CN101677275B - System and method of managing network element authority - Google Patents

System and method of managing network element authority Download PDF

Info

Publication number
CN101677275B
CN101677275B CN2008102161784A CN200810216178A CN101677275B CN 101677275 B CN101677275 B CN 101677275B CN 2008102161784 A CN2008102161784 A CN 2008102161784A CN 200810216178 A CN200810216178 A CN 200810216178A CN 101677275 B CN101677275 B CN 101677275B
Authority
CN
China
Prior art keywords
network element
veneer
configuration file
module
master control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2008102161784A
Other languages
Chinese (zh)
Other versions
CN101677275A (en
Inventor
杨帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2008102161784A priority Critical patent/CN101677275B/en
Priority to PCT/CN2008/073874 priority patent/WO2010031234A1/en
Publication of CN101677275A publication Critical patent/CN101677275A/en
Application granted granted Critical
Publication of CN101677275B publication Critical patent/CN101677275B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • H04L41/0856Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information by backing up or archiving configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a system and a method of managing the network element authority. The system of managing the network element authority comprises a network element management side and a network element side which is connected with the network element management side. The network element management side is provided with a user password setting module, a login password setting module and a data configuring module, wherein the user password setting module is used for setting user password message, the login password setting module is used for logging in the password, and the data configuring module is used for converting the user password message into a user password configuring file. The network element side is provided with a database component and an authenticating module, wherein the database component is used for storing the user password configuring file, and the authenticating module is used for authenticating the network element login password and the user password configuring file. The system and the method of managing the network element authority are safer because the authenticating module is arranged on the network element side, and the network element side and the database component thereof are not arranged in the local site.

