WO2016101474A1 - 配置数据的监控方法、装置及其系统 - Google Patents

配置数据的监控方法、装置及其系统 Download PDF

Info

Publication number
WO2016101474A1
WO2016101474A1 PCT/CN2015/077713 CN2015077713W WO2016101474A1 WO 2016101474 A1 WO2016101474 A1 WO 2016101474A1 CN 2015077713 W CN2015077713 W CN 2015077713W WO 2016101474 A1 WO2016101474 A1 WO 2016101474A1
Authority
WO
WIPO (PCT)
Prior art keywords
configuration data
network element
element device
management center
configuration
Prior art date
Application number
PCT/CN2015/077713
Other languages
English (en)
French (fr)
Inventor
李林松
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016101474A1 publication Critical patent/WO2016101474A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, an apparatus, and a system for monitoring configuration data.
  • the configuration data of the network element device may be illegally modified by the hacker or incorrectly changed by the user; in order to avoid the operation failure of the system due to the configuration change, the device administrator needs to log in to the system to check the configuration file to confirm whether the configuration of the device is It is set normally to further confirm whether the device status is normal.
  • IPTV Internet Protocol Television
  • DB Database
  • IMP Interface Message Processor
  • the invention provides a method, a device and a system for monitoring configuration data to solve at least the above problems.
  • a method for monitoring configuration data including: a management center receives and stores first configuration data of a network element device; and the management center receives the network element device according to a predetermined period. a second configuration data; the management center monitors, according to the first configuration data and the second configuration data, a change of configuration data of the network element device, where the first configuration data and the second configuration The data is collected and sent by the configuration agent of the network element device.
  • the monitoring by the management center, monitoring the change of the configuration data of the network element device according to the first configuration data and the second configuration data, that: the management center compares the first configuration data with the Whether the second configuration data is consistent; if the comparison result is inconsistent, the management center generates alarm information.
  • the method further includes: when the network element device is started or restarted, the configuration agent is located The management center requests and establishes a connection; the configuration agent collects the first configuration data or the second configuration data of the network element device; and the configuration proxy sends the first configuration data by using the established connection Or the second configuration data to the management center.
  • the method further includes: sending, by the network management center, the first configuration data to the network element device.
  • the method further includes: the network management center changes the first configuration data; and the network management center changes the first The configuration data is delivered to the network element device.
  • a monitoring device for configuring data which is located in a management center, and includes: a storage module configured to receive and store first configuration data of the network element device; and a receiving module configured to follow And receiving, by the predetermined period, the second configuration data of the network element device, where the monitoring module is configured to monitor, according to the first configuration data and the second configuration data, a change of configuration data of the network element device, where The first configuration data and the second configuration data are collected and sent by a configuration agent of the network element device.
  • the monitoring module includes: a comparing unit, configured to compare whether the first configuration data and the second configuration data are consistent; and an alarm unit, configured to be in a case where the comparison result is inconsistent, the management center Generate alarm information.
  • the device further includes: a first sending module, configured to deliver the first configuration data to the network element device.
  • a first sending module configured to deliver the first configuration data to the network element device.
  • the device further includes: a change module, configured to change the first configuration data; and a second sending module, configured to deliver the changed first configuration data to the network element device.
  • a change module configured to change the first configuration data
  • a second sending module configured to deliver the changed first configuration data to the network element device.
  • a monitoring system for configuring data including: a management center and a network element device, wherein the management center includes the monitoring device of the configuration data; the network element device include: a configuration agent, where the configuration agent includes: a connection module, configured to request and establish a connection to the management center; and a collection module configured to collect the first configuration data of the network element device or the a second configuration data; the sending module is configured to send the first configuration data or the second configuration data to the management center by using the established connection.
  • the management center receives and stores the first configuration data of the network element device; the management center receives the second configuration data of the network element device according to the predetermined period; the management center is configured according to the first configuration data and the second configuration data.
  • FIG. 1 is a flowchart of a method of monitoring configuration data according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a monitoring apparatus for configuring data according to an embodiment of the present invention
  • FIG. 3 is a first schematic structural diagram 1 of a monitoring device for configuring data according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram 2 of a preferred structure of a monitoring device for configuring data according to an embodiment of the present invention
  • FIG. 5 is a third schematic structural diagram of a monitoring apparatus for configuring data according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a monitoring system for configuring data according to an embodiment of the present invention.
  • FIG. 7 is a flow chart of configuring a security alert in accordance with a preferred embodiment of the present invention.
  • FIG. 8 is a flow diagram of configuration collection and recovery during an upgrade process in accordance with a preferred embodiment of the present invention.
