CN101677275B - System and method of managing network element authority - Google Patents
System and method of managing network element authority Download PDFInfo
- Publication number
- CN101677275B CN101677275B CN2008102161784A CN200810216178A CN101677275B CN 101677275 B CN101677275 B CN 101677275B CN 2008102161784 A CN2008102161784 A CN 2008102161784A CN 200810216178 A CN200810216178 A CN 200810216178A CN 101677275 B CN101677275 B CN 101677275B
- Authority
- CN
- China
- Prior art keywords
- network element
- veneer
- configuration file
- module
- master control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/085—Retrieval of network configuration; Tracking network configuration history
- H04L41/0853—Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
- H04L41/0856—Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information by backing up or archiving configuration information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a system and a method of managing the network element authority. The system of managing the network element authority comprises a network element management side and a network element side which is connected with the network element management side. The network element management side is provided with a user password setting module, a login password setting module and a data configuring module, wherein the user password setting module is used for setting user password message, the login password setting module is used for logging in the password, and the data configuring module is used for converting the user password message into a user password configuring file. The network element side is provided with a database component and an authenticating module, wherein the database component is used for storing the user password configuring file, and the authenticating module is used for authenticating the network element login password and the user password configuring file. The system and the method of managing the network element authority are safer because the authenticating module is arranged on the network element side, and the network element side and the database component thereof are not arranged in the local site.
Description
Technical field
The present invention relates to the communications field, in particular, a kind of managing network element authority system and method.
Background technology
Present communications industry high speed development, it is huge day by day that communication network becomes.Operator need manage hundreds of in same supervising the network simultaneously, even thousands of communication equipments, and along with the continuous development of operator, the continuous surge of customer volume is constantly increased the management quantity and the NE management security requirement of network element device.
In network management framework; By Element management system network element is managed; According to the regulation in the TDS0225 People's Republic of China (PRC) communication industry standard, the six functions that Element management system need possess: safety management function, alarm management function, performance management function, system management function, configuration management function, topology management function.The realization of network element safety is following in the prior art:
At first NE management side (being Element management system) is provided with user cipher; Then, network element side (promptly controlling veneer) is sent the request that connects to the NE management side; After connecting foundation, the NE management side joint is received local management user's login password, accomplishes network element authority information authentication (being also referred to as authentication) in the NE management side, behind the network element authority information authentication success network element is managed.
The problem that exists in the prior art is: the authentication of network element authority information is carried out in the NE management side, because NE management side and database are installed in this locality, fail safe is low.In addition, when the NE management authority is set, be merely able at one time single network element is provided with the NE User password,, the NE User password be set one by one, inefficiency for thousands of network elements in the Element management system.
Therefore, also there is defective in prior art, awaits improving and development.
Summary of the invention
The technical problem that the present invention solves provides a kind of managing network element authority system and method, and this system and method can improve the fail safe of managing network element authority.
For solving the problems of the technologies described above, the present invention adopts following scheme:
A kind of managing network element authority system, the network element side that comprises the NE management side and be attached thereto, this NE management side is provided with: be respectively applied for that the user cipher that user cipher message and login password are set is provided with module and login password is provided with module; Be used for said user cipher message is converted into the data configuration module of user cipher configuration file; This network element side is provided with the master control veneer and controls veneer accordingly fully with said master control veneer, and said master control veneer comprises: the database member that is used to store said user cipher configuration file; Be used for said network element login password and said user cipher configuration file are carried out the authentication module of authentication; The said veneer of controlling fully is used to preserve said user cipher configuration file.
Described system, wherein, said network side also comprises with said master control veneer controls veneer accordingly fully, is used to preserve said user cipher configuration file.
Described system, wherein, said master control veneer and the corresponding with it said veneer of controlling fully all are provided with active and standby control board data simultaneous module, are used for the said user cipher configuration file that said master control veneer is preserved write controlling veneer accordingly fully.
Described system, wherein, said authentication module is arranged in the said database member.
The present invention also provides a kind of managing network element authority method, may further comprise the steps: S1, NE management side joint are received the user cipher message, and after converting configuration file into, are saved to the network element side; Said configuration file is saved to the master control veneer of network element side and controls veneer fully; S2, said network element side are received login password from said NE management side joint, and this login password and said configuration file are carried out authentication.
Described method, wherein, said step S1 comprises: said configuration file is saved to one or more selected master control veneers.
Described method, wherein, said step S1 comprises: said master control veneer is synchronized to said configuration file and controls veneer accordingly fully.
