WO2021036265A1 - Method and device for edge cloud fusion management - Google Patents

Method and device for edge cloud fusion management Download PDF

Info

Publication number
WO2021036265A1
WO2021036265A1 PCT/CN2020/083406 CN2020083406W WO2021036265A1 WO 2021036265 A1 WO2021036265 A1 WO 2021036265A1 CN 2020083406 W CN2020083406 W CN 2020083406W WO 2021036265 A1 WO2021036265 A1 WO 2021036265A1
Authority
WO
WIPO (PCT)
Prior art keywords
edge
cloud
node
controller
task
Prior art date
Application number
PCT/CN2020/083406
Other languages
French (fr)
Chinese (zh)
Inventor
艾助雄
刘万来
周新中
程先
沈文忠
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2021036265A1 publication Critical patent/WO2021036265A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • G06F9/5033Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering data affinity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5072Grid computing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/50Indexing scheme relating to G06F9/50
    • G06F2209/502Proximity

Definitions

  • This application relates to the field of edge computing, and in particular to a method and device for edge cloud integration management.
  • edge computing In the field of edge computing, such as video surveillance, industrial control, telecom multi-access edge computing (MEC) and other scenarios, there are central clouds, edge clouds, and edge nodes located outside the cloud in terms of installation, deployment and networking. Different forms.
  • This application provides a method and device for edge cloud integrated management to realize efficient management of edge nodes.
  • a method for integrated management of edge clouds is provided.
  • the method is applied to an edge controller in an edge cloud of an edge computing system.
  • the edge computing system includes a central cloud, an edge cloud, and an edge node.
  • the edge controller is in communication connection with the edge node, and the method includes: the edge controller monitors the task to be performed on the edge cloud, wherein the task to be performed includes a task obtained from the central cloud or The task generated by the edge cloud; when the task to be executed includes the first task for the edge node, the edge controller sends the first task to the first task registered on the edge cloud and corresponds to the first task; The edge node of a task.
  • the above technical solution uses the edge management controller in the edge cloud to manage the edge nodes, which can reduce the resource consumption of the central cloud, and the edge cloud can distinguish the types of tasks to be performed, which is helpful for computing nodes and edge nodes in the edge cloud. Differentiated management and control.
  • the method further includes: the edge controller receives registration request information sent by the edge node, and the edge controller checks the registration request information according to the registration request information. The legitimacy of the edge node is verified.
  • the edge controller can be connected to an external identity authentication system.
  • the identity authentication system can be an identity and access management (identity and access management, IAM) server, and the edge controller can be responsible for the edge node The legitimacy of the edge node is authenticated during registration to prevent illegal and counterfeit edge node access.
  • IAM identity and access management
  • the method further includes: the edge controller receives the access request information sent by the edge node, and the edge controller checks the access request information according to the access request information.
  • the edge node performs access authentication.
  • the edge controller authenticates the access request information of the edge node to prevent unauthorized access, and can also allow only certain edge nodes to access the specified service through the specified communication port.
  • the method further includes: the edge controller receives a data packet sent by the edge node, and the edge controller performs traffic filtering on the data packet .
  • the edge controller may be responsible for filtering the data packets uploaded by the edge node, and only allow certain protocol data packets to be uploaded to the edge cloud.
  • the method further includes: the edge controller managing the state, log alarms, resource utilization, and node tasks of the edge node.
  • the edge controller may be responsible for managing edge nodes, and functions may include edge node state management, log alarm management, resource utilization management, edge node task query and other functions.
  • an edge controller is provided.
  • the edge controller is located in an edge cloud of an edge computing system.
  • the edge computing system includes a central cloud, an edge cloud, and an edge node.
  • the edge node is in communication connection, and the edge controller includes: a task management module for monitoring tasks to be performed on the edge cloud, wherein the tasks to be performed include tasks and/or all tasks obtained from the central cloud.
  • the task generated by the edge cloud is further configured to send the first task to the corresponding task registered on the edge cloud when the task to be executed includes the first task for the edge node At the edge node of the first task.
  • the edge controller includes: an identity authentication module configured to authenticate the legitimacy of the edge node.
  • the edge controller includes: the edge controller further includes an authentication/access control module, and the authentication/access control module is configured to The access request of the edge node is authenticated.
  • the edge controller includes: a traffic filtering module configured to filter data packets sent by the edge node.
  • the edge controller includes: an edge node management module, the edge node management module is configured to monitor the status, log alarms, and resource utilization of the edge node And node tasks are managed.
  • the edge controller includes: an application programming interface (API), and the application programming interface is used to exchange data packets with an external interface.
  • API application programming interface
  • the modules of the edge controller can be tailored as required, and this application does not limit this.
  • the API can be cut off, the edge cloud can directly call the function modules in the edge controller, and directly use the identity authentication module to directly access the identity authentication system.
  • FIG. 1 is a schematic diagram of the architecture of an edge cluster applicable to an embodiment of the present application.
  • Fig. 2 is a schematic diagram of a method for edge cloud convergence management provided by an embodiment of the present application.
  • FIG. 3 is a schematic diagram of a system architecture of edge cloud convergence management provided by an embodiment of the present application.
  • FIG. 4 is a schematic diagram of the architecture of an edge controller provided by an embodiment of the present application.
  • Fig. 5 is a schematic diagram of a process of establishing a system for convergent management of edge clouds provided by an embodiment of the present application.
  • Fig. 6 is a schematic diagram of a process for an edge node to access an edge cloud according to an embodiment of the present application.
  • edge nodes For the purpose of unified management and control, overall planning and utilization of resources, and efficient business collaboration, it is often necessary to efficiently connect the central cloud, edge cloud, and edge nodes to form a cloud, which is commonly referred to as cloud-side collaboration.
  • cloud-side collaboration For the purpose of unified management and control, overall planning and utilization of resources, and efficient business collaboration, it is often necessary to efficiently connect the central cloud, edge cloud, and edge nodes to form a cloud, which is commonly referred to as cloud-side collaboration.
  • the number of edge nodes is large and geographically dispersed, how to manage and control edge nodes is a problem in the field of edge computing.
  • the current open source container management platform (Kubernetes, K8S) has been widely used in cloud computing and edge computing.
  • the edge environment container management platform (KubeEdge) solution can solve the central cloud Manage the problem of a single edge node outside the cloud
  • the lightweight container management platform (K3S) solution solves the lightweight problem of K8S applications in edge cloud scenarios.
  • K3S combined with K8S's federal solution can also solve the central cloud and edge cloud management problem.
  • K8S clusters such as K3S, which are tailored and applied in the edge cloud field.
  • the control end of the KubeEdge architecture is on the cloud, and the computing nodes are distributed on the edge. Users can control and manage each edge node from the center. In order to deal with the possible impact of network disconnection on the business, KubeEdge can cache the metadata on the computing nodes locally. When the edge node is disconnected from the central node, the existing services on the edge node are not affected.
  • the original intention of the KubeEdge solution design is to meet the need for edge nodes with limited resources to be incorporated into the central K8S ecosystem, such as the industrial Internet, the Internet of things (IoT), etc. In this scenario, edge computing nodes often do not need to be composed Cluster.
  • K3S is designed for R&D and operation and maintenance personnel who run K8S in a resource-limited environment.
  • the purpose is to run small K8S clusters on edge nodes.
  • the K3S solution has the following technical defects:
  • K3S needs to run in a cluster environment, and does not support the operating environment of a single computing node.
  • K3S When K3S is deployed as an edge lightweight cluster, it does not support the management of individual edge nodes scattered outside the central cloud.
  • the edge cloud cannot copy the solution of the central cloud to manage edge nodes.
  • the resources of the edge cloud may not be enough to support the deployment of multiple K8S instances to manage the edge nodes inside and outside the cloud, while one edge cloud manages access
  • the number of edge nodes will not be as large as the number of edge nodes connected to the central cloud. Therefore, some complex features of the central cloud hosting solution are not required. For example, there is no need to consider the random registration of edge nodes in the central cloud hosting solution. Or select one instance from multiple K8S instances to register according to load balancing.
  • the main purpose of this application is to solve these problems of the outer edge nodes of the edge cloud management edge cloud based on the K8S ecology, and help build a complete closed loop of the cloud edge collaboration system including the central cloud, edge cloud and edge nodes.
  • the composition form of the edge node is a single processing device. This type of device is mainly used for nearby data access or processing, including but not limited to various general-purpose or special-purpose computers, which are not limited in the embodiments of the present application.
  • the edge cluster is composed of multiple processing devices, and the cluster node is the node that can perform calculations in the edge cluster.
  • FIG. 1 is a schematic diagram of the architecture of an edge cluster applicable to an embodiment of the present application.
  • the application scenario of this application is in the field of edge computing.
  • the central cloud 110 manages the edge cloud 120 and the edge node 130 outside the central cloud.
  • the edge cloud 120 can also access the next-level edge node 1201. .
  • the edge cloud 120 may be composed of an edge cluster, and its composition form may be multiple processing devices. Each processing device in the edge cloud 120 can be connected to other terminal devices 140 that are not in the edge cloud, and can be connected through other terminal devices 140. The information is collected, transmitted to the corresponding processing device in the edge cloud 120, and then transmitted to the central cloud or processed at the edge cloud 120.
  • the physical form of the edge node 130 can be a single processing device, and a single processing device can be connected to other terminal devices 140, and information can be collected through other terminal devices 140, transmitted to the processing device in the edge node 130, and then transmitted to the central cloud Or processing at the edge node 130.
  • the terminal device connected to the processing device may be an access terminal, a user unit, a user station, a mobile station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, a user agent, or a user Device.
  • the physical form of the edge node can also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), A handheld device with a wireless communication function, a computing device, or other processing device connected to a wireless modem, a vehicle-mounted device, a wearable device, etc., which are not limited in the embodiment of the present application.
  • the GB28181 standard of video surveillance is divided into provinces, cities, and counties according to administrative levels.
  • the next level can be connected to and managed by the next level.
  • the number of cameras installed in each level of administrative unit is different, the amount of data generated is also different, and the requirements for computing and storage resources required by this level are also different.
  • a national or larger city level is suitable for deploying a central cloud
  • a general city or county level is suitable for deploying one edge cloud
  • multiple edge nodes can be deployed below the county level.
  • the technical architecture of this application can be applied in video surveillance scenarios and deployed in the edge clusters at the city and county level to manage the next level of edge node problems, and can also be applied to other similar cloud computing technologies that have requirements, and there are also multiple levels. Scenarios that require domain networking are not limited in this application.
  • the main purpose of this application is to solve these problems existing in the outer edge nodes of the edge cloud management edge cloud based on the K8S ecology, and to provide a method for edge cloud management edge nodes to help build a cloud edge collaboration system that includes the central cloud and the edge. Complete closed loop of cloud and edge nodes.
  • Fig. 2 is a schematic diagram of a method for edge cloud convergence management provided by an embodiment of the present application.
  • the method of fusion management can be applied to the edge controller in the edge cloud of the edge computing system.
  • the edge computing system includes a central cloud, an edge cloud, and an edge node, wherein the edge controller is in communication connection with the edge node.
  • the edge cloud can be connected through a web socket, where each edge node connected to the edge cloud has a separate socket, that is, the edge cloud and each edge node pass through the web socket Realize point-to-point connection.
  • the edge controller monitors tasks to be executed on the edge cloud, where the tasks to be executed include tasks obtained from the central cloud or tasks generated by the edge cloud.
  • the task to be executed may be sent by the central cloud to the edge cloud or generated by the edge cloud itself, that is, the central cloud can manage the edge nodes through the edge cloud, and the edge cloud can also manage the edge nodes separately.
