低要求,如果不满足最低要求将拒绝提供服务。如果符合最低要求,则开始推送升级包,响应网管服务器的升级网管软件的请求。以上流程统称为特性发现。
三、软件冗余传输。包括软件冗余上传和软件冗余分发两个方向的可靠性实现。
1、软件冗余上传。由于软件中心本身对服务器性能要求不高,因此采取低成本的主备两台服务器同时部署软件中心。当终端用户将某个软件上传至软件中心,软件准入后,终端会并发向主用和备用服务器上传该软件,该过程对于用户是透明的,上传到主用服务器成功则提示终端用户上传软件成功。主用服务器与备用服务器之间的软件同步由软件中心的同步软件或同步模块处理。
如果软件上传到主用服务器过程中发生传输中断,软件仍保持上传到备用服务器,待上传到备用服务器成功后,同步模块会自动检测到该软件并同步到主用服务器上,开始同步时提示终端用户上传软件成功,因为同步模块可以保证总是能将软件同步到指定备机上。同理,上传到备用服务器过程中发生传输中断,同步模块会自动检测到该软件并同步到备用服务器上。如果软件上传到主备服务器都发生传输中断,软件中心会通知终端用户网络异常,无法上传软件。
软件冗余上传机制提高了软件上传的可靠性,为软件冗余分发提供了硬件和软件条件。
2、软件冗余分发,软件中心的主备服务器上都存在待分发软件是冗余分发的前提,因此分发软件前软件中心会简单检测主备服务器上是否都存在待分发软件。开始分发软件包时,软件中心的主用服务器分发软件到实体服务器的主用服务器,软件中心的备用服务器分发软件到实体服务器的备用服务器,同时软件中心的主用到实体服务器的备用和软件中心的备用到实体服务器的主用的链路也会创建,随时等待被占用。软件中心的分发控制模块会不断检查四条链路的连接和占用情况,任何一条被占用的链路出现问题,分发控制模块会挑出已创建未占用的链路承担问题链路的职责。以软件分发到实体服务器的主用服务器结束认为分发的结束,随后实体服务器的代理模块会通知软件中心分发结束的消息,其他链路停止分发。实体服务器上的主用和备用机之
间的数据同步既可由网管服务器上的同步软件保证,也可由实现同步接口的代理模块处理。
如果实体服务器没有主备两台机器,会在实体服务器本机启用两个进程接收软件包到服务器的两个磁盘上。
图4是本发明实施例的软件冗余分发服务的流程图,如图4所示,该服务包括以下步骤:
步骤S400、网管服务器与软件中心服务器之间建立连接。
步骤S401、网管服务器请求软件中心分发软件,提供了待分发软件的坐标信息和软件中心需要的安全信息。
步骤S402、软件中心验证网管服务器提供的安全信息,如果验证无法通过则拒绝分发软件。
步骤S403、软件中心计算待分发软件的依赖关系,整理出分发软件列表。
步骤S404、软件中心请求特性发现,请求网管服务器提供特性列表。
步骤S405、网管服务器提供特性列表,软件中心校验特性列表,必须具有双机特性和断点续传特性等。如果不符合最低特性要求,软件中心拒绝分发软件。
步骤S406、软件中心开始分发软件包到网管服务器的主备双机上,分发到网管主用服务器结束认为分发结束。
步骤S407、网管服务器通过控制链路传回本地软件的md5码,软件中心检查该md5码与仓库软件的md5码是否一致,如果不一致则认为分发软件失败。
步骤S408、软件中心记录服务日志、冗余分发流程结束。
3、软件校验,无论是从终端用户上传到软件中心,还是软件中心分发软件到实体服务器,都需要在流程结束后保证操作前后软件内容一致。上传软件前,软件标识文件或软件包头的标识信息会提供上传软件的md5码,上传软件结束,软件中心检查软件的md5码与解析软件标识中的md5码是否一致,如果不一致,则提示用户上传失败。分发软件流程结束,软件中心请求实体服务器通过控制链路传回其本地服务器中软件的md5码,如果与软件中心中软件属性的md5码一致,软件中心才认为分发成功,并通知实体服务器分发结束。
四、拥塞控制。软件中心将软件分发到实体服务器时,可以通过对已发送包的RTT时延计算估计数据传输链路的拥塞状态,从而调整传送数据包大小,避免在网络拥塞时还大包传送数据,给网络造成不必要的压力。注意如果软件中心进行网络拥塞控制,必须是由软件中心主动推送软件到实体服务器,这与实体服务器通过FTP下载软件的传输主导方向不同,是另一种可靠分发软件包的工作方式。图5是本发明实施例的软件中心进行拥塞控制时各模块的职能和交互的示意图,如图5所示,以下描述下拥塞控制实现的基本原理:
1、当实体服务器请求软件中心分发软件时,软件中心采取拥塞控制方式推送软件,与实体服务器上的代理模块建立两条链路,一条控制链路(控制模块),一条数据传输链路(传输模块)。
2、软件中心(软件中心总控模块)准备向实体服务器传送第一包数据,首先向控制链路申请本次传送数据大小,然后通过两条链路分别传输:通过数据链路传送第一包包体数据,通过控制链路传送控制数据(比如数据包大小,校验码等)。