Compared with prior art, managing network element authority system and method for the present invention through authentication module being arranged on the network element side, is not arranged on this locality because of network element side and database member thereof again, has therefore improved fail safe, in addition, native system simple in structure, reliability is high; In practical application, implement simply have actual application value.
Description of drawings
Fig. 1 is the realization block diagram of managing network element authority of the present invention system;
Fig. 2 is the realization block diagram of managing network element authority system and method for the present invention;
Fig. 3 is the schematic flow sheet of managing network element authority method of the present invention.
Embodiment
Below in conjunction with embodiment and accompanying drawing the present invention is described in further detail.
Managing network element authority system and method for the present invention is for realizing improving the purpose of fail safe; The technology of mainly taking is that authentication module is arranged on the network element side; Network element side and database member thereof are not arranged on this locality like this, and then realize improving the purpose of fail safe, and are provided with the building blocks of function that issues to a plurality of master control veneer partition of network element side; Realized a plurality of master control veneers are write password, improved efficient.
As depicted in figs. 1 and 2, managing network element authority of the present invention system comprises interconnective NE management side and network element side;
The network element side adopts Element management system 100, comprising: NE User password setting module 110 (be called for short user cipher module is set), network element login password are provided with module 120 (be called for short login password module is set), network element data configuration module 130, building blocks of function 140;
The network element side comprises a master control veneer 200 at least; Master control veneer 200 comprises: network element interface module 210, database member 220, authentication module 230.
User cipher is provided with module 110 and is used to be provided with the user cipher message, comprising unit 111 being set and revising unit 112, unit 111 is set is used for the user cipher message is provided with, and revises unit 112 and is used for the user cipher message is made amendment; Login password is provided with module 120 and is used to be provided with login password; Network element data configuration module 130 is used for converting the user cipher message into the user cipher configuration file; And the user cipher configuration file write database member 220; Network element data configuration module 130 comprises converting unit 131 and writing unit 132; Converting unit 131 is used for converting the user cipher message into the user cipher configuration file, and writing unit 132 is used for the user cipher configuration file is write database member 220; When network side had a plurality of master control veneer 100, building blocks of function 140 was used for said user cipher configuration file split and is issued to selected master control veneer 100.
Network element interface module 210 is used to provide internally and external interface, is responsible for interface conversion; Database member 220 is used to store said user cipher configuration file; Authentication module 230 is used for the user cipher configuration file of network element login password and database member 220 stored is carried out authentication.As preferably, can authentication module 230 be integrated in the inside of database member 220.
Master control veneer 200 in this execution mode; Initial configuration to network element is provided, receives the order of webmaster side and analyze, through the intercommunication interface to each veneer issuing command of network element; Carry out corresponding operating, the reporting message with each veneer is transmitted to the webmaster side simultaneously; Database member 220 is responsible for the access of interface command to database table, database management function.During work, the network element login password of user's input is consistent with the password in being kept at network element master control veneer database member, the authentication success, and the demonstration network element is successfully logined in network management topological figure; Failed authentication sends the chain rupture message by the network element interface module to webmaster, and the network element in the webmaster shows the login failure information, and network element connects disconnection; Through this system, can the NE User password be carried out authentification of message in the network element side, can carry out many NE User password setting, network element authority authentication simultaneously, improved NE management efficient, increased the fail safe of NE management.
Further, network side also comprises with master control veneer 200 controls veneer 300 accordingly fully, controls veneer 300 fully and is used to preserve said user cipher configuration file.Master control veneer 200 and control veneer 300 with it accordingly fully and all be provided with active and standby control board data simultaneous module 400; Be used for the user cipher configuration file that master control veneer 200 is preserved write and control veneer 300 accordingly fully, consistent to realize active and standby control veneer NE User code data.
The structure that is equipped with Be Controlled veneer 300 is identical with master control Be Controlled veneer 200, controls fully in the veneer 300 also to comprise: control fully veneer network element interface module 210, fully control veneer database member 220, control veneer authentication module 230 fully.This design of Be Controlled veneer makes the network element side form the single-chip protection function of master control veneer and subsequent use control veneer one-plus-one, realizes the master control veneer, controls single-chip protection mechanism fully.
The present invention also provides a kind of managing network element authority method, and is as shown in Figure 3, may further comprise the steps:
10, the NE management side joint is received the user cipher message, and after converting configuration file into, is saved to the network element side; This step comprises:
11, NE User password (hereinafter to be referred as user cipher) is set; This flow process may further include the step of revising user cipher, when revising user cipher, has limited the login user information of having only NMS user can revise network element, and this step has limited and can only revise the operated network element of current login user.