Description

A kind of managing network element authority system and method
Technical field
The present invention relates to the communications field, in particular, a kind of managing network element authority system and method.
Background technology
Present communications industry high speed development, it is huge day by day that communication network becomes.Operator need manage hundreds of in same supervising the network simultaneously, even thousands of communication equipments, and along with the continuous development of operator, the continuous surge of customer volume is constantly increased the management quantity and the NE management security requirement of network element device.
In network management framework; By Element management system network element is managed; According to the regulation in the TDS0225 People's Republic of China (PRC) communication industry standard, the six functions that Element management system need possess: safety management function, alarm management function, performance management function, system management function, configuration management function, topology management function.The realization of network element safety is following in the prior art:
At first NE management side (being Element management system) is provided with user cipher; Then, network element side (promptly controlling veneer) is sent the request that connects to the NE management side; After connecting foundation, the NE management side joint is received local management user's login password, accomplishes network element authority information authentication (being also referred to as authentication) in the NE management side, behind the network element authority information authentication success network element is managed.
The problem that exists in the prior art is: the authentication of network element authority information is carried out in the NE management side, because NE management side and database are installed in this locality, fail safe is low.In addition, when the NE management authority is set, be merely able at one time single network element is provided with the NE User password,, the NE User password be set one by one, inefficiency for thousands of network elements in the Element management system.
Therefore, also there is defective in prior art, awaits improving and development.
Summary of the invention
The technical problem that the present invention solves provides a kind of managing network element authority system and method, and this system and method can improve the fail safe of managing network element authority.
For solving the problems of the technologies described above, the present invention adopts following scheme:
A kind of managing network element authority system, the network element side that comprises the NE management side and be attached thereto, this NE management side is provided with: be respectively applied for that the user cipher that user cipher message and login password are set is provided with module and login password is provided with module; Be used for said user cipher message is converted into the data configuration module of user cipher configuration file; This network element side is provided with the master control veneer and controls veneer accordingly fully with said master control veneer, and said master control veneer comprises: the database member that is used to store said user cipher configuration file; Be used for said network element login password and said user cipher configuration file are carried out the authentication module of authentication; The said veneer of controlling fully is used to preserve said user cipher configuration file.
Described system, wherein, said network side also comprises with said master control veneer controls veneer accordingly fully, is used to preserve said user cipher configuration file.
Described system, wherein, said master control veneer and the corresponding with it said veneer of controlling fully all are provided with active and standby control board data simultaneous module, are used for the said user cipher configuration file that said master control veneer is preserved write controlling veneer accordingly fully.
Described system, wherein, said authentication module is arranged in the said database member.
The present invention also provides a kind of managing network element authority method, may further comprise the steps: S1, NE management side joint are received the user cipher message, and after converting configuration file into, are saved to the network element side; Said configuration file is saved to the master control veneer of network element side and controls veneer fully; S2, said network element side are received login password from said NE management side joint, and this login password and said configuration file are carried out authentication.
Described method, wherein, said step S1 comprises: said configuration file is saved to one or more selected master control veneers.
Described method, wherein, said step S1 comprises: said master control veneer is synchronized to said configuration file and controls veneer accordingly fully.
Compared with prior art, managing network element authority system and method for the present invention through authentication module being arranged on the network element side, is not arranged on this locality because of network element side and database member thereof again, has therefore improved fail safe, in addition, native system simple in structure, reliability is high; In practical application, implement simply have actual application value.
Description of drawings
Fig. 1 is the realization block diagram of managing network element authority of the present invention system;
Fig. 2 is the realization block diagram of managing network element authority system and method for the present invention;
Fig. 3 is the schematic flow sheet of managing network element authority method of the present invention.
Embodiment
Below in conjunction with embodiment and accompanying drawing the present invention is described in further detail.
Managing network element authority system and method for the present invention is for realizing improving the purpose of fail safe; The technology of mainly taking is that authentication module is arranged on the network element side; Network element side and database member thereof are not arranged on this locality like this, and then realize improving the purpose of fail safe, and are provided with the building blocks of function that issues to a plurality of master control veneer partition of network element side; Realized a plurality of master control veneers are write password, improved efficient.
As depicted in figs. 1 and 2, managing network element authority of the present invention system comprises interconnective NE management side and network element side;
The network element side adopts Element management system 100, comprising: NE User password setting module 110 (be called for short user cipher module is set), network element login password are provided with module 120 (be called for short login password module is set), network element data configuration module 130, building blocks of function 140;
The network element side comprises a master control veneer 200 at least; Master control veneer 200 comprises: network element interface module 210, database member 220, authentication module 230.
User cipher is provided with module 110 and is used to be provided with the user cipher message, comprising unit 111 being set and revising unit 112, unit 111 is set is used for the user cipher message is provided with, and revises unit 112 and is used for the user cipher message is made amendment; Login password is provided with module 120 and is used to be provided with login password; Network element data configuration module 130 is used for converting the user cipher message into the user cipher configuration file; And the user cipher configuration file write database member 220; Network element data configuration module 130 comprises converting unit 131 and writing unit 132; Converting unit 131 is used for converting the user cipher message into the user cipher configuration file, and writing unit 132 is used for the user cipher configuration file is write database member 220; When network side had a plurality of master control veneer 100, building blocks of function 140 was used for said user cipher configuration file split and is issued to selected master control veneer 100.
Network element interface module 210 is used to provide internally and external interface, is responsible for interface conversion; Database member 220 is used to store said user cipher configuration file; Authentication module 230 is used for the user cipher configuration file of network element login password and database member 220 stored is carried out authentication.As preferably, can authentication module 230 be integrated in the inside of database member 220.
Master control veneer 200 in this execution mode; Initial configuration to network element is provided, receives the order of webmaster side and analyze, through the intercommunication interface to each veneer issuing command of network element; Carry out corresponding operating, the reporting message with each veneer is transmitted to the webmaster side simultaneously; Database member 220 is responsible for the access of interface command to database table, database management function.During work, the network element login password of user's input is consistent with the password in being kept at network element master control veneer database member, the authentication success, and the demonstration network element is successfully logined in network management topological figure; Failed authentication sends the chain rupture message by the network element interface module to webmaster, and the network element in the webmaster shows the login failure information, and network element connects disconnection; Through this system, can the NE User password be carried out authentification of message in the network element side, can carry out many NE User password setting, network element authority authentication simultaneously, improved NE management efficient, increased the fail safe of NE management.
Further, network side also comprises with master control veneer 200 controls veneer 300 accordingly fully, controls veneer 300 fully and is used to preserve said user cipher configuration file.Master control veneer 200 and control veneer 300 with it accordingly fully and all be provided with active and standby control board data simultaneous module 400; Be used for the user cipher configuration file that master control veneer 200 is preserved write and control veneer 300 accordingly fully, consistent to realize active and standby control veneer NE User code data.
The structure that is equipped with Be Controlled veneer 300 is identical with master control Be Controlled veneer 200, controls fully in the veneer 300 also to comprise: control fully veneer network element interface module 210, fully control veneer database member 220, control veneer authentication module 230 fully.This design of Be Controlled veneer makes the network element side form the single-chip protection function of master control veneer and subsequent use control veneer one-plus-one, realizes the master control veneer, controls single-chip protection mechanism fully.
The present invention also provides a kind of managing network element authority method, and is as shown in Figure 3, may further comprise the steps:
10, the NE management side joint is received the user cipher message, and after converting configuration file into, is saved to the network element side; This step comprises:
11, NE User password (hereinafter to be referred as user cipher) is set; This flow process may further include the step of revising user cipher, when revising user cipher, has limited the login user information of having only NMS user can revise network element, and this step has limited and can only revise the operated network element of current login user.
12, whether break and be issued to the network element that the user selectes; Be execution in step 13 then, otherwise execution in step 14;
13, carry out partition and be issued to the network element that the user selectes, the NE User password is issued to selected a plurality of network element devices, execution in step 15;
14, carry out to be regardless of to pull down and be dealt into each element of installation, the NE User password is issued to the single network element device of appointment, execution in step 15;
15, building blocks of function is provided with the user cipher message that module issues with user cipher, converts configuration file into, and writes network element master control veneer database member.
Step 12 is to 14 when using, and the user can select to carry out single NE User password setting according to actual needs voluntarily or many NE User password is provided with simultaneously; The setting of many network elements, building blocks of function are with NE User password setting message, and partition is issued to the network element that the user selectes.This design can improve efficient simultaneously a plurality of network elements being provided with the NE management authority at one time.
20, said network element side is received login password from said NE management side joint, and this login password and said configuration file are carried out authentication.
21, the user imports the network element login password;
22, after master control borad is received this order, carry out authentication, judge whether this network element allows to insert according to the configuration file of user cipher.Carry out authentication promptly,, judged whether the execution authority according to the comparing result of login password and configuration file; Consistent authentication success, the execution in step 23 of then being judged as of login password with configuration file; Otherwise execution in step 30;
23, the execution authority is arranged, i.e. inquiry or configuration operation to this network element are carried out in authentication success; If NE User password configuration file is an initial condition is empty, then can login network element; This step may further include following processing:
24, carry out Telnet inquiring user password, two kinds of results of this generating step, if success then execution in step 25, otherwise redirect finishes, and directly logs off;
25, carry out Telnet inquiring user password, the password for inquiry success.
26, the active and standby control board NE User code data of execution is synchronous; Two kinds of results of this generating step, if success then execution in step 27, otherwise redirect finishes, and directly logs off;
27, carry out active and standby control board user cipher data sync, with the user cipher data sync between the active and standby control board.The user cipher configuration file that master control veneer 200 is preserved writes controls veneer 300 accordingly fully, consistent to realize active and standby control veneer NE User code data.This design makes the network element side form the single-chip protection function of master control veneer and subsequent use control veneer one-plus-one, realizes the master control veneer, controls single-chip protection mechanism fully.
30, do not carry out authority, return failed authentication information to webmaster side, redirect finishes, and returns error code " failed authentication does not allow login ".
The present invention provides a kind of managing network element authority system and method; Can the NE User password be carried out authentification of message in the network element side; And can carry out many NE User password setting, network element authority authentication simultaneously; Improved efficient, the present invention transmits network management technical specification-EMS systemic-function to the communication industry standard SDH of the TDS0225 People's Republic of China (PRC), and the network element safety management function expands.In addition, native system simple in structure, reliability is high; In practical application, implement simply have actual application value.
Should be understood that; The above embodiment that provides is just to explanation of the present invention; And be not to be understood that and be limitation of the present invention, to those skilled in the art, can improve or conversion according to above-mentioned explanation; And all these improve and conversion all should be disclosed principle and characteristic, all belong to protection scope of the present invention.