  • This embodiment provides a monitoring method for configuration data, where the monitoring method is applied to a monitoring system including configuration data of a management center, where the management center may be an operation, a configuration, a maintenance center, or a system.
  • a central monitoring node may be configured on the network element device, and the configuration proxy is not limited to hardware or a resident application, and may run with the startup of the network element device.
  • FIG. 1 is a flowchart of a method for monitoring configuration data according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
  • Step S102 The management center receives and stores the first configuration data of the network element device.
  • Step S104 The management center receives second configuration data of the network element device according to a predetermined period.
  • step S106 the management center monitors the change of the configuration data of the network element device according to the first configuration data and the second configuration data, where the first configuration data and the second configuration data are collected and sent by the configuration agent of the network element device.
  • first and second in the above-mentioned first configuration data and second configuration data are not used to indicate that there is a limitation in the order of the two, but are used to identify the two configuration data for convenience of description.
  • the first configuration data is pre-stored in the management center, and the configuration data of the network element device is obtained according to a predetermined period, thereby solving the efficiency caused by manually checking the configuration data of the network element device in the related art.
  • Low problem Compared with the manner in which the configuration data needs to be manually checked in the related art, the solution provided by the embodiment of the present invention improves the checking efficiency of the configuration data and improves the stability of the system operation.
  • the foregoing step S106 may be performed in the following manner: the management center compares whether the first configuration data and the second configuration data are consistent; if the comparison result is inconsistent, the management center generates the alarm information.
  • the configuration data when the configuration data is consistent, the configuration data may be comprehensively compared, or only some data in the configuration data may be compared, for example, key data in the configuration data. In other words, configuration data needs to be compared to which items can be selected through global settings.
  • alarm information can be generated when configuration data or key configuration data is changed, so that the configuration can be manually checked.
  • the information of the network element device is carried in the alarm information, and the information about the inconsistent configuration data is preferably carried.
  • the configuration agent runs with the startup or restart of the network element device.
  • the configuration agent initiates a connection request to the management center and establishes a connection with the management center.
  • the configuration agent collects the first configuration data of the network element device when the network element device is started or restarted, and the configuration agent collects the second configuration data of the network element device according to a predetermined period, for example, every day, or every hour. Then, the configuration agent sends the first configuration data or the second configuration data to the management center through the established connection.
  • the configuration agent may also monitor the configuration data of the network element device, that is, collect and report the second configuration data to the management center when the configuration data of the network element device is monitored. This method can avoid frequent reporting of configuration data.
  • the configuration data of the NE device After the NE device is upgraded, you need to reconfigure the configuration data of the NE device. These configuration data may or may not be the same as before the upgrade. In the related art, after the NE device is upgraded, the configuration data of the NE device needs to be reconfigured by the engineering personnel. In the process of upgrading the NE device in batches, the manual operation becomes very cumbersome. In this embodiment, since the configuration data of the network element device has been backed up and saved by the network management center, the configuration information of the network element device needs to be reconfigured, for example, the configuration data of the network element device is initialized due to the software version upgrade of the device. The NMS can send the saved configuration data (the first configuration data) to the NE device to complete the configuration of the NE device.
  • the network management center may change the first configuration data according to the operation of the user, and deliver the changed first configuration data to the network element device.
  • This embodiment also provides a monitoring device for configuring data, which is located in the management center.
  • the monitoring device for configuring data in this embodiment is used to implement the monitoring method of the above configuration data. What has been described in detail in the method embodiments will not be described again herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the device includes: a storage module 22, a receiving module 24, and a monitoring module 26, wherein the storage module 22 is configured to receive and Storing the first configuration data of the network element device; the receiving module 24 is configured to receive the second configuration data of the network element device according to a predetermined period; the monitoring module 26 is coupled to the storage module 22 and the receiving module 24, and is configured to be configured according to the first configuration data. And the second configuration data, monitoring the change of the configuration data of the network element device, where the first configuration data and the second configuration data are collected and sent by the configuration agent of the network element device.
  • FIG. 3 is a first schematic structural diagram of a monitoring apparatus for configuring data according to an embodiment of the present invention.
  • the monitoring module 26 includes: a comparing unit 262 configured to compare the first configuration data with the second configuration data. Whether it is consistent; the alarm unit 264 is coupled to the comparison unit 262, and is configured to generate alarm information when the comparison result is inconsistent.
  • FIG. 4 is a schematic diagram of a preferred structure of a monitoring device for configuring data according to an embodiment of the present invention.