  • the central cloud or edge cloud can assign corresponding tasks to edge nodes based on their status, computing power, location and other information, that is, all tasks to be executed have their corresponding execution subjects.
  • the task to be executed may be assigned to a single edge node or multiple edge nodes by the central cloud or edge cloud, and may be uniformly issued by the edge controller.
  • the edge controller can be connected to an API server in the edge cloud, and the API server can be connected to an external interface to transmit data, which can include tasks to be performed on the edge cloud and the edge nodes registered on the edge cloud. Perform tasks.
  • the first task may carry identification information to indicate its corresponding edge node, and the edge controller assigns the first task to the corresponding edge node through the identification information, where the corresponding edge node may be one or Multiple.
  • the edge controller may monitor that the API server has obtained the command for the edge node in time or the call is triggered, and will immediately notify the edge node.
  • the edge controller receives registration request information sent by the edge node, and the edge controller authenticates the legitimacy of the edge node according to the registration request information.
  • the registration request information may include the identity information of the edge node.
  • the edge controller receives the access request information sent by the edge node, and the edge controller performs access authentication on the edge node according to the access request information.
  • the edge controller receives the data packet sent by the edge node, and the edge controller performs traffic filtering on the data packet.
  • the edge controller manages the status of the edge node, log alarms, resource utilization, and node tasks.
  • FIG. 3 is a schematic diagram of a system architecture of edge cloud convergence management provided by an embodiment of the present application.
  • the edge cloud 120 manages the first edge node 1301, the second edge node 1302, and the third edge node 1303. It should be understood that the edge cloud 120 can accommodate multiple edge nodes.
  • the embodiment of the present application only selects three edge nodes as an example, and the present application does not limit the number of edge nodes.
  • the edge cloud may include an edge controller 2101, and the edge controller 2101 may be connected to the API server 2102 in the edge cloud according to the K8S ecological interface standard.
  • the edge controller 2101 is used in the edge cloud 120 to manage remote edge nodes, perform identity authentication and access control on the edge nodes, issue control commands for the edge nodes, and process the status and alarms reported by the edge nodes. Data such as logs.
  • the edge controller 2101 can also monitor the task to be executed on the API server 2102. When the task to be executed includes the first task for the edge node, the edge controller sends the first task to the corresponding first task registered on the edge cloud. Edge node.
  • the first task may carry identification information to indicate its corresponding edge node, and the edge controller assigns the first task to the corresponding edge node through the identification information, where the corresponding edge node may be one or Multiple.
  • the edge controller 2101 may connect to the node agent in the edge node through the cloud edge communication agent 2104, and then manage the edge node.
  • the edge cloud 120 can manage the first edge node 1301, the second edge node 1302, and the third edge node 1303 through the edge controller 2101.
  • the edge cloud 120 may also include an in-cloud controller 2103, which can be connected to the computing node agent 2201 through the in-cloud controller 2103 to control the computing node 220, which is an edge cluster managed by the edge cloud 120 A cluster node in the.
  • an in-cloud controller 2103 which can be connected to the computing node agent 2201 through the in-cloud controller 2103 to control the computing node 220, which is an edge cluster managed by the edge cloud 120 A cluster node in the.
  • the technical solutions of the embodiments of the present application can also be implemented based on K3S ecology.
  • the embodiment of this application realizes the integrated management and scheduling of edge nodes and central clouds based on the K8S ecology, and builds a base for the collaboration of edge cloud and edge nodes in management, data, tasks, and resources.
  • This base not only realizes the convenience of management, operation and maintenance. , And meet business flexibility. Flexibility and safety requirements. It solves the problem of separation between the edge node management and the central cluster management of the current edge computing solution based on the K8S ecology, and avoids the waste of resources caused by the construction of multiple K8S clusters or K8S instances and the difficulty of collaboration between clusters.
  • FIG. 4 is a schematic diagram of the architecture of an edge controller provided by an embodiment of the present application.
  • the edge controller 2101 may also include a task management module 350.
  • the task management module 350 may be used to monitor tasks to be performed on the edge cloud.
  • the tasks to be performed may include tasks for edge nodes; the task management module also uses When the task to be executed includes the first task for the edge node, the first task is sent to the edge node corresponding to the first task registered on the edge cloud.
  • the first task may carry identification information to indicate its corresponding edge node, and the task management module 350 assigns the first task to the corresponding edge node through the identification information, where the corresponding edge node may be one or more. It's multiple.
  • the task management module 350 may be connected to an API server in the edge cloud, and is responsible for monitoring the API server in the edge cloud, and obtain related commands or tasks sent by the edge cloud to the edge node.
  • the edge controller 2101 may further include an identity authentication module 320, and the identity authentication module 320 may be responsible for authenticating the legitimacy of the edge node when the edge node is registered, so as to prevent illegal and counterfeit edge node access.
  • the edge controller 2101 may also include an authentication/access control module 330.
  • the authentication/access control module 330 is responsible for authenticating the access request information of the edge nodes to prevent unauthorized access, and it may also allow only certain edge nodes to pass through The specified communication port accesses the specified service.
  • the edge controller 2101 may further include a traffic filtering module 340.
  • the traffic filtering module 340 may be responsible for filtering data packets uploaded by the edge node, and only allow certain protocol data packets to be uploaded to the edge cloud.
  • the edge controller 2101 may also include an edge node management module 360.
  • the edge node management module 360 may be responsible for managing edge nodes.
  • the functions may include edge node status management, log alarm management, resource utilization management, and edge node task query And other functions.
  • the edge controller 2101 may also include API310.
  • API310 can be used to exchange data packets with the outside. It should be understood that each module in the edge controller can send data transmitted with the external interface to API310, which is sent by API310. To the target interface, the response data can also be received from the target interface and forwarded to the module in the edge controller.
  • the API 310 can be connected to an external identity authentication system 240 for identity authentication.
  • the identity authentication system 240 can be an IAM server.
  • the API 310 can also be connected to the management console 230 to facilitate viewing and operating edge nodes.
  • the module of the edge controller can be tailored as required, which is not limited in this application.
  • the API can be cut off, the edge cloud can directly call the function modules in the edge controller, and directly use the identity authentication module to directly access the identity authentication system.
  • Fig. 5 is a schematic diagram of a process of establishing a system for convergent management of edge clouds provided by an embodiment of the present application.
  • the edge cloud includes an edge controller, and the edge controller monitors tasks to be executed on the edge cloud.
  • the edge controller sends the task to an edge node registered on the edge cloud.
  • the administrator can select the appropriate edge cluster according to the actual arrangement and needs, and the multiple clusters in the edge centralization are used as the computing nodes controlled by the edge cloud.
  • a namespace is a way of encapsulating things.
  • a directory is used to group related files, and for the files in the directory, it plays the role of a namespace.
  • cluster nodes and edge nodes can be distinguished by creating different namespaces.
  • the edge controller may be responsible for monitoring the edge namespace to ensure that commands are not erroneously distributed to other unrelated namespaces, so that a management command for the edge node can be prevented from being distributed to the cluster nodes.
  • the controller in the cloud can be responsible for monitoring the cluster namespace to ensure that commands are not erroneously distributed to other unrelated namespaces, so as to prevent a management command for cluster nodes from being distributed to unrelated nodes Go in.
  • S405 Label the edge node and the cluster node with different labels.
  • the cluster node and the edge node need to be marked with different marks.
  • the K8S executes the command, it can be scheduled according to the specified mark.
  • Pod is the most basic scheduling unit of K8S.
  • a Pod encapsulates one or more closely related containers; the other is to execute other commands.
  • the management process When creating a Pod operation, the management process also includes:
  • S406 Create a Pod in the designated namespace.
  • the algorithm in the scheduler in the edge cloud can accurately schedule tasks to the edge node according to the namespace, avoiding mistakenly assigning a task that should be created on the edge node. Created on the cluster node.
  • the algorithm in the scheduler in the edge cloud can accurately schedule tasks to the edge node according to the mark, avoiding a task that should be created on the edge node on the cluster node by mistake create.
  • edge controllers and cloud controllers can respectively monitor the corresponding namespaces to ensure that commands are not distributed to other unrelated namespaces by mistake. Avoid a management command for edge nodes being distributed to cluster nodes.
  • the management process When executing other commands, the management process also includes:
  • edge controllers and cloud controllers can monitor the corresponding namespaces respectively to ensure that commands are not distributed to other unrelated namespaces by mistake. It can avoid that a management command for edge nodes is distributed to cluster nodes.
  • the embodiment of this application realizes the integrated management and scheduling of edge nodes and central clouds based on the K8S ecology, and builds a base for the collaboration of edge cloud and edge nodes in management, data, tasks and resources.
  • This base not only realizes the convenience of management, operation and maintenance , And meet business flexibility. Flexibility and safety requirements. It solves the problem of separation between the edge node management and the central cluster management of the current edge computing solution based on the K8S ecology, and avoids the waste of resources and the difficulty of collaboration between clusters caused by the construction of multiple K8S clusters or K8S instances.
  • Fig. 6 is a schematic diagram of a process for an edge node to access an edge cloud according to an embodiment of the present application.
  • the edge node can register in the edge cloud through the edge controller in the edge cloud, and access the edge cloud.
  • the edge node after the edge node is started, it first registers with a designated edge cloud, and can send registration request information to the edge cloud, and the registration request information can include the identity information of the edge node.
  • the identity authentication module of the edge controller in the edge cloud receives the identity information and authenticates the legitimacy of the edge node, and the edge cloud also sends the edge to the edge node.
  • the edge node For the identity information of the cloud, the edge node also authenticates the legitimacy of the edge cloud. If any party fails in the two-way authentication process, the connection will be disconnected.
  • the edge node management module of the edge controller in the edge cloud can create a record for the edge node and save various information about the node.
  • S505 Access edge cloud resources.
  • the edge node can request access to edge cloud resources
  • S506 Access authentication. If the edge cloud determines that the authority of the edge node is insufficient, it rejects the access request of the edge node.
  • the authentication/access control module of the edge controller in the edge cloud authenticates the access request information sent by the edge node to prevent the edge node from unauthorized access to the protected resource.
  • the edge node can initiate an access request to the edge cloud or upload various data packets, and the traffic filtering module of the edge controller in the edge cloud scans the data packets to filter out illegal data packets or malicious data package.
  • the disclosed system, device, and method may be implemented in other ways.
  • the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the computer may be implemented in whole or in part by software, hardware, firmware, or any combination thereof.
  • software it can be implemented in the form of a computer program product in whole or in part.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be transmitted from a website, computer, server, or central cloud.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or central cloud integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are a method and a device for edge cloud fusion management, said method having applications for edge controllers in edge clouds of edge computing systems. An edge computing system comprises a central cloud, edge clouds, and edge nodes, wherein an edge controller and the edge nodes are communicatively connected. The method comprises: an edge controller monitors a task to be executed, said task being in an edge cloud, wherein the task to be executed comprises a task obtained from the central cloud or a task produced by the edge cloud; and, if the task to be executed comprises a first task specific to the edge node, the edge controller sends the first task to the edge node that corresponds to the first task, said node being registered in the edge cloud. The described technical solution uses an edge management controller in an edge cloud to manage an edge node and can reduce the resource consumption of a central cloud, and the edge cloud can differentiate types of tasks to be executed and contribute to carrying out the differentiated management and control of computing nodes and edge nodes within the edge cloud.