12, whether break and be issued to the network element that the user selectes; Be execution in step 13 then, otherwise execution in step 14;
13, carry out partition and be issued to the network element that the user selectes, the NE User password is issued to selected a plurality of network element devices, execution in step 15;
14, carry out to be regardless of to pull down and be dealt into each element of installation, the NE User password is issued to the single network element device of appointment, execution in step 15;
15, building blocks of function is provided with the user cipher message that module issues with user cipher, converts configuration file into, and writes network element master control veneer database member.
20, said network element side is received login password from said NE management side joint, and this login password and said configuration file are carried out authentication.
21, the user imports the network element login password;
22, after master control borad is received this order, carry out authentication, judge whether this network element allows to insert according to the configuration file of user cipher.Carry out authentication promptly,, judged whether the execution authority according to the comparing result of login password and configuration file; Consistent authentication success, the execution in step 23 of then being judged as of login password with configuration file; Otherwise execution in step 30;
23, the execution authority is arranged, i.e. inquiry or configuration operation to this network element are carried out in authentication success; If NE User password configuration file is an initial condition is empty, then can login network element; This step may further include following processing:
24, carry out Telnet inquiring user password, two kinds of results of this generating step, if success then execution in step 25, otherwise redirect finishes, and directly logs off;
25, carry out Telnet inquiring user password, the password for inquiry success.
26, the active and standby control board NE User code data of execution is synchronous; Two kinds of results of this generating step, if success then execution in step 27, otherwise redirect finishes, and directly logs off;
27, carry out active and standby control board user cipher data sync, with the user cipher data sync between the active and standby control board.The user cipher configuration file that master control veneer 200 is preserved writes controls veneer 300 accordingly fully, consistent to realize active and standby control veneer NE User code data.This design makes the network element side form the single-chip protection function of master control veneer and subsequent use control veneer one-plus-one, realizes the master control veneer, controls single-chip protection mechanism fully.
30, do not carry out authority, return failed authentication information to webmaster side, redirect finishes, and returns error code " failed authentication does not allow login ".
The present invention provides a kind of managing network element authority system and method; Can the NE User password be carried out authentification of message in the network element side; And can carry out many NE User password setting, network element authority authentication simultaneously; Improved efficient, the present invention transmits network management technical specification-EMS systemic-function to the communication industry standard SDH of the TDS0225 People's Republic of China (PRC), and the network element safety management function expands.In addition, native system simple in structure, reliability is high; In practical application, implement simply have actual application value.
Should be understood that; The above embodiment that provides is just to explanation of the present invention; And be not to be understood that and be limitation of the present invention, to those skilled in the art, can improve or conversion according to above-mentioned explanation; And all these improve and conversion all should be disclosed principle and characteristic, all belong to protection scope of the present invention.
Claims (6)
1. managing network element authority system, the network element side that comprises the NE management side and be attached thereto,
This NE management side is provided with: be respectively applied for that the user cipher that user cipher message and login password are set is provided with module and login password is provided with module; Be used for said user cipher message is converted into the data configuration module of user cipher configuration file;
It is characterized in that this network element side is provided with the master control veneer and controls veneer accordingly fully with said master control veneer, said master control veneer comprises: the database member that is used to store said user cipher configuration file; Be used for said network element login password and said user cipher configuration file are carried out the authentication module of authentication; The said veneer of controlling fully is used to preserve said user cipher configuration file.
2. system according to claim 1; It is characterized in that; Said master control veneer and the corresponding with it said veneer of controlling fully all are provided with active and standby control board data simultaneous module, are used for the said user cipher configuration file that said master control veneer is preserved write controlling veneer accordingly fully.
3. system according to claim 1 is characterized in that, said authentication module is arranged in the said database member.
4. managing network element authority method may further comprise the steps:
S1, NE management side joint are received the user cipher message, and after converting configuration file into, are saved to the network element side; Said configuration file is saved to the master control veneer of network element side and controls veneer fully;
S2, said network element side are received login password from said NE management side joint, and this login password and said configuration file are carried out authentication.
5. method according to claim 4 is characterized in that, said step S1 comprises: said configuration file is saved to one or more selected master control veneers.