  • the device further includes: a first sending module 42 coupled to the storage module 22, configured to be A configuration data is sent to the network element device.
  • the device further includes: a change module 52 coupled to the storage module 22, configured to change the first configuration data.
  • the second sending module 54 is coupled to the changing module 52, and is configured to deliver the changed first configuration data to the network element device.
  • FIG. 6 is a schematic structural diagram of a monitoring system for configuring data according to an embodiment of the present invention.
  • the system includes: a management center 62 and a network element device 64.
  • the management center 62 is coupled to the network element device 64, including the monitoring device 622 of the configuration data described above;
  • the network element device 64 includes: a configuration agent 642, wherein the configuration agent 642 includes: a connection module 6422, configured to request from the management center And establishing a connection;
  • the collection module 6424 is coupled to the connection module 6422, configured to collect first configuration data or second configuration data of the network element device;
  • the sending module 6426 is coupled to the collection module 6424, configured to send the first configuration data through the established connection. Or the second configuration data to the management center.
  • the solution provided by the preferred embodiment of the present invention is used to solve the change of the target device operating system or the telecommunication application configuration, and the configuration management center can capture the change in time, and can notify the management personnel in real time through the external alarm function module.
  • a method and apparatus for carrying out the above aspects are disclosed in a preferred embodiment of the invention.
  • the method and apparatus are applicable to a variety of device operating systems (including, but not limited to, Linux, Unix, NT).
  • Step 1 The engineering personnel adds device NE information to the configuration management center device and confirms that the network communication is normal.
  • Step 2 The configuration management center device initializes configuration information of all device NEs. Save and save to the data storage unit.
  • the configuration data saved in this step is used as the security configuration mirror data of the device.
  • Step 3 Set the security monitoring policy in the configuration management center.
  • step 4 the configuration information of the device network element is obtained again according to the security monitoring policy, and compared with the original configuration information obtained in step 2, it is determined whether there is a configuration change.
  • Scenario 1 Configure security alarms.
  • FIG. 7 is a flowchart of configuring a security alarm according to a preferred embodiment of the present invention. As shown in FIG. 7, the process includes the following steps:
  • step S701 the engineering operator adds the device network element information in the configuration management center, and deploys the configuration agent module on each device.
  • the configuration agent module actively sends a connection request to the configuration management center.
  • step S702 the configuration management center device obtains the connection request of a certain device for the first time, and is updated as a new login device information and registered and stored in the database.
  • Step S703 After the device successfully deploys the configuration agent module and completes the registration, the configuration management center requests the configuration agent to collect application configuration data on the device, and configures the agent to generate application configuration data.
  • step S704 the configuration management center obtains the application configuration data file generated by the configuration agent through the file transfer protocol (FTP) service or another file server, and the configuration management center parses the application configuration data file obtained in step S703, and saves it in the database.
  • FTP file transfer protocol
  • Step S705 the configuration management center sets a configuration monitoring policy. It can usually be set to scan configuration changes by hour, by day, by week.
  • Step S706 The configuration management center acquires the configuration data of the device network element again according to the security monitoring policy set in step S705.
  • the detailed method is the same as step S703 and step S704.
  • step S707 the configuration data obtained in step S706 and the configuration data saved in step S704 are changed. If the configuration storage difference obtained in step S706 and step S704 is detected twice, the configuration management center can be connected to the alarm center, and a configuration security alarm occurs in time.
  • FIG. 8 is a flow chart of configuration collection and recovery in an upgrade process according to a preferred embodiment of the present invention. As shown in FIG. 8, the process includes the following steps:
  • Steps S801 to S804 are the same as steps S701 to S704, and details are not described herein again.
  • the configuration management center analyzes and filters the device configuration in the step S804, and copies the current usage configuration value of each device to the configuration table of the device, and delivers the initial data as the configuration configured by the configuration management center device.
  • step S806 the engineer performs configuration and delivery operations through the configuration management center.
  • the foregoing embodiments, preferred embodiments, and implementations of the present invention can monitor whether the operational configuration of the telecommunication device is maliciously attacked or tampered with, and can also achieve the function of collecting and recovering device configuration of the configuration management center.
  • the above-mentioned embodiments of the present invention solve the problem of low efficiency caused by manually checking the configuration data of the network element device in the related art, and improve the efficiency of checking the configuration data by storing and periodically matching the configuration data. Improve the stability of the system operation.
  • a storage medium is further provided, wherein the software includes the above-mentioned software, including but not limited to: an optical disk, a floppy disk, a hard disk, an erasable memory, and the like.
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种配置数据的监控方法、装置及其系统,其中,该方法包括:管理中心接收并存储网元设备的第一配置数据;管理中心按照预定周期,接收网元设备的第二配置数据;管理中心根据第一配置数据和第二配置数据,监控网元设备的配置数据的变化,其中,第一配置数据和第二配置数据是由网元设备的配置代理收集并发送的。通过本发明,解决了相关技术中人工检查网元设备的配置数据导致的效率低的问题,提高了配置数据的检查效率,提升了系统运行的稳定性。