Claims (6)

1. managing network element authority system, the network element side that comprises the NE management side and be attached thereto,
This NE management side is provided with: be respectively applied for that the user cipher that user cipher message and login password are set is provided with module and login password is provided with module; Be used for said user cipher message is converted into the data configuration module of user cipher configuration file;
It is characterized in that this network element side is provided with the master control veneer and controls veneer accordingly fully with said master control veneer, said master control veneer comprises: the database member that is used to store said user cipher configuration file; Be used for said network element login password and said user cipher configuration file are carried out the authentication module of authentication; The said veneer of controlling fully is used to preserve said user cipher configuration file.
2. system according to claim 1; It is characterized in that; Said master control veneer and the corresponding with it said veneer of controlling fully all are provided with active and standby control board data simultaneous module, are used for the said user cipher configuration file that said master control veneer is preserved write controlling veneer accordingly fully.
3. system according to claim 1 is characterized in that, said authentication module is arranged in the said database member.
4. managing network element authority method may further comprise the steps:
S1, NE management side joint are received the user cipher message, and after converting configuration file into, are saved to the network element side; Said configuration file is saved to the master control veneer of network element side and controls veneer fully;
S2, said network element side are received login password from said NE management side joint, and this login password and said configuration file are carried out authentication.
5. method according to claim 4 is characterized in that, said step S1 comprises: said configuration file is saved to one or more selected master control veneers.
6. method according to claim 4 is characterized in that, said step S1 comprises: said master control veneer is synchronized to said configuration file and controls veneer accordingly fully.
CN2008102161784A 2008-09-19 2008-09-19 System and method of managing network element authority Expired - Fee Related CN101677275B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2008102161784A CN101677275B (en) 2008-09-19 2008-09-19 System and method of managing network element authority
PCT/CN2008/073874 WO2010031234A1 (en) 2008-09-19 2008-12-30 System and method for managing network element right