3、实体服务器收到第一包包体数据和控制数据后,进行数据校验,校验通过后实体服务器将第一包数据的发送时延及其他链路传输数据通过控制链路返回软件中心。
4、软件中心控制链路收到第一包数据的控制数据后,缓存。
5、软件中心传送第N包数据到实体服务器前,控制链路根据前N-1包数据的发送时延的平均值和其他链路传输数据的平均值简单估计当前网络拥塞情况,使用该平均值与理想值比较,如果大于理想值,则减小第N包数据的大小;如果小于理想值,则增大第N包数据大小;注意减小数据包大小应基数减小,而增大数据包大小则应缓慢增加。
6、如果软件中心是代理角色,即待分发的软件在当前的软件中心并不存在,而是通过当前软件中心代理在广域网的软件仓库或另一个软件中心下载。在此情况下,当前的拥塞控制需要增加对上流流入数据速度的考虑。上流流入数据先加入一个队列称为流入队列,控制链路计算发送数据包大小需要综合流入队列和历史传输控制数据,既不拥塞流出网络,也不会导致无数据可发送的局面。
以上功能保证了软件中心可以高可靠性的提供服务。软件中心除提供对实体服务器软件分发的基础服务外,还可以提供软件安装、软件升级、代理下载软件的服务,这些服务都是以软件分发服务为前提
1、软件安装服务。软件中心可以驱动实体服务器安装软件。实体服务器请求软件中心安装软件,软件中心收到该请求后,首先确定实体服务器提供的用户信息是否具备足够权限,然后检查待安装软件是否存在,检查待安装软件的依赖软件是否存在。待安装软件准备完毕之后,软件中心向实体服务器请求特性发现,获取到实体服务器的身份和特性列表后,软件中心按最低安装特性要求检查。由于是安装服务,软件中心还请求实体服务器提供静默安装的配置。以上检查全部通过后,软件中心根据实体服务器的请求信息选择一种分发软件的方式开始分发软件,分发软件的方式有实体服务器FTP下载和软件中心避免网络拥塞的推送两种方式。分发软件到实体服务器的主用机结束分发流程结束,软件中心根据静默安装配置驱动实体服务器安装软件。
图6是本发明实施的软件安装服务的流程图,如图6所示,该服务包括以下步骤:
步骤S600、网管服务器与软件中心服务器之间建立连接。
步骤S601、网管服务器请求软件中心安装某个软件,并提供待装软件坐标信息和软件中心需要的安全信息。
步骤S602、软件中心验证网管服务器提供的安全信息,如果验证无法通过则拒绝安装软件。
步骤S603、软件中心进行特性发现,要求网管服务器提供特性列表。
步骤S604、网管服务器提供特性列表,软件中心校验特性列表,必须具有可FTP下载特性、双机特性和断点续传特性等。如果不符合最低特性要求,软件中心拒绝安装软件。
步骤S605、软件中心请求获取静默安装配置。
步骤S606、网管服务器响应静默安装配置,软件中心根据静默安装规范检查静所需信息是否完备。
步骤S607、软件中心分发软件成功。
步骤S608、软件中心根据静默安装配置驱动软件静默安装。
步骤S609、软件中心记录服务日志、软件安装流程结束。
2、软件升级服务。软件中心可以驱动实体服务器升级软件。实体服务器请求软件中心升级软件,软件中心收到该请求后,首先确定实体服务器提供的用户信息是否具
备足够权限,然后检查待升级软件的升级包是否存在。接着,软件中心向实体服务器请求实体发现,获取到实体服务器的身份和特性列表后,软件中心按最低升级特性要求检查。由于是升级服务,软件中心还请求实体服务器提供升级步骤的配置。以上检查全部通过后,软件中心根据实体服务器的请求信息选择一种分发软件的方式开始分发升级包,分发软件的方式有实体服务器FTP下载和软件中心避免网络拥塞的推送。分发升级包到实体服务器的主用机结束分发流程结束,软件中心根据升级步骤配置驱动实体服务器升级软件。
图7是本发明实施例的软件升级服务的流程图,如图7所示,该服务包括以下步骤:
步骤S700、网管服务器与软件中心服务器之间建立连接。
步骤S701、网管服务器请求软件中心升级某个软件,并提供待装软件坐标信息和软件中心需要的安全信息。
步骤S702、软件中心验证网管服务器提供的安全信息,如果验证无法通过则拒绝升级软件。
步骤S703、软件中心进行特性发现,要求网管服务器提供特性列表。
步骤S704、网管服务器提供特性列表,软件中心校验特性列表,必须具有可FTP下载特性、双机特性和断点续传特性等。如果不符合最低特性要求,软件中心拒绝升级软件。
步骤S705、软件中心请求获取远程升级配置。
步骤S706、网管服务器响应远程升级配置,软件中心根据远程升级规范检查所需信息是否完备。
步骤S707、软件中心分发升级包成功。
步骤S708、软件中心根据远程升级配置驱动软件升级。
步骤S709、软件中心记录服务日志、软件升级流程结束。