Description

配置数据的监控方法、装置及其系统 技术领域
本发明涉及通信领域,具体而言,涉及一种配置数据的监控方法、装置及其系统。
背景技术
在相关技术中,网元设备的配置数据可能会被黑客非法修改,或者被用户错误更改;为了避免由于配置更改导致系统的运行故障,设备管理员需要登录系统查看配置文件以确认设备的配置是否被正常设置,进一步确认设备状态是否正常。
然而,电信级别的应用特点是规模大,设备多,设备类型多样。例如,IPTV(Internet Protocol Television,即互联网电视)系统中,包含数百甚至成千的EPG(Electronic Programmer Guide,即电子节目单)设备,DB(Database,即数据库)设备,IMP(Interface Message Processor,即接口信息处理机)等。如果通过操作人员登录系统查看配置文件方式以确认配置安全,工作繁琐,效率低下,且可靠性低。
此外,在电信系统设备升级过程中,工程人员在设备版本完成升级后,通常需要在配置管理中心对各个设备的配置重新进行调整、并下发生效。在设备数量比较大的情况下,通过工程人员人工逐一设置每一台设备的配置也是效率低下、工作繁琐且可靠性低容易出错。
针对相关技术中人工检查网元设备的配置数据导致的效率低的问题,目前尚未提出有效的解决方案。
发明内容
本发明提供了一种配置数据的监控方法、装置及其系统,以至少解决上述问题。
根据本发明实施例的一个方面,提供了一种配置数据的监控方法,包括:管理中心接收并存储网元设备的第一配置数据;所述管理中心按照预定周期,接收所述网元设备的第二配置数据;所述管理中心根据所述第一配置数据和所述第二配置数据,监控所述网元设备的配置数据的变化,其中,所述第一配置数据和所述第二配置数据是由所述网元设备的配置代理收集并发送的。
可选地,所述管理中心根据所述第一配置数据和所述第二配置数据,监控所述网元设备的配置数据的变化包括:所述管理中心对比所述第一配置数据和所述第二配置数据是否一致;在对比结果为不一致的情况下,所述管理中心产生告警信息。
可选地,在所述管理中心按照预定周期接收所述网元设备的第二配置数据之前,所述方法还包括:在所述网元设备启动或者重启的情况下,所述配置代理向所述管理中心请求并建立连接;所述配置代理收集所述网元设备的所述第一配置数据或者所述第二配置数据;所述配置代理通过建立的所述连接发送所述第一配置数据或者所述第二配置数据至所述管理中心。
可选地,在管理中心接收并存储网元设备的第一配置数据之后,所述方法还包括:所述网管中心将所述第一配置数据下发到所述网元设备。
可选地,在管理中心接收并存储网元设备的第一配置数据之后,所述方法还包括:所述网管中心更改所述第一配置数据;所述网管中心将更改后的所述第一配置数据下发到所述网元设备。
根据本发明实施例的另一个方面,还提供了一种配置数据的监控装置,位于管理中心,包括:存储模块,设置为接收并存储网元设备的第一配置数据;接收模块,设置为按照预定周期,接收所述网元设备的第二配置数据;监控模块,设置为根据所述第一配置数据和所述第二配置数据,监控所述网元设备的配置数据的变化,其中,所述第一配置数据和所述第二配置数据是由所述网元设备的配置代理收集并发送的。
可选地,所述监控模块包括:对比单元,设置为对比所述第一配置数据和所述第二配置数据是否一致;告警单元,设置为在对比结果为不一致的情况下,所述管理中心产生告警信息。
可选地,所述装置还包括:第一下发模块,设置为将所述第一配置数据下发到所述网元设备。
可选地,所述装置还包括:更改模块,设置为更改所述第一配置数据;第二下发模块,设置为将更改后的所述第一配置数据下发到所述网元设备。
根据本发明实施例的另一个方面,还提供了一种配置数据的监控系统,包括:管理中心和网元设备,其中,所述管理中心包括上述的配置数据的监控装置;所述网元设备包括:配置代理,其中,所述配置代理包括:连接模块,设置为向所述管理中心请求并建立连接;收集模块,设置为收集所述网元设备的所述第一配置数据或者所述 第二配置数据;发送模块,设置为通过建立的所述连接发送所述第一配置数据或者所述第二配置数据至所述管理中心。
通过本发明实施例,采用管理中心接收并存储网元设备的第一配置数据;管理中心按照预定周期,接收网元设备的第二配置数据;管理中心根据第一配置数据和第二配置数据,监控网元设备的配置数据的变化的方式,其中,第一配置数据和第二配置数据是由网元设备的配置代理收集并发送的。通过上述方案解决了相关技术中人工检查网元设备的配置数据导致的效率低的问题,提高了配置数据的检查效率,提升了系统运行的稳定性。
附图说明
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:
图1是根据本发明实施例的配置数据的监控方法的流程图;
图2是根据本发明实施例的配置数据的监控装置的结构示意图;