6. method according to claim 4 is characterized in that, said step S1 comprises: said master control veneer is synchronized to said configuration file and controls veneer accordingly fully.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008102161784A CN101677275B (en) | 2008-09-19 | 2008-09-19 | System and method of managing network element authority |
PCT/CN2008/073874 WO2010031234A1 (en) | 2008-09-19 | 2008-12-30 | System and method for managing network element right |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008102161784A CN101677275B (en) | 2008-09-19 | 2008-09-19 | System and method of managing network element authority |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101677275A CN101677275A (en) | 2010-03-24 |
CN101677275B true CN101677275B (en) | 2012-05-23 |
Family
ID=42029699
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2008102161784A Expired - Fee Related CN101677275B (en) | 2008-09-19 | 2008-09-19 | System and method of managing network element authority |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101677275B (en) |
WO (1) | WO2010031234A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102752780A (en) * | 2012-06-11 | 2012-10-24 | 中兴通讯股份有限公司 | Method and device for managing system user |
CN103078757B (en) * | 2013-01-04 | 2016-06-15 | 中兴通讯股份有限公司 | Based on the network element managing method and system of near-field communication, inspection terminal, webmaster and network element device |
CN112671565B (en) * | 2020-12-16 | 2023-02-21 | 中盈优创资讯科技有限公司 | 5G core network topology discovery method and device based on signaling link |
CN114500034B (en) * | 2022-01-24 | 2023-01-31 | 北京新桥信通科技股份有限公司 | Data service security management and control method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101018155A (en) * | 2007-02-08 | 2007-08-15 | 华为技术有限公司 | Network element management method, system and network element |
CN101197711A (en) * | 2007-12-06 | 2008-06-11 | 华为技术有限公司 | Method, device and system for implementing unified authentication management |
CN101247239A (en) * | 2008-03-10 | 2008-08-20 | 中兴通讯股份有限公司 | Authenticated authorization accounting system and implementing method thereof |
-
2008
- 2008-09-19 CN CN2008102161784A patent/CN101677275B/en not_active Expired - Fee Related
- 2008-12-30 WO PCT/CN2008/073874 patent/WO2010031234A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101018155A (en) * | 2007-02-08 | 2007-08-15 | 华为技术有限公司 | Network element management method, system and network element |
CN101197711A (en) * | 2007-12-06 | 2008-06-11 | 华为技术有限公司 | Method, device and system for implementing unified authentication management |
CN101247239A (en) * | 2008-03-10 | 2008-08-20 | 中兴通讯股份有限公司 | Authenticated authorization accounting system and implementing method thereof |
Also Published As
Publication number | Publication date |
---|---|
WO2010031234A1 (en) | 2010-03-25 |
CN101677275A (en) | 2010-03-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3010114B1 (en) | Method for controlling automatic identification of application network topology by power distribution network | |
CN103108262B (en) | The method of optical network unit configuration file upgrading in GPON system | |
CN103281197A (en) | ForCES configuration method based on NETCONF | |
CN106027287B (en) | Unified management and control platform of power distribution communication network | |
CN101677275B (en) | System and method of managing network element authority | |
CN101150451B (en) | A monitoring system for single board status of network device and its monitoring method | |
USRE46770E1 (en) | Computer managing method | |
CN106453541A (en) | Data synchronization method, server and data synchronization system | |
CN103378979A (en) | Passive optical network management method, device and system | |
CN101958939A (en) | Automatic distribution method and system for multi-machine communication node equipment key address | |
CN102752148B (en) | Management system and management method based on network element adaption subsystem | |
CN101212346B (en) | Software version management method and device for network element management system | |
CN106713024A (en) | Batch cluster node management method and system and computer cluster management node | |
WO2015154588A1 (en) | Serial port information transmission method, single board device and common single board | |
CN100410914C (en) | Method of remote controlling computer in different area via computer network | |
CN102035682A (en) | Remote control method of blade server | |
CN102866698A (en) | Human machine interface (HMI) redundant communication method for distributed control system controller | |
CN108268324A (en) | A kind of long-range multi-service management method and system | |
CN106533775A (en) | Virtual member equipment and neighbor discovery method | |
CN103036715A (en) | Method and device of equipment management and corresponding network management system | |
WO2015196694A1 (en) | Single-board log information storage method and system | |
CN101207509B (en) | System and method of implementation for independently translating business plate port speed | |
CN104125099A (en) | EPON (Ethernet passive optical network) system remote configuration management method | |
WO2012171381A1 (en) | Method, device and system for providing service module externally | |
CN100362811C (en) | Method for obtaining configuration information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120523 Termination date: 20170919 |
|
CF01 | Termination of patent right due to non-payment of annual fee |