3、代理下载服务,软件中心可以代理网管服务器对其他软件的请求,也可以代理另一个软件中心的分发软件服务。在计算出下载路径后,会从软件中心获取软件或从广域网获取库或包,该软件被分发到当前软件中心后,最后再分发到实体服务器。可
以理解当前软件中心实现为实体服务器所需软件的局域网内部私服。实体服务器不直接面对广域网,也使得实体服务器在安装和升级时更加安全。
图8是本发明实施例的代理下载软件服务的流程图,如图8所示,该服务包括以下步骤:
步骤S800、网管服务器与软件中心服务器之间建立连接。
步骤S801、网管服务器请求软件中心下载某个非软件中心软件的服务,提供了软件坐标,并提供了软件中心需要的安全信息。
步骤S802、软件中心验证网管服务器提供的安全信息,如果验证无法通过则拒绝下载软件。
步骤S803、软件中心计算软件获取方式,如果经检查无法获取则拒绝代理下载服务。
步骤S804、软件中心访问中央仓库或其他软件中心,下载指定坐标的软件。
步骤S805、软件中心冗余上传软件流程执行成功。
步骤S806、软件中心冗余分发软件流程执行成功。
步骤S807、软件中心代理软件下载流程结束。
综上所述,借助于本发明实施例的高可靠性的软件中心系统,可以为网管软件提供相关的功能与服务。与现有技术中的软件中心只负责分发软件相比,本发明实施例的软件中心系统更突出高可靠的特性和增值服务,主要包括:软件中心系统建立了一套软件准入规范,准入规范包括基本信息准入、业务规则准入和依赖准入,其中基本信息准入要求软件中心的软件都具有符合规范的软件坐标信息,由软件坐标唯一标识软件,软件更易于查询和管理。软件中心采取了冗余的方式提供可靠的上传服务,使得主备软件中心都具有传送软件的能力。当网管服务器请求软件服务时,软件中心要求通过安全认证,通过特性发现后,网管服务器符合最低特性要求,软件中心才开始分发软件,软件中心也是采取冗余的方式提供可靠的分发服务。软件中心提供的分发方式包括网管服务器FTP下载和软件中心主动拥塞控制分发两种方式,其中拥塞控制可以更加合理的利用网络环境,提高分发的可靠性。软件中心除了提供基础的分发软件服务外,还提供驱动静默安装和远程升级服务,还支持代理网管服务器下载软件服务,将软件相关的功能从网管服务器中解耦出来,让网管服务器更专业的负责核心业
务相关的功能。软件中心制定了一系列规范和接口,并实现了轻量的软件中心代理,网管服务器既可以在裸机上部署该代理,也可以作为一个模块即插入网管服务器,由代理保证与软件中心的通讯。只有提供高可靠性的服务后,软件中心才会被更加广泛的使用,从而极大的提高开局和运维的效率。
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。
本领域那些技术人员可以理解,可以对实施例中的客户端中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个客户端中。可以把实施例中的模块组合成一个模块,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者客户端的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的加载有排序网址的客户端中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。
基于本发明实施例提供的上述技术方案,通过将软件中心系统与网管服务器分离部署,并根据预先设置的软件服务规范通过服务接口为设置了代理模块的实体服务器提供软件服务,解决了现有技术现有技术中软件中心职能低效的问题,能够保证软件中心系统向其他实体服务器提供高可靠性的软件服务,极大的提高开局和运维的效率。
Claims (14)
- 一种软件中心系统,所述系统与网管服务器分离部署,所述系统包括:软件管理模块,设置为根据预先设置的软件服务规范,通过服务接口为设置了代理模块的实体服务器提供软件服务;服务接口,设置为为所述代理模块提供与所述软件管理模块进行交互的接口;代理模块,部署于与所述系统交互的实体服务器中,设置为通过所述服务接口与所述软件管理模块进行交互,从所述软件管理模块为所述实体服务器获取软件服务。
- 如权利要求1所述的系统,其中,所述软件管理模块包括:软件准入单元,设置为根据所述软件服务规范中的软件准入规范,对待上传的软件进行校验,在校验成功后,允许上传相应软件;实体服务器特性发现单元,设置为根据所述软件服务规范中的特性规范,通过所述服务接口中的特性发现接口,与所述代理模块进行交互,进行实体服务器特性的注册和发现;软件冗余传输单元,设置为在采用主备两台服务器同时部署所述软件中心系统时,对主备两台服务器进行软件冗余上传和软件冗余分发;拥塞控制单元,设置为在将软件分发到实体服务器时,通过所述服务接口中的拥塞控制接口,根据已经发送的数据包的延时计算数据传输链路的拥塞状态,并根据所述拥塞状态调整后续传输数据包的大小;在不存在待分发的软件时,对流入本地的数据速度进行控制。