Description

一种边缘云的融合管理的方法及装置Method and device for integrated management of edge cloud 技术领域Technical field
本申请涉及边缘计算领域,尤其涉及一种边缘云的融合管理的方法及装置。This application relates to the field of edge computing, and in particular to a method and device for edge cloud integration management.
背景技术Background technique
在边缘计算领域如视频监控,工业控制,电信多接入边缘计算(multi-access edge computing,MEC)等场景在安装部署和组网形态上存在中心云,边缘云以及位于云外的边缘节点三种不同的形态。In the field of edge computing, such as video surveillance, industrial control, telecom multi-access edge computing (MEC) and other scenarios, there are central clouds, edge clouds, and edge nodes located outside the cloud in terms of installation, deployment and networking. Different forms.
出于统一管理控制、资源统筹规划利用和业务高效协同的目的,往往需要将中心云、边缘云以及边缘节点高效联通起来形成一片云,也就是通常所说的云边协同。但是,边缘节点数量较大,且地理位置分散,如何对边缘节点进行管理和控制是边缘计算领域存在的问题。传统技术通常利用中心云对边缘节点进行统一管理和控制,这样会占用中心云的大量资源。For the purpose of unified management and control, overall planning and utilization of resources, and efficient business collaboration, it is often necessary to efficiently connect the central cloud, edge cloud, and edge nodes to form a cloud, which is commonly referred to as cloud-side collaboration. However, the number of edge nodes is large and geographically dispersed, how to manage and control edge nodes is a problem in the field of edge computing. Traditional technologies usually use the central cloud to uniformly manage and control edge nodes, which will occupy a large amount of resources of the central cloud.
发明内容Summary of the invention
本申请提供一种边缘云的融合管理的方法和装置,以实现边缘节点的高效管理。This application provides a method and device for edge cloud integrated management to realize efficient management of edge nodes.
第一方面,提供一种边缘云的融合管理的方法,所述方法应用于边缘计算系统的边缘云中的边缘控制器,所述边缘计算系统包括中心云、边缘云和边缘节点,其中,所述边缘控制器与所述边缘节点通信连接,所述方法包括:所述边缘控制器监听所述边缘云上的待执行任务,其中,所述待执行任务包括从所述中心云获取的任务或所述边缘云产生的任务;当所述待执行任务包括针对边缘节点的第一任务时,所述边缘控制器将所述第一任务发送至在所述边缘云上注册的对应于所述第一任务的边缘节点。In a first aspect, a method for integrated management of edge clouds is provided. The method is applied to an edge controller in an edge cloud of an edge computing system. The edge computing system includes a central cloud, an edge cloud, and an edge node. The edge controller is in communication connection with the edge node, and the method includes: the edge controller monitors the task to be performed on the edge cloud, wherein the task to be performed includes a task obtained from the central cloud or The task generated by the edge cloud; when the task to be executed includes the first task for the edge node, the edge controller sends the first task to the first task registered on the edge cloud and corresponds to the first task; The edge node of a task.
上述技术方案利用边缘云中的边缘管理控制器管理边缘节点,能够降低中心云的资源消耗,且边缘云能够对待执行任务的种类进行区分,有助于对边缘云内的计算节点和边缘节点进行差异化管理和控制。The above technical solution uses the edge management controller in the edge cloud to manage the edge nodes, which can reduce the resource consumption of the central cloud, and the edge cloud can distinguish the types of tasks to be performed, which is helpful for computing nodes and edge nodes in the edge cloud. Differentiated management and control.
结合第一方面,在第一方面的某些实现方式中,所述方法还包括:所述边缘控制器接收所述边缘节点发送的注册请求信息,所述边缘控制器根据所述注册请求信息对所述边缘节点的合法性进行认证。With reference to the first aspect, in some implementation manners of the first aspect, the method further includes: the edge controller receives registration request information sent by the edge node, and the edge controller checks the registration request information according to the registration request information. The legitimacy of the edge node is verified.
根据本申请实施例的方法,边缘控制器可以与外部的身份认证系统连接,例如,身份认证系统可以是身份识别与访问管理(identity and access management,IAM)服务器,边缘控制器可以负责在边缘节点注册时候对边缘节点的合法性进行认证,以防非法的仿冒的边缘节点接入。According to the method of the embodiment of the present application, the edge controller can be connected to an external identity authentication system. For example, the identity authentication system can be an identity and access management (identity and access management, IAM) server, and the edge controller can be responsible for the edge node The legitimacy of the edge node is authenticated during registration to prevent illegal and counterfeit edge node access.
结合第一方面,在第一方面的某些实现方式中,所述方法还包括:所述边缘控制器接收所述边缘节点发送的访问请求信息,所述边缘控制器根据所述访问请求信息对所述边缘节点进行访问鉴权。With reference to the first aspect, in some implementations of the first aspect, the method further includes: the edge controller receives the access request information sent by the edge node, and the edge controller checks the access request information according to the access request information. The edge node performs access authentication.
根据本申请实施例的方法,边缘控制器对边缘节点的访问请求信息进行鉴别,防止越权访问,还可以只让某些边缘节点通过指定的通信端口访问指定的服务。According to the method of the embodiment of the present application, the edge controller authenticates the access request information of the edge node to prevent unauthorized access, and can also allow only certain edge nodes to access the specified service through the specified communication port.
结合第一方面,在第一方面的某些实现方式中,所述方法还包括:所述边缘控制器接收所述边缘节点发送的数据包,所述边缘控制器对所述数据包进行流量过滤。With reference to the first aspect, in some implementations of the first aspect, the method further includes: the edge controller receives a data packet sent by the edge node, and the edge controller performs traffic filtering on the data packet .
根据本申请实施例的方法,边缘控制器可以负责对边缘节点上传的数据包进行过滤,只允许某些协议数据包上传到边缘云。According to the method of the embodiment of the present application, the edge controller may be responsible for filtering the data packets uploaded by the edge node, and only allow certain protocol data packets to be uploaded to the edge cloud.
结合第一方面,在第一方面的某些实现方式中,所述方法还包括:所述边缘控制器对所述边缘节点的状态、日志告警、资源利用情况及节点任务进行管理。With reference to the first aspect, in some implementations of the first aspect, the method further includes: the edge controller managing the state, log alarms, resource utilization, and node tasks of the edge node.
根据本申请实施例的方法,边缘控制器可以负责管理边缘节点,功能可以包括边缘节点的状态管理,日志告警管理,资源利用情况管理,边缘节点任务查询等功能。According to the method of the embodiment of the present application, the edge controller may be responsible for managing edge nodes, and functions may include edge node state management, log alarm management, resource utilization management, edge node task query and other functions.
第二方面,提供了一种边缘控制器,所述边缘控制器位于边缘计算系统的边缘云中,所述边缘计算系统包括中心云、边缘云和边缘节点,其中,所述边缘控制器与所述边缘节点通信连接,所述边缘控制器包括:任务管理模块,用于监听所述边缘云上的待执行任务,其中,所述待执行任务包括从所述中心云获取的任务和/或所述边缘云产生的任务;所述任务管理模块还用于当所述待执行任务包括所述针对边缘节点的第一任务时,将所述第一任务发送至在所述边缘云上注册的对应于所述第一任务的边缘节点。In a second aspect, an edge controller is provided. The edge controller is located in an edge cloud of an edge computing system. The edge computing system includes a central cloud, an edge cloud, and an edge node. The edge node is in communication connection, and the edge controller includes: a task management module for monitoring tasks to be performed on the edge cloud, wherein the tasks to be performed include tasks and/or all tasks obtained from the central cloud. The task generated by the edge cloud; the task management module is further configured to send the first task to the corresponding task registered on the edge cloud when the task to be executed includes the first task for the edge node At the edge node of the first task.
结合第二方面,在第二方面的某些实现方式中,所述边缘控制器包括:身份认证模块,所述身份认证模块用于对所述边缘节点的合法性进行认证。With reference to the second aspect, in some implementation manners of the second aspect, the edge controller includes: an identity authentication module configured to authenticate the legitimacy of the edge node.
结合第二方面,在第二方面的某些实现方式中,所述边缘控制器包括:所述边缘控制器还包括鉴权/访问控制模块,所述鉴权/访问控制模块用于对所述边缘节点的访问请求进行鉴权。With reference to the second aspect, in some implementations of the second aspect, the edge controller includes: the edge controller further includes an authentication/access control module, and the authentication/access control module is configured to The access request of the edge node is authenticated.
结合第二方面,在第二方面的某些实现方式中,所述边缘控制器包括:流量过滤模块,所述流量过滤模块用于对所述边缘节点发送的数据包进行过滤。With reference to the second aspect, in some implementation manners of the second aspect, the edge controller includes: a traffic filtering module configured to filter data packets sent by the edge node.
结合第二方面,在第二方面的某些实现方式中,所述边缘控制器包括:边缘节点管理模块,所述边缘节点管理模块用于对所述边缘节点的状态、日志告警、资源利用情况及节点任务进行管理。With reference to the second aspect, in some implementations of the second aspect, the edge controller includes: an edge node management module, the edge node management module is configured to monitor the status, log alarms, and resource utilization of the edge node And node tasks are managed.
结合第二方面,在第二方面的某些实现方式中,所述边缘控制器包括:应用程序接口(application programming interface,API),所述应用程序接口用于与外部接口进行数据包的交换。应理解,可以根据需要对边缘控制器的模块进行裁剪,本申请对此并不做限制。例如,在简化实现中可以裁剪掉API,边缘云可以对边缘控制器内的功能模块进行直接调用,直接使用身份认证模块直接访问身份认证系统等。With reference to the second aspect, in some implementations of the second aspect, the edge controller includes: an application programming interface (API), and the application programming interface is used to exchange data packets with an external interface. It should be understood that the modules of the edge controller can be tailored as required, and this application does not limit this. For example, in the simplified implementation, the API can be cut off, the edge cloud can directly call the function modules in the edge controller, and directly use the identity authentication module to directly access the identity authentication system.
附图说明Description of the drawings
图1是适用于本申请实施例的边缘集群的架构示意图。FIG. 1 is a schematic diagram of the architecture of an edge cluster applicable to an embodiment of the present application.
图2是本申请实施例提供的一种边缘云的融合管理的方法的示意图。Fig. 2 is a schematic diagram of a method for edge cloud convergence management provided by an embodiment of the present application.
图3是本申请实施例提供的一种边缘云的融合管理的系统架构的示意图。FIG. 3 is a schematic diagram of a system architecture of edge cloud convergence management provided by an embodiment of the present application.
图4是本申请实施例提供的一种边缘控制器的架构的示意图。FIG. 4 is a schematic diagram of the architecture of an edge controller provided by an embodiment of the present application.
图5是本申请实施例提供的一种建立边缘云的融合管理的系统的流程的示意图。Fig. 5 is a schematic diagram of a process of establishing a system for convergent management of edge clouds provided by an embodiment of the present application.
图6是本申请实施例提供的一种边缘节点访问边缘云的流程的示意图。Fig. 6 is a schematic diagram of a process for an edge node to access an edge cloud according to an embodiment of the present application.
具体实施方式detailed description
出于统一管理控制、资源统筹规划利用和业务高效协同的目的,往往需要将中心云、边缘云以及边缘节点高效联通起来形成一片云,也就是通常所说的云边协同。但是,边缘节点数量较大,且地理位置分散,如何对边缘节点进行管理和控制是边缘计算领域存在的问题。For the purpose of unified management and control, overall planning and utilization of resources, and efficient business collaboration, it is often necessary to efficiently connect the central cloud, edge cloud, and edge nodes to form a cloud, which is commonly referred to as cloud-side collaboration. However, the number of edge nodes is large and geographically dispersed, how to manage and control edge nodes is a problem in the field of edge computing.
传统技术通常利用中心云对边缘节点进行统一管理和控制,这样会占用中心云的大量资源。Traditional technologies usually use the central cloud to uniformly manage and control edge nodes, which will occupy a large amount of resources of the central cloud.
