CN117834345A - Rail transit control system, edge computing gateway, method and storage medium - Google Patents
Rail transit control system, edge computing gateway, method and storage medium Download PDFInfo
- Publication number
- CN117834345A CN117834345A CN202211202105.6A CN202211202105A CN117834345A CN 117834345 A CN117834345 A CN 117834345A CN 202211202105 A CN202211202105 A CN 202211202105A CN 117834345 A CN117834345 A CN 117834345A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- edge computing
- subscription
- computing gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000003860 storage Methods 0.000 title claims abstract description 11
- 238000002955 isolation Methods 0.000 claims abstract description 66
- 230000008859 change Effects 0.000 claims description 13
- 230000006870 function Effects 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 abstract description 13
- 238000004891 communication Methods 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 9
- 230000000875 corresponding effect Effects 0.000 description 9
- 230000000694 effects Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000001276 controlling effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides a track traffic control system, an edge computing gateway, a method and a storage medium, wherein the edge computing gateway comprises: the system comprises a message agent module, a safety isolation module, an industrial protocol driving module and a memory data pool; the industrial protocol driving module stores the data of the external subsystem in the memory data pool, and the message agent module receives the data subscription and release request of the industrial Internet platform and sends the data subscription and release request to the security isolation module; the security isolation module accesses the memory data pool and distributes the data to the industrial Internet platform through the message agency module. According to the embodiment, the security isolation module is arranged at the edge computing gateway, the security isolation is carried out in the process of releasing data by the message proxy, the industrial Internet platform is prevented from directly collecting data from the external subsystems, the information security of the memory data pool is ensured, meanwhile, a plurality of firewall ports are not required to be deployed at the external subsystem end, the vulnerability attacked by the network is not exposed, and the network security is improved.
Description
Technical Field
The present invention relates to the field of rail transit technologies, and in particular, to a rail transit control system, an edge computing gateway, a method, and a storage medium.
Background
In the technical scheme of the traditional track traffic control system, in order to exchange data between different levels, a TCP Client/Server mode is generally used by equipment in the track traffic system, and the mode forms a topology structure of the existing data in the industrial automation application program. The principle of this mode is that a server component can disclose a data access path for an application acting as a client, which accesses the data of the server through a standardized service. The TCP Client/Server mode is used to adopt a point-to-point communication mode, so that network security risks and network vulnerabilities exist.
Disclosure of Invention
The embodiment of the invention provides an industrial internet platform, a method and a storage medium for a rail transit system, which are used for solving the problems of network security risk and network loopholes existing in a point-to-point communication mode in the prior art architecture.
A first aspect of the present application provides an edge computing gateway, comprising: the system comprises a message agent module, a safety isolation module, an industrial protocol driving module and a memory data pool;
the industrial protocol driving module is used for communicating with an external subsystem and storing data of the external subsystem in the memory data pool;
the message agent module is used for receiving a data subscription and release request of the industrial Internet platform and sending the data subscription and release request to the security isolation module;
and the security isolation module accesses the memory data pool according to the data subscription and release request, and releases the data corresponding to the data subscription and release request to the industrial Internet platform through the message agency module.
A second aspect of the present application provides a rail traffic control system, including the edge computing gateway of the first aspect, an industrial internet platform, and an external subsystem, where the industrial internet platform is connected to the edge computing gateway, and the edge computing gateway is connected to the external subsystem.
A third aspect of the present application provides a control method of an edge computing gateway, where the edge computing gateway includes a security isolation module, the control method includes:
receiving a data subscription and release request of an industrial Internet platform, and sending the data subscription and release request to a security isolation module to enable the security isolation module to access a memory data pool;
and receiving data corresponding to the data subscription and release request, and releasing the data to the industrial Internet platform.
A fourth aspect of the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, performs the steps of the method according to the third aspect of the present invention.