- 如权利要求1所述的系统,其中,所述软件管理模块还包括:软件安装单元,设置为根据所述软件服务规范中的静默安装规范,通过所述服务接口中的静默安装接口,通过所述代理模块驱动实体服务器进行软件安装;软件升级单元,设置为根据所述软件服务规范中的远程升级规范,通过所述服务接口中的远程升级接口,通过所述代理模块驱动实体服务器进行软件升级;代理下载单元,设置为根据所述软件服务规范中的代理下载规范,并通过所述服务接口中的代理下载接口,通过所述代理模块代理实体服务器对未在本地存储软件的软件服务请求,和/或代理另一个软件中心系统的分发软件服务。
- 如权利要求2所述的系统,其中,所述软件准入单元包括:软件安全认证子模块,设置为在接收到客户端上传的软件时,对所述客户端的操作权限进行认证,在所述客户端具备软件上传权限和软件注册权限时,存储或接收所述客户端上传该软件,在所述客户端仅具备软件上传权限,不具备软件注册权限时,在等待具备软件注册权限的用户审核通过后,存储或接收所述客户端上传该软件;在实体服务器请求提供软件服务时,对所述实体服务器提供的安全信息进行审核,在所述实体服务器无法提供所述安全信息或者提供的所述安全信息没有相应权限时,拒绝为所述实体服务器提供软件服务,其中,所述安全信息设置于所述实体服务器的代理模块中;日志审计子模块,设置为对接受软件服务或拒绝软件服务的操作进行审计日志的记录;校验子模块,设置为对待上传的软件进行基本信息准入和/或业务规则准入和/或软件依赖准入的软件准入规范检查,并通过软件校验后,存储或接收该软件。
- 如权利要求1所述的系统,其中,校验子模块设置为:从待上传的软件上获取软件坐标信息,判断所述软件坐标信息是否符合软件类型、软件功能类型和软件版本号的基本信息准入规范,如果不符合,则拒绝上传该软件;其中,所述软件坐标信息包括:软件类型、软件功能类型、以及软件版本号;或者,根据软件提供方提出的业务需求制定的业务规则检验待上传的软件是否具备准入资格,如果不具备,则拒绝上传该软件;其中,所述业务规则配置于所述待上传的软件的软件标识文件中;或者,在所述待上传的软件的软件标识文件中配置了软件依赖规则且配置了强制检测软件依赖时,计算待上传的软件的依赖关系,查找该软件依赖的其他软件,在其依赖的其他软件都存在时,存储或接收该软件。
- 如权利要求5所述的系统,其中,校验子模块设置为:从所述待上传的软件的包头中解析出所述软件坐标信息;或者,从所述待上传的软件的软件标识文件中解析出所述软件坐标信息。
- 如权利要求2所述的系统,其中,所述实体服务器特性发现单元包括:实体服务器特性注册子模块,设置为在实体服务器请求安装服务并安装软件成功之后,根据所述软件服务规范中的特性规范,通过所述服务接口中的特性发现接口,接收部署于所述实体服务器上的代理模块的实体服务器特性注册请求,将所述实体服务器特性清单保存在所述代理模块中;实体服务器特性发现子模块,设置为在实体服务器请求软件安装服务或升级服务时,检查相应软件的最低特性需求清单,如果没有特性要求则直接响应;如果有特性要求则请求所述实体服务器的代理模块提供实体服务器特性清单,并检查所述实体服务器特性清单是否符合该软件的特性要求,如果符合,则响应服务,否则拒绝服务。
- 如权利要求7所述的系统,其中,所述代理模块设置为:在实体服务器请求安装服务并安装软件成功后,如果安装的软件中包含特性要求,则根据所述特性规范通过特性注册接口直接注册该实体服务器的特性,并保存所述实体服务器特性清单;在某些特性是需要探测才能确定的情况下,在所述实体服务器按特性探测方法进行探测,探测出特性后再通过特性注册接口注册该实体服务器的特性,并保存所述实体服务器特性清单。
- 如权利要求2所述的系统,其中,所述软件冗余传输单元包括:软件冗余上传子模块,设置为在主备两台服务器同时部署软件中心系统时,当客户端将某个软件上传后,并发向主用服务器和备用服务器上传该软件,并通过所述服务接口中的同步控制接口对主用服务器与备用服务器进行软件同步;软件冗余分发子模块,设置为在主备服务器上都存在待分发软件时,通过所述服务接口中的分发控制接口分发软件包时,将主用服务器中的待分发软件发送到实体服务器的主用服务器,将备用服务器中的待分发软件发送到实体服务器的备用服务器,并创建主用服务器到实体服务器的备用服务器的数据链路、以及备用服务器到实体服务器的主用服务器的数据链路;检测四条数据链路的连接和占用情况,任何一条被占用的数据链路出现问题时,选择已创建未占用的数据链路承担问题数据链路的职责,在软件分发到实体服务器的主用服务器后,接收所述实体服务器的代理模块发送的分发结束消息,断开其他数据链;软件校验子模块,设置为在从客户端上传软件后,校验软件的第一消息摘要算法第五版MD5码与从软件标识文件或软件包头的标识信息中解析出的第 二MD5码是否一致,如果一致,则提示用户上传成功,否则,则提示用户上传失败;在分发软件到实体服务器后,请求实体服务器通过控制链路传回其本地服务器中软件的第一MD5码,校验其与从软件标识文件或软件包头的标识信息中解析出的第二MD5码是否一致,如果一致,则确认分发成功,并通知实体服务器分发结束,否则,通知实体服务器分发失败。