例如,当前开源的容器管理平台(Kubernetes,K8S)在云计算领域和边缘计算都得到了广泛的应用。当前在基于K8S生态的边缘计算领域,中心云纳管边缘节点以及中心云和边缘云的统一管理方面都已有了相应的解决方案:例如,边缘环境容器管理平台(KubeEdge)方案可以解决中心云纳管云外单个边缘节点的问题;轻量化的容器管理平台(K3S)方案解决了K8S应用在边缘云场景的轻量化问题,K3S结合K8S的联邦方案也可以解决中心云和边缘云的纳管问题。但是对于K3S这一类经过裁剪的、应用在边缘云领域的轻量级的K8S集群对云外的边缘节点的高效纳管问题还没有相应的方案。For example, the current open source container management platform (Kubernetes, K8S) has been widely used in cloud computing and edge computing. At present, in the field of edge computing based on the K8S ecology, there are corresponding solutions for the central cloud to manage the edge nodes and the unified management of the central cloud and the edge cloud: for example, the edge environment container management platform (KubeEdge) solution can solve the central cloud Manage the problem of a single edge node outside the cloud; the lightweight container management platform (K3S) solution solves the lightweight problem of K8S applications in edge cloud scenarios. K3S combined with K8S's federal solution can also solve the central cloud and edge cloud management problem. However, there is no corresponding solution for the efficient management of edge nodes outside the cloud by lightweight K8S clusters such as K3S, which are tailored and applied in the edge cloud field.
KubeEdge架构的控制端在云上,计算节点分布在边缘,用户可以从中心统一控制和管理各边缘节点,为了应对网络断开对业务的可能影响,KubeEdge可以将计算节点上元数据缓存在本地,当边缘节点与中心节点断开连接后,边缘节点上已有的业务不受影响。KubeEdge方案设计的初衷是满足资源有限的边缘节点被纳管到中心K8S生态体系的需求,例如工业互联网,物联网(internet of things,IoT)等,在这种场景中边缘计算节点往往不需要组成集群。The control end of the KubeEdge architecture is on the cloud, and the computing nodes are distributed on the edge. Users can control and manage each edge node from the center. In order to deal with the possible impact of network disconnection on the business, KubeEdge can cache the metadata on the computing nodes locally. When the edge node is disconnected from the central node, the existing services on the edge node are not affected. The original intention of the KubeEdge solution design is to meet the need for edge nodes with limited resources to be incorporated into the central K8S ecosystem, such as the industrial Internet, the Internet of things (IoT), etc. In this scenario, edge computing nodes often do not need to be composed Cluster.
因此,KubeEdge方案具有以下技术缺陷:Therefore, the KubeEdge solution has the following technical defects:
(1)该方案只支持管理单个的边缘节点,无法管理一个边缘集群,边缘节点不能以集群模式工作。(1) This solution only supports the management of a single edge node, and cannot manage an edge cluster, and the edge nodes cannot work in cluster mode.
(2)KubeEdge在边缘节点上运行只需少量资源,但是在中心侧需要部署一套增强型的完整的K8S生态,中心侧资源消耗比较大,这也就决定了KubeEdge整体方案不适合应用在小规模的边缘云场景。(2) KubeEdge only needs a small amount of resources to run on the edge nodes, but a set of enhanced and complete K8S ecology needs to be deployed on the center side. The center side resource consumption is relatively large, which determines that the overall KubeEdge solution is not suitable for small applications. Large-scale edge cloud scenarios.
K3S专为在资源有限的环境中运行K8S的研发和运维人员设计,目的是为了在边缘节点上运行小型的K8S集群。K3S is designed for R&D and operation and maintenance personnel who run K8S in a resource-limited environment. The purpose is to run small K8S clusters on edge nodes.
因此,K3S方案具有以下技术缺陷:Therefore, the K3S solution has the following technical defects:
(1)K3S需要运行在集群环境中,不支持单个计算节点的运行环境。(1) K3S needs to run in a cluster environment, and does not support the operating environment of a single computing node.
(2)当K3S作为一个边缘轻量级集群部署时,不支持纳管分散在中心云外部的单个边缘节点。(2) When K3S is deployed as an edge lightweight cluster, it does not support the management of individual edge nodes scattered outside the central cloud.
边缘云受资源的限制无法照搬中心云纳管边缘节点的方案,例如边缘云的资源可能不足以支撑部署多个K8S实例来分别管理云内和云外的边缘节点,同时一个边缘云管理接入的边缘节点数量也不会像中心云接入的边缘节点数量那么多,因此也不需要中心云纳管方案的某些复杂特性,例如不需要考虑中心云纳管方案中边缘节点注册时需要随机或者根据负载均衡从多个K8S实例中挑选一个实例注册的情况。在利用一个K8S或K3S同时管理云内和云外节点时,又需要解决纳管云外节点带来的安全问题以及面向不同任务设计的节点混合管理可能导致的相互干扰问题。Due to resource constraints, the edge cloud cannot copy the solution of the central cloud to manage edge nodes. For example, the resources of the edge cloud may not be enough to support the deployment of multiple K8S instances to manage the edge nodes inside and outside the cloud, while one edge cloud manages access The number of edge nodes will not be as large as the number of edge nodes connected to the central cloud. Therefore, some complex features of the central cloud hosting solution are not required. For example, there is no need to consider the random registration of edge nodes in the central cloud hosting solution. Or select one instance from multiple K8S instances to register according to load balancing. When using a K8S or K3S to manage both in-cloud and out-of-cloud nodes, it is necessary to solve the security problems caused by the management of out-of-cloud nodes and the mutual interference that may be caused by mixed management of nodes designed for different tasks.
本申请的主要目的就是解决基于K8S生态的边缘云纳管边缘云外边缘节点存在的这些问题,帮助构建云边协同体系中包含中心云,边缘云和边缘节点的完整闭环。The main purpose of this application is to solve these problems of the outer edge nodes of the edge cloud management edge cloud based on the K8S ecology, and help build a complete closed loop of the cloud edge collaboration system including the central cloud, edge cloud and edge nodes.
边缘节点的组成形态是单个处理设备,这类设备主要用于就近数据接入或处理,包括但不限于各类通用或专用计算机,本申请实施例对此并不限定。The composition form of the edge node is a single processing device. This type of device is mainly used for nearby data access or processing, including but not limited to various general-purpose or special-purpose computers, which are not limited in the embodiments of the present application.
而边缘集群的组成形态则是多个处理设备,集群节点则是边缘集群中可以进行计算的节点。The edge cluster is composed of multiple processing devices, and the cluster node is the node that can perform calculations in the edge cluster.
图1是适用于本申请实施例的边缘集群的架构示意图。FIG. 1 is a schematic diagram of the architecture of an edge cluster applicable to an embodiment of the present application.
如图1所示,本申请的应用场景是在边缘计算领域中,中心云110纳管边缘云120和中心云外部的边缘节点130,边缘云120下面还可以接入下一级的边缘节点1201。As shown in Figure 1, the application scenario of this application is in the field of edge computing. The central cloud 110 manages the edge cloud 120 and the edge node 130 outside the central cloud. The edge cloud 120 can also access the next-level edge node 1201. .
其中,边缘云120可以由边缘集群构成,其组成形态可以是多个处理设备,边缘云120中的每个处理设备都可以与不在边缘云中的其他终端设备140连接,可以通过其他终端设备140采集信息,传输至边缘云120中的对应的处理设备中,再向中心云进行传输或在边缘云120处进行处理。Among them, the edge cloud 120 may be composed of an edge cluster, and its composition form may be multiple processing devices. Each processing device in the edge cloud 120 can be connected to other terminal devices 140 that are not in the edge cloud, and can be connected through other terminal devices 140. The information is collected, transmitted to the corresponding processing device in the edge cloud 120, and then transmitted to the central cloud or processed at the edge cloud 120.
边缘节点130的物理形态可以是单个处理设备,单个处理设备都可以与其他终端设备140连接,可以通过其他终端设备140采集信息,传输至边缘节点130中的处理设备中,再向中心云进行传输或在边缘节点130处进行处理。The physical form of the edge node 130 can be a single processing device, and a single processing device can be connected to other terminal devices 140, and information can be collected through other terminal devices 140, transmitted to the processing device in the edge node 130, and then transmitted to the central cloud Or processing at the edge node 130.
应理解,与处理设备连接的终端设备可以是接入终端、用户单元、用户站、移动站、移动台、远方站、远程终端、移动设备、用户终端、终端、无线通信设备、用户代理或用户装置。边缘节点的物理形态还可以是蜂窝电话、无绳电话、会话启动协议(session initiation protocol,SIP)电话、无线本地环路(wireless local loop,WLL)站、个人数字助手(personal digital assistant,PDA)、具有无线通信功能的手持设备、计算设备或连接到无线调制解调器的其它处理设备、车载设备、可穿戴设备等,本申请实施例对此并不限定。It should be understood that the terminal device connected to the processing device may be an access terminal, a user unit, a user station, a mobile station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, a user agent, or a user Device. The physical form of the edge node can also be a cellular phone, a cordless phone, a session initiation protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), A handheld device with a wireless communication function, a computing device, or other processing device connected to a wireless modem, a vehicle-mounted device, a wearable device, etc., which are not limited in the embodiment of the present application.
在视频监控的GB28181标准按照行政级别划分成省,市,县多级,下一级可以接入上一级并被上一级管理。由于每一级行政单位安装的摄像机数量不一样,产生的数据量也不一样,相应地对该级所需的计算和存储资源的需求也不一样。一般来说,省级或者规模较大的市级适合部署中心云,而一般的市级或者县级适合部署一个边缘云就够了,而在县级以下可以部署多个边缘节点。本申请的技术架构可以应用在视频监控场景中部署在市县级的边缘集群纳管下一级的边缘节点问题,也可以应用在其他类似的对云计算技术有需求,同时也存在多级多域组网需求的场景,本申请在此不做限制。The GB28181 standard of video surveillance is divided into provinces, cities, and counties according to administrative levels. The next level can be connected to and managed by the next level. As the number of cameras installed in each level of administrative unit is different, the amount of data generated is also different, and the requirements for computing and storage resources required by this level are also different. Generally speaking, a provincial or larger city level is suitable for deploying a central cloud, while a general city or county level is suitable for deploying one edge cloud, while multiple edge nodes can be deployed below the county level. The technical architecture of this application can be applied in video surveillance scenarios and deployed in the edge clusters at the city and county level to manage the next level of edge node problems, and can also be applied to other similar cloud computing technologies that have requirements, and there are also multiple levels. Scenarios that require domain networking are not limited in this application.
本申请的主要目的就是解决基于K8S生态的边缘云纳管边缘云外边缘节点存在的这些问题,提供了一种边缘云纳管边缘节点的方法,帮助构建云边协同体系中包含中心云,边缘云和边缘节点的完整闭环。The main purpose of this application is to solve these problems existing in the outer edge nodes of the edge cloud management edge cloud based on the K8S ecology, and to provide a method for edge cloud management edge nodes to help build a cloud edge collaboration system that includes the central cloud and the edge. Complete closed loop of cloud and edge nodes.
以下结合附图对本申请实施例提供的边缘云纳管边缘集群和边缘节点的融合管理的方法进行介绍。The following describes the method for integrated management of edge cloud hosting edge clusters and edge nodes provided by the embodiments of the present application with reference to the accompanying drawings.
图2是本申请实施例提供的一种边缘云的融合管理的方法的示意图。Fig. 2 is a schematic diagram of a method for edge cloud convergence management provided by an embodiment of the present application.
其中,该融合管理的方法可以应用于边缘计算系统的边缘云中的边缘控制器,边缘计算系统包括中心云、边缘云和边缘节点,其中,边缘控制器与边缘节点通信连接。Wherein, the method of fusion management can be applied to the edge controller in the edge cloud of the edge computing system. The edge computing system includes a central cloud, an edge cloud, and an edge node, wherein the edge controller is in communication connection with the edge node.
可选地,边缘云可以通过网络套接字(web socket)连接,其中,每一个与边缘云连接的边缘节点都有单独的套接字,即边缘云与每个边缘节点通过网络套接字实现点对点连接。Optionally, the edge cloud can be connected through a web socket, where each edge node connected to the edge cloud has a separate socket, that is, the edge cloud and each edge node pass through the web socket Realize point-to-point connection.
S201,边缘控制器监听边缘云上的待执行任务,其中,待执行任务包括从中心云获取的任务或边缘云产生的任务。S201: The edge controller monitors tasks to be executed on the edge cloud, where the tasks to be executed include tasks obtained from the central cloud or tasks generated by the edge cloud.