图3是根据本发明实施例的配置数据的监控装置的优选结构示意图一;
图4是根据本发明实施例的配置数据的监控装置的优选结构示意图二;
图5是根据本发明实施例的配置数据的监控装置的优选结构示意图三;
图6是根据本发明实施例的配置数据的监控系统的结构示意图;
图7是根据本发明优选实施例的配置安全告警的流程图;
图8是根据本发明优选实施例的升级过程中配置收集和恢复的流程图。
具体实施方式
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。
本实施例提供了一种配置数据的监控方法,该监控方法应用于包括管理中心的配置数据的监控系统,该管理中心可以是系统的操作、配置、维护中心,或者是系统的 一个中心监控节点。另外,在本实施例中,在网元设备上配置了一个配置代理,该配置代理不限于硬件或者一个常驻的应用程序,其可以随网元设备的启动而运行。
图1是根据本发明实施例的配置数据的监控方法的流程图,如图1所示,该流程包括如下的步骤:
步骤S102,管理中心接收并存储网元设备的第一配置数据;
步骤S104,管理中心按照预定周期,接收网元设备的第二配置数据;
步骤S106,管理中心根据第一配置数据和第二配置数据,监控网元设备的配置数据的变化,其中,第一配置数据和第二配置数据是由网元设备的配置代理收集并发送的。
上述的第一配置数据和第二配置数据中的“第一”和“第二”并不用于表示二者存在顺序上的限定,而是用于标识这两个配置数据,以便于描述。
可见,通过上述步骤,经由配置代理,在管理中心预先存储了第一配置数据,并按照预定周期获取网元设备的配置数据,从而解决了相关技术中人工检查网元设备的配置数据导致的效率低的问题。相对于在相关技术中需要由人工检查配置数据的方式,采用本发明实施例提供的方案提高了配置数据的检查效率,提升了系统运行的稳定性。
优选地,上述步骤S106可以采用下列方式:管理中心对比第一配置数据和第二配置数据是否一致;在对比结果为不一致的情况下,管理中心产生告警信息。其中,在对比配置数据是否一致时,可以全面对比配置数据,也可以仅对比配置数据中的某一些数据,例如配置数据中的关键数据。也就是说,配置数据需要对比哪一些项目是可以通过全局设置来选择的。通过上述的方式,可以在配置数据或者关键的配置数据发生变更的情况下产生告警信息,以便于人工排查配置。其中告警信息中携带有网元设备的信息,较优地还携带有不一致的配置数据的相关信息。
优选地,配置代理随网元设备的启动或者重启而运行,在网元设备启动或者重启之后,配置代理主动向管理中心发起连接请求,并建立与管理中心的连接。配置代理在网元设备启动或者重启时收集网元设备的第一配置数据,以及配置代理根据预定周期,例如每天,或者每小时,收集网元设备的第二配置数据。然后,配置代理通过建立的连接发送第一配置数据或者第二配置数据至管理中心。
另外,在一些实施例中,配置代理也可以监控网元设备的配置数据,即在监控到网元设备的配置数据发生修改操作的情况下收集并上报第二配置数据至管理中心。通过该方式可以避免配置数据的频繁上报。
网元设备进行升级后,往往需要重新配置网元设备的配置数据。这些配置数据可能与升级之前的相同,也可能有所不同。在相关技术中,网元设备升级后,都需要由工程人员重新配置网元设备的配置数据,在批量升级网元设备的过程中,人工的操作变得非常的繁琐。在本实施例中,由于网管中心已经对网元设备的配置数据进行了备份保存,因此,在需要重新配置网元设备的配置信息,如网元设备的配置数据由于设备软件版本升级等被初始化清空,网管中心可以将保存的配置数据(第一配置数据)下发到网元设备,完成网元设备的配置。
此外,在网元设备的配置数据需要修改的情况下,网管中心可以根据用户的操作,更改第一配置数据,并将更改后的第一配置数据下发到网元设备。
本实施例还提供了一种配置数据的监控装置,该装置位于管理中心。本实施例中的配置数据的监控装置用于实现上述配置数据的监控方法。在方法实施例中详细描述过的内容在此将不再赘述。此外,如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。
图2是根据本发明实施例的配置数据的监控装置的结构示意图,如图2所示,该装置包括:存储模块22、接收模块24和监控模块26,其中,存储模块22,设置为接收并存储网元设备的第一配置数据;接收模块24,设置为按照预定周期,接收网元设备的第二配置数据;监控模块26耦合至存储模块22和接收模块24,设置为根据第一配置数据和第二配置数据,监控网元设备的配置数据的变化,其中,第一配置数据和第二配置数据是由网元设备的配置代理收集并发送的。
图3是根据本发明实施例的配置数据的监控装置的优选结构示意图一,如图3所示,优选地,监控模块26包括:对比单元262,设置为对比第一配置数据和第二配置数据是否一致;告警单元264耦合至对比单元262,设置为在对比结果为不一致的情况下,管理中心产生告警信息。