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008102161784A CN101677275B (en) 2008-09-19 2008-09-19 System and method of managing network element authority

Publications (2)

Publication Number Publication Date
CN101677275A CN101677275A (en) 2010-03-24
CN101677275B true CN101677275B (en) 2012-05-23

Family

ID=42029699

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008102161784A Expired - Fee Related CN101677275B (en) 2008-09-19 2008-09-19 System and method of managing network element authority

Country Status (2)

Country Link
CN (1) CN101677275B (en)
WO (1) WO2010031234A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752780A (en) * 2012-06-11 2012-10-24 中兴通讯股份有限公司 Method and device for managing system user
CN103078757B (en) * 2013-01-04 2016-06-15 中兴通讯股份有限公司 Based on the network element managing method and system of near-field communication, inspection terminal, webmaster and network element device
CN112671565B (en) * 2020-12-16 2023-02-21 中盈优创资讯科技有限公司 5G core network topology discovery method and device based on signaling link
CN114500034B (en) * 2022-01-24 2023-01-31 北京新桥信通科技股份有限公司 Data service security management and control method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018155A (en) * 2007-02-08 2007-08-15 华为技术有限公司 Network element management method, system and network element
CN101197711A (en) * 2007-12-06 2008-06-11 华为技术有限公司 Method, device and system for implementing unified authentication management
CN101247239A (en) * 2008-03-10 2008-08-20 中兴通讯股份有限公司 Authenticated authorization accounting system and implementing method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018155A (en) * 2007-02-08 2007-08-15 华为技术有限公司 Network element management method, system and network element
CN101197711A (en) * 2007-12-06 2008-06-11 华为技术有限公司 Method, device and system for implementing unified authentication management
CN101247239A (en) * 2008-03-10 2008-08-20 中兴通讯股份有限公司 Authenticated authorization accounting system and implementing method thereof

Also Published As

Publication number Publication date
WO2010031234A1 (en) 2010-03-25
CN101677275A (en) 2010-03-24

Similar Documents

Publication Publication Date Title
EP3010114B1 (en) Method for controlling automatic identification of application network topology by power distribution network
CN103108262B (en) The method of optical network unit configuration file upgrading in GPON system
CN103281197A (en) ForCES configuration method based on NETCONF
CN106027287B (en) Unified management and control platform of power distribution communication network
CN101677275B (en) System and method of managing network element authority
CN101150451B (en) A monitoring system for single board status of network device and its monitoring method
USRE46770E1 (en) Computer managing method
CN106453541A (en) Data synchronization method, server and data synchronization system
CN103378979A (en) Passive optical network management method, device and system
CN101958939A (en) Automatic distribution method and system for multi-machine communication node equipment key address
CN102752148B (en) Management system and management method based on network element adaption subsystem
CN101212346B (en) Software version management method and device for network element management system
CN106713024A (en) Batch cluster node management method and system and computer cluster management node
WO2015154588A1 (en) Serial port information transmission method, single board device and common single board
CN100410914C (en) Method of remote controlling computer in different area via computer network
CN102035682A (en) Remote control method of blade server
CN102866698A (en) Human machine interface (HMI) redundant communication method for distributed control system controller
CN108268324A (en) A kind of long-range multi-service management method and system
CN106533775A (en) Virtual member equipment and neighbor discovery method
CN103036715A (en) Method and device of equipment management and corresponding network management system
WO2015196694A1 (en) Single-board log information storage method and system
CN101207509B (en) System and method of implementation for independently translating business plate port speed
CN104125099A (en) EPON (Ethernet passive optical network) system remote configuration management method
WO2012171381A1 (en) Method, device and system for providing service module externally
CN100362811C (en) Method for obtaining configuration information

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120523

Termination date: 20170919

CF01 Termination of patent right due to non-payment of annual fee