可选地,待执行任务可以是中心云发送给边缘云的也可以是边缘云自身产生的,即中心云可以通过边缘云对边缘节点进行管理,边缘云也可以单独对边缘节点进行管理。中心云或边缘云可以通过边缘节点的状态、计算能力、位置等信息为其分配对应的任务,即所有待执行任务都有其对应的执行主体。Optionally, the task to be executed may be sent by the central cloud to the edge cloud or generated by the edge cloud itself, that is, the central cloud can manage the edge nodes through the edge cloud, and the edge cloud can also manage the edge nodes separately. The central cloud or edge cloud can assign corresponding tasks to edge nodes based on their status, computing power, location and other information, that is, all tasks to be executed have their corresponding execution subjects.
应理解,待执行任务可以是中心云或边缘云指定分配给单个边缘节点或多个边缘节点, 可以通过边缘控制器统一下发。It should be understood that the task to be executed may be assigned to a single edge node or multiple edge nodes by the central cloud or edge cloud, and may be uniformly issued by the edge controller.
可选地,边缘控制器可以与边缘云中的API服务器相连,API服务器可以与外部的接口相连,用于传输数据,其中可以包括边缘云的待执行任务及注册在边缘云上的边缘节点待执行任务。Optionally, the edge controller can be connected to an API server in the edge cloud, and the API server can be connected to an external interface to transmit data, which can include tasks to be performed on the edge cloud and the edge nodes registered on the edge cloud. Perform tasks.
S202,当待执行任务包括针对边缘节点的第一任务时,边缘控制器将第一任务发送至在边缘云上注册的对应于第一任务的边缘节点。S202: When the task to be executed includes the first task for the edge node, the edge controller sends the first task to the edge node registered on the edge cloud and corresponding to the first task.
可选地,第一任务可以携带标识信息,用于指示其对应的边缘节点,边缘控制器通过标识信息将第一任务分配给对应的边缘节点,其中,对应的边缘节点可以是一个也可以是多个。Optionally, the first task may carry identification information to indicate its corresponding edge node, and the edge controller assigns the first task to the corresponding edge node through the identification information, where the corresponding edge node may be one or Multiple.
可选地,边缘控制器可以监听API服务器已及时获得针对边缘节点的命令或调用被触发,将立刻通知边缘节点。Optionally, the edge controller may monitor that the API server has obtained the command for the edge node in time or the call is triggered, and will immediately notify the edge node.
可选地,边缘控制器接收边缘节点发送的注册请求信息,边缘控制器根据注册请求信息对边缘节点的合法性进行认证。其中,注册请求信息可以包括边缘节点的身份信息。Optionally, the edge controller receives registration request information sent by the edge node, and the edge controller authenticates the legitimacy of the edge node according to the registration request information. Wherein, the registration request information may include the identity information of the edge node.
可选地,边缘控制器接收边缘节点发送的访问请求信息,边缘控制器根据访问请求信息对边缘节点进行访问鉴权。Optionally, the edge controller receives the access request information sent by the edge node, and the edge controller performs access authentication on the edge node according to the access request information.
可选地,边缘控制器接收边缘节点发送的数据包,边缘控制器对数据包进行流量过滤。Optionally, the edge controller receives the data packet sent by the edge node, and the edge controller performs traffic filtering on the data packet.
可选地,边缘控制器对边缘节点的状态、日志告警、资源利用情况及节点任务进行管理。Optionally, the edge controller manages the status of the edge node, log alarms, resource utilization, and node tasks.
图3是本申请实施例提供的一种边缘云的融合管理的系统架构的示意图。FIG. 3 is a schematic diagram of a system architecture of edge cloud convergence management provided by an embodiment of the present application.
如图3所示,边缘云120纳管第一边缘节点1301,第二边缘节点1302和第三边缘节点1303。应理解,边缘云120可以纳管多个边缘节点,本申请实施例仅选择3个边缘节点做示例,本申请并不限制边缘节点的数量。As shown in FIG. 3, the edge cloud 120 manages the first edge node 1301, the second edge node 1302, and the third edge node 1303. It should be understood that the edge cloud 120 can accommodate multiple edge nodes. The embodiment of the present application only selects three edge nodes as an example, and the present application does not limit the number of edge nodes.
其中,边缘云中可以包括边缘控制器2101,边缘控制器2101可以根据K8S生态接口标准与边缘云中的API服务器2102连接。Wherein, the edge cloud may include an edge controller 2101, and the edge controller 2101 may be connected to the API server 2102 in the edge cloud according to the K8S ecological interface standard.
可选地,边缘控制器2101在边缘云120中用于管理拉远的边缘节点,对边缘节点进行身份认证和访问控制,下发针对边缘节点的控制命令和处理边缘节点上报的状态,告警,日志等数据。边缘控制器2101还可以监听API服务器2102上的待执行任务,当待执行任务包括针对边缘节点的第一任务时,边缘控制器将第一任务发送至在边缘云上注册的对应于第一任务的边缘节点。Optionally, the edge controller 2101 is used in the edge cloud 120 to manage remote edge nodes, perform identity authentication and access control on the edge nodes, issue control commands for the edge nodes, and process the status and alarms reported by the edge nodes. Data such as logs. The edge controller 2101 can also monitor the task to be executed on the API server 2102. When the task to be executed includes the first task for the edge node, the edge controller sends the first task to the corresponding first task registered on the edge cloud. Edge node.
可选地,第一任务可以携带标识信息,用于指示其对应的边缘节点,边缘控制器通过标识信息将第一任务分配给对应的边缘节点,其中,对应的边缘节点可以是一个也可以是多个。Optionally, the first task may carry identification information to indicate its corresponding edge node, and the edge controller assigns the first task to the corresponding edge node through the identification information, where the corresponding edge node may be one or Multiple.
可选地,边缘控制器2101可以通过云边缘通信代理2104与边缘节点中的节点代理连接,进而对边缘节点进行纳管。如图3所示,边缘云120可以通过边缘控制器2101纳管第一边缘节点1301,第二边缘节点1302和第三边缘节点1303。Optionally, the edge controller 2101 may connect to the node agent in the edge node through the cloud edge communication agent 2104, and then manage the edge node. As shown in FIG. 3, the edge cloud 120 can manage the first edge node 1301, the second edge node 1302, and the third edge node 1303 through the edge controller 2101.
可选地,边缘云120还可以包括云内控制器2103,可以通过云内控制器2103与计算节点代理2201连接,实现对计算节点220的控制,计算节点220是边缘云120纳管的边缘集群中的一个集群节点。Optionally, the edge cloud 120 may also include an in-cloud controller 2103, which can be connected to the computing node agent 2201 through the in-cloud controller 2103 to control the computing node 220, which is an edge cluster managed by the edge cloud 120 A cluster node in the.
可选地,本申请实施例的技术方案也可以基于K3S生态实现。Optionally, the technical solutions of the embodiments of the present application can also be implemented based on K3S ecology.
本申请实施例基于K8S生态实现边缘节点和中心云的融合管理调度,构建了一个边缘云和边缘节点在管理,数据,任务和资源方面协同的底座,该底座既实现了管理运维的便捷性,又满足了业务弹性。灵活性和安全性的要求。解决了当前基于K8S生态的边缘计算方案在边缘节点管理和中心集群管理之间割裂的问题,避免了搭建多个K8S集群或者K8S实例带来的资源浪费和集群之间难以协作的问题。The embodiment of this application realizes the integrated management and scheduling of edge nodes and central clouds based on the K8S ecology, and builds a base for the collaboration of edge cloud and edge nodes in management, data, tasks, and resources. This base not only realizes the convenience of management, operation and maintenance. , And meet business flexibility. Flexibility and safety requirements. It solves the problem of separation between the edge node management and the central cluster management of the current edge computing solution based on the K8S ecology, and avoids the waste of resources caused by the construction of multiple K8S clusters or K8S instances and the difficulty of collaboration between clusters.
图4是本申请实施例提供的一种边缘控制器的架构的示意图。FIG. 4 is a schematic diagram of the architecture of an edge controller provided by an embodiment of the present application.
如图4所示,边缘控制器2101还可以包括任务管理模块350,任务管理模块350可以用于监听边缘云上的待执行任务,待执行任务可以包括针对边缘节点的任务;任务管理模块还用于当待执行任务包括针对边缘节点的第一任务时,将第一任务发送至在边缘云上注册的对应于第一任务的边缘节点。As shown in FIG. 4, the edge controller 2101 may also include a task management module 350. The task management module 350 may be used to monitor tasks to be performed on the edge cloud. The tasks to be performed may include tasks for edge nodes; the task management module also uses When the task to be executed includes the first task for the edge node, the first task is sent to the edge node corresponding to the first task registered on the edge cloud.
可选地,第一任务可以携带标识信息,用于指示其对应的边缘节点,任务管理模块350通过标识信息将第一任务分配给对应的边缘节点,其中,对应的边缘节点可以是一个也可以是多个。Optionally, the first task may carry identification information to indicate its corresponding edge node, and the task management module 350 assigns the first task to the corresponding edge node through the identification information, where the corresponding edge node may be one or more. It's multiple.
可选地,任务管理模块350可以与边缘云中的API服务器连接,负责监听边缘云中的API服务器,获取边缘云发送给边缘节点的相关命令或者任务。Optionally, the task management module 350 may be connected to an API server in the edge cloud, and is responsible for monitoring the API server in the edge cloud, and obtain related commands or tasks sent by the edge cloud to the edge node.
可选地,边缘控制器2101还可以包括身份认证模块320,身份认证模块320可以负责在边缘节点注册时候对边缘节点的合法性进行认证,以防非法的仿冒的边缘节点接入。Optionally, the edge controller 2101 may further include an identity authentication module 320, and the identity authentication module 320 may be responsible for authenticating the legitimacy of the edge node when the edge node is registered, so as to prevent illegal and counterfeit edge node access.
可选地,边缘控制器2101还可以包括鉴权/访问控制模块330,鉴权/访问控制模块330负责对边缘节点的访问请求信息进行鉴别,防止越权访问,还可以只让某些边缘节点通过指定的通信端口访问指定的服务。Optionally, the edge controller 2101 may also include an authentication/access control module 330. The authentication/access control module 330 is responsible for authenticating the access request information of the edge nodes to prevent unauthorized access, and it may also allow only certain edge nodes to pass through The specified communication port accesses the specified service.
可选地,边缘控制器2101还可以包括流量过滤模块340,流量过滤模块340可以负责对边缘节点上传的数据包进行过滤,只允许某些协议数据包上传到边缘云。Optionally, the edge controller 2101 may further include a traffic filtering module 340. The traffic filtering module 340 may be responsible for filtering data packets uploaded by the edge node, and only allow certain protocol data packets to be uploaded to the edge cloud.
可选地,边缘控制器2101还可以包括边缘节点管理模块360,边缘节点管理模块360可以负责管理边缘节点,功能可以包括边缘节点的状态管理,日志告警管理,资源利用情况管理,边缘节点任务查询等功能。Optionally, the edge controller 2101 may also include an edge node management module 360. The edge node management module 360 may be responsible for managing edge nodes. The functions may include edge node status management, log alarm management, resource utilization management, and edge node task query And other functions.
可选地,边缘控制器2101还可以包括API310,API310可以用于与外部进行数据包的交换,应理解,边缘控制器中的各个模块可以将与外部接口传输的数据发送给API310,由API310发送给目标接口,也可以从目标接口接收响应数据,转发给边缘控制器内的模块。API310可以与外部的身份认证系统240连接,用于进行身份认证,例如,身份认证系统240可以是IAM服务器。API310还可以与管理控制台230连接,方便查看和操作边缘节点。Optionally, the edge controller 2101 may also include API310. API310 can be used to exchange data packets with the outside. It should be understood that each module in the edge controller can send data transmitted with the external interface to API310, which is sent by API310. To the target interface, the response data can also be received from the target interface and forwarded to the module in the edge controller. The API 310 can be connected to an external identity authentication system 240 for identity authentication. For example, the identity authentication system 240 can be an IAM server. The API 310 can also be connected to the management console 230 to facilitate viewing and operating edge nodes.
可选地,可以根据需要对边缘控制器的模块进行裁剪,本申请对此并不做限制。例如,在简化实现中可以裁剪掉API,边缘云可以对边缘控制器内的功能模块进行直接调用,直接使用身份认证模块直接访问身份认证系统等。Optionally, the module of the edge controller can be tailored as required, which is not limited in this application. For example, in the simplified implementation, the API can be cut off, the edge cloud can directly call the function modules in the edge controller, and directly use the identity authentication module to directly access the identity authentication system.
图5是本申请实施例提供的一种建立边缘云的融合管理的系统的流程的示意图。Fig. 5 is a schematic diagram of a process of establishing a system for convergent management of edge clouds provided by an embodiment of the present application.