图4是根据本发明实施例的配置数据的监控装置的优选结构示意图二,如图4所示,优选地,该装置还包括:第一下发模块42耦合至存储模块22,设置为将第一配置数据下发到网元设备。
图5是根据本发明实施例的配置数据的监控装置的优选结构示意图三,如图5所示,优选地,该装置还包括:更改模块52耦合至存储模块22,设置为更改第一配置数据;第二下发模块54耦合至更改模块52,设置为将更改后的第一配置数据下发到网元设备。
本实施例还提供了一种配置数据的监控系统,图6是根据本发明实施例的配置数据的监控系统的结构示意图,如图6所示,该系统包括:管理中心62和网元设备64,其中,管理中心62耦合至网元设备64,包括上述的配置数据的监控装置622;网元设备64包括:配置代理642,其中,配置代理642包括:连接模块6422,设置为向管理中心请求并建立连接;收集模块6424耦合至连接模块6422,设置为收集网元设备的第一配置数据或者第二配置数据;发送模块6426耦合至收集模块6424,设置为通过建立的连接发送第一配置数据或者第二配置数据至管理中心。
下面结合优选实施例对本发明进行描述和说明。
本发明优选实施例提供的方案,用于解决目标设备操作系统或电信应用配置发生变化后,配置管理中心可及时捕获到变化,并可通过外接告警功能模块,实时通知管理人员。
为达到上述目的,在本发明优选实施例中公开了一种实施上述方案的方法和装置。该方法和装置适用于种类型设备操作系统(包括并不限于Linux、Unix、NT)。
本优选实施例采用的方案包括如下步骤:
步骤1,工程人员在配置管理中心装置添加设备网元信息,并确认网络通讯正常。
步骤2,配置管理中心装置初始化所有设备网元的配置信息。确认后保存至数据存储单元。此步骤保存的配置数据作为设备的安全配置镜像数据。
步骤3,在配置管理中心设置安全监控策略。
步骤4,根据安全监控策略再次获取设备网元的配置信息,与步骤2所获原始配置信息对比,判断是否存在配置发生变化。
下面分两个场景描述本优选实施例的上述技术方案。
场景一,实现配置安全告警
图7是根据本发明优选实施例的配置安全告警的流程图,如图7所示,该流程包括如下步骤:
步骤S701,工程操作人员在配置管理中心添加设备网元信息,在每一台设备上部署配置代理模块。设备启动或重启时,配置代理模块主动向配置管理中心发出连接请求。
步骤S702,配置管理中心装置首次获得某个设备的连接请求,作为新登录设备信息完善并注册保存在数据库中。
步骤S703,设备成功部署配置代理模块并完成注册后,配置管理中心请求配置代理收集该设备上的应用配置数据,配置代理生成应用配置数据。
步骤S704,配置管理中心通过文件传输协议(FTP)服务或其他文件服务器,获取配置代理生成的应用配置数据文件,配置管理中心解析步骤S703获得的应用配置数据文件后,保存在数据库中。
步骤S705,配置管理中心设置配置监控策略。通常可设置为按小时、按日、按周扫描配置变化。
步骤S706,根据步骤S705设置的安全监控策略,配置管理中心再次获取设备网元的配置数据。详细方法同步骤S703和步骤S704。
步骤S707,比对步骤S706获得的配置数据和步骤S704保存的配置数据变化。如检测到步骤S706和步骤S704两次获取的配置存储差异,配置管理中心可连接告警中心,及时发生配置安全告警。
场景二,实现设备升级过程中配置收集
图8是根据本发明优选实施例的升级过程中配置收集和恢复的流程图,如图8所示,该流程包括如下步骤:
步骤S801至步骤S804同步骤S701至步骤S704,在此不再赘述。
步骤S805,配置管理中心分析、过滤步骤S804入库的设备配置,将各设备上的当前使用配置值,拷贝覆盖到设备的配置表中,作为配置管理中心设备配置的配置下发初始数据。
步骤S806,工程人员通过配置管理中心,进行配置下发操作。
综上所述,通过本发明的上述实施例、优选实施例和实施方式,可以监控电信通讯设备的运行配置是否遭遇恶意攻击或篡改,还可达到配置管理中心的设备配置收集和恢复的功能。
工业实用性:本发明的上述实施例,通过对配置数据的存储和周期性比对,解决了相关技术中人工检查网元设备的配置数据导致的效率低的问题,提高了配置数据的检查效率,提升了系统运行的稳定性。
在另外一个实施例中,还提供了一种软件,该软件用于执行上述实施例及优选实施方式中描述的技术方案。
在另外一个实施例中,还提供了一种存储介质,该存储介质中存储有上述软件,该存储介质包括但不限于:光盘、软盘、硬盘、可擦写存储器等。
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的对象在适当情况下可以互换,以便这里描述的本发明的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。