- 如权利要求9所述的系统,其中,软件冗余上传子模块设置为:在软件上传到主用服务器过程中发生传输中断时,保持软件上传到备用服务器,待上传到备用服务器成功后,检测到该软件并通过同步控制接口同步到主用服务器上,在软件上传到备用服务器过程中发生传输中断时,保持软件上传到主用服务器,待上传到主用服务器成功后,检测到该软件并通过同步控制接口同步到备用服务器上,在软件上传到主备服务器都发生传输中断时,通知客户端网络异常,无法上传软件。
- 如权利要求2所述的系统,其中,所述拥塞控制单元设置为:当实体服务器请求分发软件时,与实体服务器上的代理模块建立两条链路,其中一条为控制链路,另一条为数据传输链路;在准备向实体服务器传送第一包数据时,向所述控制链路申请本次传送的数据大小,根据所述数据大小通过所述数据传输链路传送所述第一包数据的包体,通过所述控制链路传送控制数据;在所述实体服务器收到第一包数据的包体和所述控制数据后,接收所述实体服务器通过所述控制链路发送的第一包数据的发送时延及其他链路传输数据,并进行缓存;在传送第N包数据到实体服务器前,根据前N-1包数据的发送时延的平均值和其他链路传输数据的平均值估计当前网络拥塞值,将所述网络拥塞值与预先设置的阈值进行比较,如果大于或等于所述阈值,则减小第N包数据的大小;如果小于所述阈值,则增大第N包数据的大小,其中,N为大于或等于1的整数;在待分发的软件不存在时,对流入本地的数据速度进行控制,将流入本地的数据加入预先设置的流入队列,根据所述流入流入队列和所述网络拥塞值计算发送数据包的大小。
- 如权利要求3所述的系统,其中,所述软件安装单元设置为:在收到实体服务器的安装软件请求后,检验所述实体服务器提供的用户信息是否具备足够权限,在具备足够权限的情况下,检查待安装软件是否存在,以及待安装软件的依赖软件是否存在,在判断均存在的情况下,准备待安装软件,并向所述实体服务器请求特性发现,在获取到所述实体服务器的身份和实体服务器特性清单后,根据所述实体服务器的身份和所述实体服务器特性清单进行最低安装特性要求的检查,在检查通过后,请求所述实体服务器提供静默安装配置,根据实体服务器的安装软件请求选择一种分发软件的方式进行软件分发,并根据所述静默安装配置驱动实体服务器进行软件安装。
- 如权利要求3所述的系统,其中,所述软件升级单元设置为:收到实体服务器发送的升级软件请求后,检验所述实体服务器提供的用户信息是否具备足够权限,在具备足够权限的情况下,检查待升级软件的升级包是否存在,在存在的情况下,向所述实体服务器请求特性发现,在获取到所述实体服务器的身份和实体服务器特性清单后,根据所述实体服务器的身份和所述实体服务器特性清单进行最低升级特性要求的检查,在检查通过后,请求实体服务器提供升级步骤配置,根据实体服务器的安装软件请求选择一种分发软件的方式进行升级包分发,并根据所述升级步骤配置驱动实体服务器进行软件升级。
- 如权利要求3所述的系统,其中,所述代理下载单元设置为:收到实体服务器发送的代理下载请求后,计算下载路径,根据所述下载路径从其他软件中心或从广域网获取软件,在该软件被分发到本地后,再分发到所述实体服务器。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410616930.XA CN105635218B (zh) | 2014-11-05 | 2014-11-05 | 软件中心系统 |
CN201410616930.X | 2014-11-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016070651A1 true WO2016070651A1 (zh) | 2016-05-12 |
Family
ID=55908521
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/084855 WO2016070651A1 (zh) | 2014-11-05 | 2015-07-22 | 软件中心系统 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105635218B (zh) |