其中,边缘云包括边缘控制器,边缘控制器监听边缘云上的待执行任务,当待执行任务为针对边缘节点的任务时,边缘控制器将任务发送至在边缘云上注册的边缘节点。S401,选择边缘集群,边缘集群中包括多个集群节点。The edge cloud includes an edge controller, and the edge controller monitors tasks to be executed on the edge cloud. When the task to be executed is a task for an edge node, the edge controller sends the task to an edge node registered on the edge cloud. S401: Select an edge cluster, and the edge cluster includes multiple cluster nodes.
其中,管理员可以根据实际安排及需要选择合适的边缘集群,边缘集权中的多个集群几点作为边缘云控制的计算节点。Among them, the administrator can select the appropriate edge cluster according to the actual arrangement and needs, and the multiple clusters in the edge centralization are used as the computing nodes controlled by the edge cloud.
S402,创建集群命名空间(namespace)和边缘命名空间。S402: Create a cluster namespace (namespace) and an edge namespace.
其中,命名空间是为了解决相同作用域下的命名问题。从广义上来说,命名空间是一种封装事物的方法。例如,在操作系统中目录用来将相关文件分组,对于目录中的文件来说,它就扮演了命名空间的角色。Among them, the name space is to solve the naming problem under the same scope. Broadly speaking, a namespace is a way of encapsulating things. For example, in the operating system, a directory is used to group related files, and for the files in the directory, it plays the role of a namespace.
由于集群节点和边缘节点上需要执行不同的任务,可以通过创建不同的命名空间来区分集群节点和边缘节点。Since different tasks need to be performed on cluster nodes and edge nodes, the cluster nodes and edge nodes can be distinguished by creating different namespaces.
S403,配置边缘控制器监听边缘命名空间。S403: Configure the edge controller to monitor the edge namespace.
可选地,边缘控制器可以负责对边缘命名空间进行监听,确保命令不会错误地分发到其他不相关的命名空间,这样就可以避免一个针对边缘节点的管理命令被分发到集群节点中去。Optionally, the edge controller may be responsible for monitoring the edge namespace to ensure that commands are not erroneously distributed to other unrelated namespaces, so that a management command for the edge node can be prevented from being distributed to the cluster nodes.
S404,配置云内控制器监听集群命名空间。S404: Configure the in-cloud controller to monitor the cluster namespace.
可选地,云内控制器可以负责对集群命名空间进行监听,确保命令不会错误地分发到其他不相关的命名空间,这样就可以避免一个针对集群节点的管理命令被分发到不相关的节点中去。Optionally, the controller in the cloud can be responsible for monitoring the cluster namespace to ensure that commands are not erroneously distributed to other unrelated namespaces, so as to prevent a management command for cluster nodes from being distributed to unrelated nodes Go in.
S405,给边缘节点和集群节点打上不同的标记(label)。S405: Label the edge node and the cluster node with different labels.
其中,由于命名空间无法和节点绑定,还需要给集群节点和边缘节点打上不同的标记,K8S在执行命令时,可以根据指定的标记进行调度。Among them, because the namespace cannot be bound to the node, the cluster node and the edge node need to be marked with different marks. When the K8S executes the command, it can be scheduled according to the specified mark.
在S405后,可以进行两种操作,一种是创建进程(Pod),Pod是K8S最基本的调度单元,一个Pod内部封装了一个或多个紧密相关的容器;另一种是执行其他命令。After S405, two operations can be performed. One is to create a process (Pod). Pod is the most basic scheduling unit of K8S. A Pod encapsulates one or more closely related containers; the other is to execute other commands.
在创建Pod操作时,管理流程还包括:When creating a Pod operation, the management process also includes:
S406,在指定命名空间中创建Pod。S406: Create a Pod in the designated namespace.
可选地,在创建Pod时,边缘云中的调度器(scheduler)中的算法可以按照命名空间将任务准确无误地调度到边缘节点上,避免将一个本应该在边缘节点上创建的任务错误地在集群节点上创建。Optionally, when creating a Pod, the algorithm in the scheduler in the edge cloud can accurately schedule tasks to the edge node according to the namespace, avoiding mistakenly assigning a task that should be created on the edge node. Created on the cluster node.
S407,根据标记选择节点。S407: Select a node according to the mark.
可选地,在创建Pod时,边缘云中的调度器中的算法可以按照标记将任务准确无误地调度到边缘节点上,避免将一个本应该在边缘节点上创建的任务错误地在集群节点上创建。Optionally, when creating a Pod, the algorithm in the scheduler in the edge cloud can accurately schedule tasks to the edge node according to the mark, avoiding a task that should be created on the edge node on the cluster node by mistake create.
S408,任务运行在指定节点上。S408, the task runs on the designated node.
应理解,负责对集群节点和边缘节点进行管理的关键组件如边缘控制器和云内控制器可以分别监听对应的命名空间,确保命令不会错误地分发到其他不相关的命名空间,这样就可以避免一个针对边缘节点的管理命令被分发到集群节点中去。It should be understood that the key components responsible for the management of cluster nodes and edge nodes, such as edge controllers and cloud controllers, can respectively monitor the corresponding namespaces to ensure that commands are not distributed to other unrelated namespaces by mistake. Avoid a management command for edge nodes being distributed to cluster nodes.
在执行其他命令时,管理流程还包括:When executing other commands, the management process also includes:
S409,在指定的命名空间中执行命令。S409: Execute the command in the designated namespace.
S410,监听命令。S410: Monitor the command.
可选地,负责对集群节点和边缘节点进行管理的关键组件如边缘控制器和云内控制器可以分别监听对应的命名空间,确保命令不会错误地分发到其他不相关的命名空间,这样就可以避免一个针对边缘节点的管理命令被分发到集群节点中去。Optionally, key components responsible for the management of cluster nodes and edge nodes, such as edge controllers and cloud controllers, can monitor the corresponding namespaces respectively to ensure that commands are not distributed to other unrelated namespaces by mistake. It can avoid that a management command for edge nodes is distributed to cluster nodes.
S411,下发命令到节点代理(Kubelet)。S411: Send a command to the node agent (Kubelet).
本申请实施例基于K8S生态实现边缘节点和中心云的融合管理调度,构建了一个边缘 云和边缘节点在管理,数据,任务和资源方面协同的底座,该底座既实现了管理运维的便捷性,又满足了业务弹性。灵活性和安全性的要求。解决了当前基于K8S生态的边缘计算方案在边缘节点管理和中心集群管理之间割裂的问题,避免了搭建多个K8S集群或者K8S实例带来的资源浪费和集群之间难以协作的问题。The embodiment of this application realizes the integrated management and scheduling of edge nodes and central clouds based on the K8S ecology, and builds a base for the collaboration of edge cloud and edge nodes in management, data, tasks and resources. This base not only realizes the convenience of management, operation and maintenance , And meet business flexibility. Flexibility and safety requirements. It solves the problem of separation between the edge node management and the central cluster management of the current edge computing solution based on the K8S ecology, and avoids the waste of resources and the difficulty of collaboration between clusters caused by the construction of multiple K8S clusters or K8S instances.
图6是本申请实施例提供的一种边缘节点访问边缘云的流程的示意图。Fig. 6 is a schematic diagram of a process for an edge node to access an edge cloud according to an embodiment of the present application.
其中,边缘节点可以通过边缘云中的边缘控制器注册到边缘云中,并对边缘云进行访问。Among them, the edge node can register in the edge cloud through the edge controller in the edge cloud, and access the edge cloud.
S501,边缘节点启动。S501, the edge node starts.
S502,注册到边缘云。S502, register to the edge cloud.
可选地,边缘节点启动后首先注册到一个指定的边缘云,可以向边缘云发送注册请求信息,注册请求信息中可以包括该边缘节点的身份信息。Optionally, after the edge node is started, it first registers with a designated edge cloud, and can send registration request information to the edge cloud, and the registration request information can include the identity information of the edge node.
S503,双向身份认证。如果认证失败,则断开双方连接。S503, two-way identity authentication. If the authentication fails, the connection between the two parties is disconnected.
可选地,边缘云收到边缘节点的注册请求信息后,边缘云中边缘控制器的身份认证模块接收到身份信息后对边缘节点的合法性进行认证,同时边缘云也向边缘节点发出该边缘云的身份信息,边缘节点也对边缘云的合法性进行认证,双向认证过程中的任何一方认证失败,则断开连接。Optionally, after the edge cloud receives the registration request information of the edge node, the identity authentication module of the edge controller in the edge cloud receives the identity information and authenticates the legitimacy of the edge node, and the edge cloud also sends the edge to the edge node. For the identity information of the cloud, the edge node also authenticates the legitimacy of the edge cloud. If any party fails in the two-way authentication process, the connection will be disconnected.
S504,认证通过,注册成功。S504: The authentication is passed and the registration is successful.
可选地,认证通过后,边缘节点顺利注册到边缘云,边缘云中边缘控制器的边缘节点管理模块可以为该边缘节点创建记录并保存有关该节点的各种信息。Optionally, after the authentication is passed, the edge node is successfully registered to the edge cloud, and the edge node management module of the edge controller in the edge cloud can create a record for the edge node and save various information about the node.
S505,访问边缘云资源。S505: Access edge cloud resources.
可选地,注册成功后,边缘节点可以请求访问边缘云资源Optionally, after successful registration, the edge node can request access to edge cloud resources
S506,访问鉴权,边缘云如果判定边缘节点的权限不够,则拒绝边缘节点的访问请求。S506: Access authentication. If the edge cloud determines that the authority of the edge node is insufficient, it rejects the access request of the edge node.
可选地,边缘云中边缘控制器的鉴权/访问控制模块对边缘节点发送的访问请求信息进行鉴权,以防止边缘节点越权访问受保护资源。Optionally, the authentication/access control module of the edge controller in the edge cloud authenticates the access request information sent by the edge node to prevent the edge node from unauthorized access to the protected resource.
S507,流量过滤,边缘云如果判定边缘节点产生非法/恶意流量,则拒绝边缘节点的访问请求。S507, traffic filtering, if the edge cloud determines that the edge node generates illegal/malicious traffic, it rejects the access request of the edge node.
可选地,访问鉴权通过后,边缘节点可以向边缘云发起访问请求或者上传各种数据包,边缘云中边缘控制器的流量过滤模块会扫描数据包,以过滤掉非法数据包或者恶意数据包。Optionally, after the access authentication is passed, the edge node can initiate an access request to the edge cloud or upload various data packets, and the traffic filtering module of the edge controller in the edge cloud scans the data packets to filter out illegal data packets or malicious data package.
S508,所有认证通过,准许边缘节点访问边缘云。In S508, all authentications are passed, and the edge node is permitted to access the edge cloud.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。A person of ordinary skill in the art may realize that the units and algorithm steps of the examples described in combination with the embodiments disclosed herein can be implemented by electronic hardware or a combination of computer software and electronic hardware. Whether these functions are performed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of description, the specific working process of the system, device and unit described above can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件 可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method may be implemented in other ways. For example, the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地生成按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或中心云通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或中心云进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、中心云等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘(solid state disk,SSD))等。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented by software, it can be implemented in the form of a computer program product in whole or in part. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions described in the embodiments of the present application are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or central cloud. Transmission to another website site, computer, server or central cloud via wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or central cloud integrated with one or more available media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above are only specific implementations of this application, but the protection scope of this application is not limited to this. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in this application. Should be covered within the scope of protection of this application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims (11)