Claims (10)

  1. 一种配置数据的监控方法,包括:
    管理中心接收并存储网元设备的第一配置数据;
    所述管理中心按照预定周期,接收所述网元设备的第二配置数据;
    所述管理中心根据所述第一配置数据和所述第二配置数据,监控所述网元设备的配置数据的变化,其中,所述第一配置数据和所述第二配置数据是由所述网元设备的配置代理收集并发送的。
  2. 根据权利要求1所述的方法,其中,所述管理中心根据所述第一配置数据和所述第二配置数据,监控所述网元设备的配置数据的变化包括:
    所述管理中心对比所述第一配置数据和所述第二配置数据是否一致;
    在对比结果为不一致的情况下,所述管理中心产生告警信息。
  3. 根据权利要求1所述的方法,其中,在所述管理中心按照预定周期接收所述网元设备的第二配置数据之前,所述方法还包括:
    在所述网元设备启动或者重启的情况下,所述配置代理向所述管理中心请求并建立连接;
    所述配置代理收集所述网元设备的所述第一配置数据或者所述第二配置数据;
    所述配置代理通过建立的所述连接发送所述第一配置数据或者所述第二配置数据至所述管理中心。
  4. 根据权利要求1所述的方法,其中,在管理中心接收并存储网元设备的第一配置数据之后,所述方法还包括:
    所述网管中心将所述第一配置数据下发到所述网元设备。
  5. 根据权利要求1至4中任一项所述的方法,其中,在管理中心接收并存储网元设备的第一配置数据之后,所述方法还包括:
    所述网管中心更改所述第一配置数据;
    所述网管中心将更改后的所述第一配置数据下发到所述网元设备。
  6. 一种配置数据的监控装置,位于管理中心,包括:
    存储模块,设置为接收并存储网元设备的第一配置数据;
    接收模块,设置为按照预定周期,接收所述网元设备的第二配置数据;
    监控模块,设置为根据所述第一配置数据和所述第二配置数据,监控所述网元设备的配置数据的变化,其中,所述第一配置数据和所述第二配置数据是由所述网元设备的配置代理收集并发送的。
  7. 根据权利要求6所述的装置,其中,所述监控模块包括:
    对比单元,设置为对比所述第一配置数据和所述第二配置数据是否一致;
    告警单元,设置为在对比结果为不一致的情况下,所述管理中心产生告警信息。
  8. 根据权利要求6所述的装置,其中,所述装置还包括:
    第一下发模块,设置为将所述第一配置数据下发到所述网元设备。
  9. 根据权利要求6至8中任一项所述的装置,其中,所述装置还包括:
    更改模块,设置为更改所述第一配置数据;
    第二下发模块,设置为将更改后的所述第一配置数据下发到所述网元设备。
  10. 一种配置数据的监控系统,包括:管理中心和网元设备,其中,
    所述管理中心包括如权利要求6至9中任一项所述的配置数据的监控装置;
    所述网元设备包括:配置代理,其中,所述配置代理包括:
    连接模块,设置为向所述管理中心请求并建立连接;
    收集模块,设置为收集所述网元设备的所述第一配置数据或者所述第二配置数据;
    发送模块,设置为通过建立的所述连接发送所述第一配置数据或者所述第二配置数据至所述管理中心。
PCT/CN2015/077713 2014-12-22 2015-04-28 配置数据的监控方法、装置及其系统 WO2016101474A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410811932.4 2014-12-22
CN201410811932.4A CN105787354A (zh) 2014-12-22 2014-12-22 配置数据的监控方法、装置及其系统

Publications (1)

Publication Number Publication Date
WO2016101474A1 true WO2016101474A1 (zh) 2016-06-30

Family

ID=56149076

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/077713 WO2016101474A1 (zh) 2014-12-22 2015-04-28 配置数据的监控方法、装置及其系统

Country Status (2)

Country Link
CN (1) CN105787354A (zh)
WO (1) WO2016101474A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114189437A (zh) * 2022-02-15 2022-03-15 北京搜狐新媒体信息技术有限公司 一种网络设备的配置信息的处理方法和装置