WO (1) | WO2016070651A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021031064A1 (zh) * | 2019-08-19 | 2021-02-25 | 北京小米移动软件有限公司 | 数据处理方法和装置、电子设备和计算机可读存储介质 |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105656704B (zh) * | 2014-11-12 | 2020-02-18 | 腾讯数码(天津)有限公司 | 页面异常检测方法、装置及系统 |
CN106713030B (zh) * | 2016-12-21 | 2019-11-15 | 无锡江南计算技术研究所 | 基于安全管控的软件源管理方法以及软件功能管理系统 |
CN110392367A (zh) * | 2018-04-16 | 2019-10-29 | 深圳Tcl新技术有限公司 | 一种蓝牙传输控制方法、系统及存储介质 |
CN112905475B (zh) * | 2021-03-11 | 2022-09-06 | 湖南化工职业技术学院(湖南工业高级技工学校) | 一种基于计算机的软件测试平台 |
CN114389999B (zh) * | 2021-12-27 | 2023-08-18 | 鹏城实验室 | 一种基于数据包的网络传输方法、装置、设备及存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101105745A (zh) * | 2006-07-14 | 2008-01-16 | 中兴通讯股份有限公司 | 分布式软件系统的部署方法 |
US20080148234A1 (en) * | 2006-12-19 | 2008-06-19 | International Business Machines Corporation | Data Synchronization Mechanism for Change-Request-Management Repository Interoperation |
CN103400066A (zh) * | 2013-07-29 | 2013-11-20 | 王克 | 用于管理软件的系统和方法 |
CN103559591A (zh) * | 2013-11-20 | 2014-02-05 | 北京可信华泰信息技术有限公司 | 基于可信计算的软件管理系统和管理方法 |
-
2014
- 2014-11-05 CN CN201410616930.XA patent/CN105635218B/zh active Active
-
2015
- 2015-07-22 WO PCT/CN2015/084855 patent/WO2016070651A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101105745A (zh) * | 2006-07-14 | 2008-01-16 | 中兴通讯股份有限公司 | 分布式软件系统的部署方法 |
US20080148234A1 (en) * | 2006-12-19 | 2008-06-19 | International Business Machines Corporation | Data Synchronization Mechanism for Change-Request-Management Repository Interoperation |
CN103400066A (zh) * | 2013-07-29 | 2013-11-20 | 王克 | 用于管理软件的系统和方法 |
CN103559591A (zh) * | 2013-11-20 | 2014-02-05 | 北京可信华泰信息技术有限公司 | 基于可信计算的软件管理系统和管理方法 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021031064A1 (zh) * | 2019-08-19 | 2021-02-25 | 北京小米移动软件有限公司 | 数据处理方法和装置、电子设备和计算机可读存储介质 |
US11949574B2 (en) | 2019-08-19 | 2024-04-02 | Beijing Xiaomi Mobile Software Co., Ltd. | Data processing method and apparatus, electronic device and computer-readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN105635218A (zh) | 2016-06-01 |