  1. 一种边缘云的融合管理的方法,其特征在于,所述方法应用于边缘计算系统的边缘云中的边缘控制器,所述边缘计算系统包括中心云、边缘云和边缘节点,其中,所述边缘控制器与所述边缘节点通信连接,所述方法包括:A method for integrated management of edge clouds, characterized in that the method is applied to an edge controller in an edge cloud of an edge computing system, and the edge computing system includes a central cloud, an edge cloud, and an edge node, wherein the The edge controller communicates with the edge node, and the method includes:
    所述边缘控制器监听所述边缘云上的待执行任务,其中,所述待执行任务包括从所述中心云获取的任务或所述边缘云产生的任务;The edge controller monitors the tasks to be executed on the edge cloud, where the tasks to be executed include tasks obtained from the central cloud or tasks generated by the edge cloud;
    当所述待执行任务包括针对边缘节点的第一任务时,所述边缘控制器将所述第一任务发送至在所述边缘云上注册的对应于所述第一任务的边缘节点。When the task to be executed includes a first task for an edge node, the edge controller sends the first task to an edge node registered on the edge cloud and corresponding to the first task.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    所述边缘控制器接收所述边缘节点发送的注册请求信息,所述边缘控制器根据所述注册请求信息对所述边缘节点的合法性进行认证。The edge controller receives registration request information sent by the edge node, and the edge controller authenticates the legitimacy of the edge node according to the registration request information.
  3. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    所述边缘控制器接收所述边缘节点发送的访问请求信息,所述边缘控制器根据所述访问请求信息对所述边缘节点进行访问鉴权。The edge controller receives the access request information sent by the edge node, and the edge controller performs access authentication on the edge node according to the access request information.
  4. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    所述边缘控制器接收所述边缘节点发送的数据包,所述边缘控制器对所述数据包进行流量过滤。The edge controller receives the data packet sent by the edge node, and the edge controller performs traffic filtering on the data packet.
  5. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    所述边缘控制器对所述边缘节点的状态、日志告警、资源利用情况及节点任务进行管理。The edge controller manages the status of the edge node, log alarms, resource utilization, and node tasks.
  6. 一种边缘控制器,其特征在于,所述边缘控制器位于边缘计算系统的边缘云中,所述边缘计算系统包括中心云、边缘云和边缘节点,其中,所述边缘控制器与所述边缘节点通信连接,所述边缘控制器包括:An edge controller, characterized in that the edge controller is located in an edge cloud of an edge computing system, the edge computing system includes a central cloud, an edge cloud, and an edge node, wherein the edge controller and the edge Node communication connection, the edge controller includes:
    任务管理模块,用于监听所述边缘云上的待执行任务,其中,所述待执行任务包括从所述中心云获取的任务和/或所述边缘云产生的任务;A task management module, configured to monitor tasks to be executed on the edge cloud, where the tasks to be executed include tasks obtained from the central cloud and/or tasks generated by the edge cloud;
    所述任务管理模块还用于当所述待执行任务包括所述针对边缘节点的第一任务时,将所述第一任务发送至在所述边缘云上注册的对应于所述第一任务的边缘节点。The task management module is further configured to, when the task to be executed includes the first task for the edge node, send the first task to a register corresponding to the first task on the edge cloud. Edge node.
  7. 根据权利要求6所述的边缘控制器,其特征在于,所述边缘控制器包括:The edge controller according to claim 6, wherein the edge controller comprises:
    身份认证模块,所述身份认证模块用于对所述边缘节点的合法性进行认证。The identity authentication module is used to authenticate the legitimacy of the edge node.
  8. 根据权利要求6所述的边缘控制器,其特征在于,所述边缘控制器包括:The edge controller according to claim 6, wherein the edge controller comprises:
    所述边缘控制器还包括鉴权/访问控制模块,所述鉴权/访问控制模块用于对所述边缘节点的访问请求进行鉴权。The edge controller further includes an authentication/access control module, and the authentication/access control module is used to authenticate the access request of the edge node.
  9. 根据权利要求6所述的边缘控制器,其特征在于,所述边缘控制器包括:The edge controller according to claim 6, wherein the edge controller comprises:
    流量过滤模块,所述流量过滤模块用于对所述边缘节点发送的数据包进行过滤。A flow filtering module, which is used to filter data packets sent by the edge node.
  10. 根据权利要求6所述的边缘控制器,其特征在于,所述边缘控制器包括:The edge controller according to claim 6, wherein the edge controller comprises:
    边缘节点管理模块,所述边缘节点管理模块用于对所述边缘节点的状态、日志告警、资源利用情况及节点任务进行管理。An edge node management module, which is used to manage the state, log alarms, resource utilization and node tasks of the edge node.
  11. 根据权利要求6所述的边缘控制器,其特征在于,所述边缘控制器包括:The edge controller according to claim 6, wherein the edge controller comprises:
    应用程序接口,所述应用程序接口用于与外部接口进行数据包的交换。An application program interface, which is used to exchange data packets with an external interface.
PCT/CN2020/083406 2019-08-23 2020-04-05 Method and device for edge cloud fusion management WO2021036265A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910782177.4 2019-08-23
CN201910782177.4A CN110633144A (en) 2019-08-23 2019-08-23 Method and device for fusion management of edge cloud