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106130802B (zh) * 2016-08-30 2019-07-09 新华三技术有限公司 一种配置平滑方法及装置
CN112135165B (zh) * 2020-08-06 2022-07-12 河北广电无线传媒有限公司 一种iptv模板文件防篡改方法及系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6539427B1 (en) * 1999-06-29 2003-03-25 Cisco Technology, Inc. Dynamically adaptive network element in a feedback-based data network
CN1655513A (zh) * 2004-02-12 2005-08-17 华为技术有限公司 实现网管系统和网元设备配置数据实时同步的方法
CN1889462A (zh) * 2006-07-21 2007-01-03 华为技术有限公司 实现网管和网元配置操作的方法与系统
CN101316199A (zh) * 2008-07-04 2008-12-03 中兴通讯股份有限公司 Sdh设备模拟组网的方法及其装置
US20090177953A1 (en) * 2006-03-31 2009-07-09 Cau Stephane Method and system for updating topology changes of a computer network
CN101588269A (zh) * 2009-06-17 2009-11-25 中兴通讯股份有限公司 一种设备配置数据自动上载到网管的方法和系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101631042B (zh) * 2009-07-20 2012-05-23 中兴通讯股份有限公司 一种实现异构网管系统的数据备份恢复的方法及系统
CN102857949B (zh) * 2012-09-14 2018-11-20 中兴通讯股份有限公司 一种规划数据一致性保证的方法和装置
CN102984737B (zh) * 2012-12-21 2016-01-27 大唐移动通信设备有限公司 一种无线网络的参数统一配置方法及装置

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6539427B1 (en) * 1999-06-29 2003-03-25 Cisco Technology, Inc. Dynamically adaptive network element in a feedback-based data network
CN1655513A (zh) * 2004-02-12 2005-08-17 华为技术有限公司 实现网管系统和网元设备配置数据实时同步的方法
US20090177953A1 (en) * 2006-03-31 2009-07-09 Cau Stephane Method and system for updating topology changes of a computer network
CN1889462A (zh) * 2006-07-21 2007-01-03 华为技术有限公司 实现网管和网元配置操作的方法与系统
CN101316199A (zh) * 2008-07-04 2008-12-03 中兴通讯股份有限公司 Sdh设备模拟组网的方法及其装置
CN101588269A (zh) * 2009-06-17 2009-11-25 中兴通讯股份有限公司 一种设备配置数据自动上载到网管的方法和系统

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114189437A (zh) * 2022-02-15 2022-03-15 北京搜狐新媒体信息技术有限公司 一种网络设备的配置信息的处理方法和装置

Also Published As

Publication number Publication date
CN105787354A (zh) 2016-07-20

Similar Documents

Publication Publication Date Title
CN107395767B (zh) 基于长连接的消息推送系统及方法
US9647891B2 (en) Managing network configurations
CN107800565B (zh) 巡检方法、装置、系统、计算机设备和存储介质
US20120297059A1 (en) Automated creation of monitoring configuration templates for cloud server images
CN110830283B (zh) 故障检测方法、装置、设备和系统
US20120246297A1 (en) Agent based monitoring for saas it service management
US9280399B2 (en) Detecting, monitoring, and configuring services in a netwowk
US10341182B2 (en) Method and system for detecting network upgrades
US20060248179A1 (en) Method and system for event-driven network management
US20200351293A1 (en) Out-of-band management security analysis and monitoring
CN112187511A (zh) 一种定位微服务熔断异常的方法、系统、设备及介质
US20120102166A1 (en) Methods for configuration management using a fallback configuration
CN113645314B (zh) 一种私有云的部署方法和服务器
CN109358876A (zh) 一种版本同步方法及装置、设备、存储介质
CN109151075B (zh) 日志处理方法、装置及电子设备
WO2016101474A1 (zh) 配置数据的监控方法、装置及其系统
WO2018157105A1 (en) Automatic recovery in remote management services
US11582101B2 (en) Update of programmable for computing nodes
WO2020010906A1 (zh) 操作系统os批量安装方法、装置和网络设备
CN107294774B (zh) 分布式系统物理节点的任务部署方法
US20170187575A1 (en) System and method for customizing standard device-orientated services within a high scale deployment
JP6421516B2 (ja) サーバ装置、冗長構成サーバシステム、情報引継プログラム及び情報引継方法
US9210036B2 (en) Metric driven holistic network management system
JP6222759B2 (ja) 障害通知装置、障害通知方法及びプログラム
EP2605145A1 (en) Method for finding communication devices connected to communication network, and management device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15871550

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15871550

Country of ref document: EP

Kind code of ref document: A1