CN105635218B (zh) | 2020-10-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11693746B2 (en) | Systems and methods for enabling a highly available managed failover service | |
US11088903B2 (en) | Hybrid cloud network configuration management | |
US12072851B2 (en) | System and method for connection concentration in a database environment | |
WO2016070651A1 (zh) | 软件中心系统 | |
US11341005B2 (en) | Systems and methods for enabling a highly available managed failover service | |
US11366728B2 (en) | Systems and methods for enabling a highly available managed failover service | |
US20160366233A1 (en) | Private Cloud as a service | |
JP2018116708A (ja) | ネットワーク接続自動化 | |
WO2019184164A1 (zh) | 自动部署Kubernetes从节点的方法、装置、终端设备及可读存储介质 | |
CN112261172B (zh) | 服务寻址访问方法、装置、系统、设备及介质 | |
CN106911648B (zh) | 一种环境隔离方法及设备 | |
JP2013508882A (ja) | 複製されたデータインスタンスのプロビジョニングおよび管理 | |
CN114745145B (zh) | 业务数据访问方法、装置和设备及计算机存储介质 | |
KR20140112643A (ko) | 이종 서비스 간 서비스 제공 방법과 사용자 단말 및 웹 서버 | |
US10218659B1 (en) | Persistent connections for email web applications | |
US11709741B1 (en) | Systems and methods for enabling a failover service for block-storage volumes | |
US11379434B2 (en) | Efficient and automatic database patching using elevated privileges | |
CN117131493A (zh) | 权限管理系统构建方法、装置、设备及存储介质 | |
US11968238B2 (en) | Policy management system to provide authorization information via distributed data store | |
CN114640505A (zh) | Ftp用户认证方法和系统及其构建方法 | |
US12124344B2 (en) | Systems and methods for enabling a highly available managed failover service | |
EP2739010B1 (en) | Method for improving reliability of distributed computer systems based on service-oriented architecture | |
WO2017049908A1 (zh) | 一种重定向的方法及装置 | |
TWI717457B (zh) | 環境隔離方法及設備 | |
CN118713816A (zh) | 服务器系统、固件处理方法、装置、设备、介质及产品 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15856990 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15856990 Country of ref document: EP Kind code of ref document: A1 |