Publications (1)

Publication Number Publication Date
WO2021036265A1 true WO2021036265A1 (en) 2021-03-04

Family

ID=68970588

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/083406 WO2021036265A1 (en) 2019-08-23 2020-04-05 Method and device for edge cloud fusion management

Country Status (2)

Country Link
CN (1) CN110633144A (en)
WO (1) WO2021036265A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022213529A1 (en) * 2021-04-07 2022-10-13 华为云计算技术有限公司 Instance deployment method and apparatus, cloud system, computing device, and storage medium

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110633144A (en) * 2019-08-23 2019-12-31 成都华为技术有限公司 Method and device for fusion management of edge cloud
CN111182076B (en) * 2020-01-02 2022-08-02 合肥工业大学 Cloud-edge cooperative smart power grid monitoring system and resource allocation and scheduling method thereof
CN111314149B (en) * 2020-02-26 2023-07-18 赛特斯信息科技股份有限公司 System for realizing unified monitoring operation and maintenance management based on multiple edge cloud platforms
CN111464611B (en) * 2020-03-30 2022-07-12 中科边缘智慧信息科技(苏州)有限公司 Method for efficiently accessing service between fixed cloud and edge node in dynamic complex scene
CN113301587B (en) * 2020-04-15 2022-06-03 阿里巴巴集团控股有限公司 Node control method, network system, device and storage medium
CN111432036B (en) * 2020-04-26 2023-01-17 恩亿科(北京)数据科技有限公司 Management system and management method of edge cloud platform
CN111597043B (en) * 2020-05-14 2024-05-10 行星算力(深圳)科技有限公司 Full scene edge calculation method, device and system
CN113300865B (en) * 2020-05-19 2022-06-03 阿里巴巴集团控股有限公司 Management and control method, network system, equipment and storage medium
CN111421554B (en) * 2020-05-22 2021-05-04 中国科学院自动化研究所 Mechanical arm intelligent control system, method and device based on edge calculation
CN111556516B (en) * 2020-05-25 2022-08-16 南京邮电大学 Distributed wireless network task cooperative distribution method facing delay and energy efficiency sensitive service
CN112463405A (en) * 2020-06-06 2021-03-09 宋倩云 Big data processing method based on edge computing and central cloud server
CN113300866B (en) * 2020-06-16 2022-05-27 阿里巴巴集团控股有限公司 Node capacity control method, device, system and storage medium
CN111970240B (en) * 2020-07-10 2023-03-24 北京金山云网络技术有限公司 Cluster receiving and managing method and device and electronic equipment
CN111935714B (en) * 2020-07-13 2022-11-22 兰州理工大学 Identity authentication method in mobile edge computing network
CN111885136B (en) * 2020-07-15 2022-07-26 北京时代凌宇科技股份有限公司 Edge computing gateway cluster operation method and system based on edge cloud cooperation
CN111984408B (en) * 2020-08-14 2021-04-20 昆山华泛信息服务有限公司 Data cooperative processing method based on big data and edge computing and edge cloud platform
CN111682973B (en) * 2020-08-17 2020-11-13 烽火通信科技股份有限公司 Method and system for arranging edge cloud
CN112272201B (en) * 2020-09-15 2022-05-27 网宿科技股份有限公司 Equipment management method, system and management cluster
CN112099951A (en) * 2020-09-16 2020-12-18 济南浪潮高新科技投资发展有限公司 KubeEdge component-based local edge device collaborative computing method
CN112511586A (en) * 2020-10-21 2021-03-16 中国铁道科学研究院集团有限公司通信信号研究所 High-speed railway intelligent traffic scheduling safety card control system based on cloud edge cooperation
CN112291333A (en) * 2020-10-26 2021-01-29 济南浪潮高新科技投资发展有限公司 Edge device cooperative computing method based on affinity registration mechanism
CN114531467B (en) * 2020-11-04 2023-04-14 中移(苏州)软件技术有限公司 Information processing method, equipment and system
US11343315B1 (en) 2020-11-23 2022-05-24 International Business Machines Corporation Spatio-temporal social network based mobile kube-edge auto-configuration
CN112565415B (en) * 2020-12-03 2022-05-31 杭州谐云科技有限公司 Cross-region resource management system and method based on cloud edge cooperation
CN112995171B (en) * 2021-02-24 2023-04-28 国网江苏省电力有限公司信息通信分公司 Cloud computing container management method based on regional position
CN113163162B (en) * 2021-03-09 2023-07-18 腾讯科技(深圳)有限公司 Service providing method based on video cloud and video cloud system
CN113179190B (en) * 2021-06-29 2022-01-07 深圳智造谷工业互联网创新中心有限公司 Edge controller, edge computing system and configuration method thereof
CN113342478B (en) * 2021-08-04 2022-02-01 阿里云计算有限公司 Resource management method, device, network system and storage medium
CN113783862B (en) * 2021-09-02 2023-06-02 北京国联视讯信息技术股份有限公司 Method and device for checking data in edge cloud cooperation process
CN114338670B (en) * 2021-12-24 2023-12-26 中汽创智科技有限公司 Edge cloud platform and network-connected traffic three-level cloud control platform with same
CN115208922B (en) * 2022-07-15 2023-11-03 鹿马智能科技(上海)有限公司 Hotel management system based on edge calculation
CN115665744B (en) * 2022-11-21 2023-05-23 成都卫士通信息产业股份有限公司 Internet of vehicles interaction method, device, equipment and medium
CN116260699A (en) * 2023-04-03 2023-06-13 中国电子技术标准化研究院 Industrial Internet system based on cloud edge end cooperation and implementation method
CN117938617B (en) * 2024-03-19 2024-06-21 济南浪潮数据技术有限公司 Device management method, device, computer device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102684903B (en) * 2011-12-23 2015-09-16 中兴通讯股份有限公司 A kind of management platform, system and method realizing the access of cloud storage multiple resource node
US20190012218A1 (en) * 2017-07-10 2019-01-10 Nokia Solutions And Networks Oy Event handling in distributed event handling systems
CN109491790A (en) * 2018-11-02 2019-03-19 中山大学 Industrial Internet of Things edge calculations resource allocation methods and system based on container
CN109936619A (en) * 2019-01-18 2019-06-25 中国科学院空间应用工程与技术中心 A kind of Information Network framework, method and readable storage medium storing program for executing calculated based on mist
CN110633144A (en) * 2019-08-23 2019-12-31 成都华为技术有限公司 Method and device for fusion management of edge cloud

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101583024B (en) * 2009-06-04 2011-06-22 中兴通讯股份有限公司 Distributed network video monitoring system and registration control method thereof
KR101926394B1 (en) * 2017-09-19 2018-12-07 경희대학교 산학협력단 System of cloud computing and method for detaching load in cloud computing system
DE112017008102T5 (en) * 2017-09-30 2020-07-09 Intel Corporation TECHNOLOGIES FOR MANAGING ACCELERATOR RESOURCES BY A CLOUD RESOURCE MANAGER
CN109729115B (en) * 2017-10-30 2023-03-21 张瑜 Method, device, proxy server and terminal equipment for realizing distributed computation
CN109889575B (en) * 2019-01-15 2020-08-25 北京航空航天大学 Collaborative computing platform system and method under edge environment
CN109918894B (en) * 2019-03-01 2020-11-27 中南大学 Reputation-based trust evaluation method in edge computing network video processing
CN110022371A (en) * 2019-04-16 2019-07-16 山东超越数控电子股份有限公司 One kind managing platform and its working method towards the cloud security of " side Yun Xietong " Yun Zhongxin

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102684903B (en) * 2011-12-23 2015-09-16 中兴通讯股份有限公司 A kind of management platform, system and method realizing the access of cloud storage multiple resource node
US20190012218A1 (en) * 2017-07-10 2019-01-10 Nokia Solutions And Networks Oy Event handling in distributed event handling systems
CN109491790A (en) * 2018-11-02 2019-03-19 中山大学 Industrial Internet of Things edge calculations resource allocation methods and system based on container
CN109936619A (en) * 2019-01-18 2019-06-25 中国科学院空间应用工程与技术中心 A kind of Information Network framework, method and readable storage medium storing program for executing calculated based on mist
CN110633144A (en) * 2019-08-23 2019-12-31 成都华为技术有限公司 Method and device for fusion management of edge cloud

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022213529A1 (en) * 2021-04-07 2022-10-13 华为云计算技术有限公司 Instance deployment method and apparatus, cloud system, computing device, and storage medium

Also Published As

Publication number Publication date
CN110633144A (en) 2019-12-31

Similar Documents

Publication Publication Date Title
WO2021036265A1 (en) Method and device for edge cloud fusion management
RU2707717C2 (en) Mobile authentication in mobile virtual network
US11399283B2 (en) Tenant service set identifiers (SSIDs)
CN100340084C (en) A method for implementing equipment group and intercommunication between grouped equipments
CN1276368C (en) Access limitation controlling device and method
EP2767058B1 (en) Method and apparatus for managing access for trusted and untrusted applications
Kelbert et al. Data usage control enforcement in distributed systems
EP3175381B1 (en) Method and system for providing a virtual asset perimeter
US8745223B2 (en) System and method of distributed license management
GB2551792A (en) Elastic outbound gateway
EP3295652B1 (en) Methods, systems, and apparatuses of service provisioning for resource management in a constrained environment
US20100030346A1 (en) Control system and control method for controlling controllable device such as peripheral device, and computer program for control
CN102984045A (en) Access method of Virtual Private Network and Virtual Private Network client
WO2016190663A1 (en) Security management device and security management method in home network system
US20150229627A1 (en) Communication apparatus, communication system, method of controlling communication apparatus, and storage medium
CN110335498A (en) A kind of parking lot road brake system and information interacting method based on block chain
CN108347449B (en) Method and equipment for managing remote login
JP2012070225A (en) Network relay device and transfer control system
CN105681352B (en) A kind of wireless network access safety management-control method and system
JP2011108183A (en) Communication control system, central device, terminal device, and computer program
US20180288673A1 (en) System, method and apparatus associated with pre-existing wifi network technology
US11140001B2 (en) Method for providing data packets from a CAN bus, control device and system having a CAN bus
JP6150137B2 (en) Communication device, heterogeneous communication control method, and operation management expertise exclusion method
WO2015149530A1 (en) M2m application service method, device and system
JP2004318663A (en) Network management operation system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20857794

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20857794

Country of ref document: EP

Kind code of ref document: A1