The application provides a track traffic control system, an edge computing gateway, a method and a storage medium, wherein the edge computing gateway comprises: the system comprises a message agent module, a safety isolation module, an industrial protocol driving module and a memory data pool; the industrial protocol driving module stores the data of the external subsystem in the memory data pool, and the message agent module receives the data subscription and release request of the industrial Internet platform and sends the data subscription and release request to the security isolation module; the security isolation module accesses the memory data pool and distributes the data to the industrial Internet platform through the message agency module. According to the embodiment, the security isolation module is arranged at the edge computing gateway, the security isolation is carried out in the process of releasing data by the message proxy, the industrial Internet platform is prevented from directly collecting data from the external subsystems, the information security of the memory data pool is ensured, meanwhile, a plurality of firewall ports are not required to be deployed at the external subsystem end, the vulnerability attacked by the network is not exposed, and the network security is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of an edge computing gateway according to a first embodiment of the present application;
FIG. 2 is another schematic diagram of an edge computing gateway according to an embodiment of the present disclosure;
FIG. 3 is another schematic diagram of an edge computing gateway according to an embodiment of the present disclosure;
fig. 4 is a flowchart of a control method of an edge computing gateway according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The embodiment of the application provides an edge computing gateway, hardware equipment of the edge computing gateway can be an x86 high-performance main stream server, an industrial personal computer and a common PC, the edge computing gateway can be applied to a 'cloud-edge-end' three-in-one architecture, and the 'cloud-edge-end' is as follows: 1) And (3) end: mainly process control areas such as smart subways, smart parks, smart medical services, etc.; 2) Edges: an edge computing gateway; 3) Cloud: an industrial internet platform. The edge computing gateway receives the data subscription and release request and the instruction of the industrial Internet platform from the upper part, and the edge computing gateway is in butt joint with the external subsystem from the lower part through an industrial protocol to finish data acquisition of all the subsystems and output a control instruction. An edge computing gateway is provided to solve the problem that network security risks and network vulnerabilities exist due to a point-to-point communication mode adopted by a TCP Client/Server mode in a prior art architecture; an edge computing gateway is provided in a second embodiment of the present application, which solves the problem that the TCP Client/Server mode in the prior art architecture cannot be used in an untrusted network; the third embodiment of the application provides an edge computing gateway, which illustrates the process of issuing an industrial internet platform instruction; the fourth embodiment of the present application provides an edge computing gateway, in which an AMQP plug-in and an Http/Https plug-in are adopted in a message proxy module, and an OPC UA structure is adopted in a security isolation module to realize network security. The fifth embodiment of the application provides an edge computing gateway, which realizes that an industrial protocol driving module supports an industrial protocol. The sixth embodiment of the application provides a track traffic control system, which solves the problems of network security risk and network loopholes caused by adopting a point-to-point communication mode in a TCP Client/Server mode in the prior art architecture, and realizes the expansion of the architecture. The seventh embodiment of the application provides a control method of an edge computing gateway, and network security is improved by the control method.
In a first embodiment, as shown in fig. 1, there is provided an edge computing gateway 10 comprising: a message broker module 101, a security isolation module 102, an industrial protocol driver module 103, and a memory data pool 104;
the industrial protocol driving module 103 is used for communicating with the external subsystem 30, and storing the data of the external subsystem 30 in the memory data pool 104;
the message broker module 101 is configured to receive a data subscription publishing request of the industrial internet platform 20, and send the data subscription publishing request to the security isolation module 102;
the security isolation module 102 accesses the memory data pool 104 according to the data subscription and release request, and releases the data corresponding to the data subscription and release request to the industrial internet platform 20 through the message proxy module 101.
The industrial protocol driving module 103 communicates with the external subsystem 30 through a corresponding interface protocol, collects various data such as external device status, alarm, trend, etc., and then stores the collected data into the memory data pool 104. To achieve the above functionality, one or more industrial protocols are included within the industrial protocol driver module 103 to convert the data according to the industrial protocol loading of the external subsystem 30 being communicated.
The message proxy module 101, as a message proxy of the industrial internet platform 20, communicates with other modules of the edge computing gateway 10, is responsible for data transmission with the industrial internet platform 20, receives a data subscription and release request and an instruction of the industrial internet platform 20, performs a corresponding action, for example, enters a release state when receiving the data subscription and release request, and waits for receiving data to be released; and transmitting the instruction to a preset module when the instruction is received. In order to implement the above function, the message proxy module 101 may be a proxy plug-in, and the plug-in is provided with proxy protocols such as a message protocol, a transmission protocol, and a communication protocol.
The security isolation module 102 serves as a processing core of the edge computing gateway 10, accesses the memory data pool 104 according to the data subscription and release request sent by the message proxy module 101, forms a security isolation layer between the industrial internet platform 20 and the memory data pool 104, and the security isolation module 102 can release the data of the memory data pool 104 to the industrial networking platform and send the instruction sent by the message proxy to the external subsystem 30. In order to implement the above function, the security isolation module 102 may adopt a part of the structure in the OPC unified architecture, or may be a part of the structure in other communication architectures, such as SDK.
The first embodiment of the present application has the technical effects that: by arranging the security isolation module 102, security isolation is performed in the process of issuing data by the message proxy module, so that the industrial Internet platform 20 is prevented from directly collecting data from the external subsystems 30, the information security of the memory data pool 104 is ensured, a plurality of firewall ports are not required to be arranged at the external subsystems 30, and vulnerabilities attacked by a network are not exposed, and the network security is improved.
The second embodiment of the present application provides an edge computing gateway 10, and specifically describes a process of publishing data based on the first embodiment.
As a first embodiment, the process is as follows: the security isolation module 102 creates a monitoring item according to the data subscription and release request, and when the change of the subscription point of the data subscription and release request is monitored in real time, the point value change information of the subscription point is released to the industrial internet platform 20 through the message proxy module 101.
The manner in which the security isolation module 102 monitors the change of the subscription point may be to set a callback function, when the point value of the subscription point changes, the callback function is automatically triggered, and in the callback function, the point value change information is sent to a push queue for information release, so as to realize data release.
As a second embodiment, the process is as follows: the industrial internet platform 20 comprises a plurality of subscribers, and the message broker module 101 receives a plurality of data subscription publishing requests; the security isolation module 102 creates a monitoring item according to each data subscription and release request, and when the change of the subscription point of the data subscription and release request is monitored in real time, the point value change information of the subscription point is released to the subscriber corresponding to the subscription point through the message proxy module 101.
The present embodiment differs from the first embodiment in that: the industrial internet platform 20 has a plurality of subscribers, the security isolation module 102 sets monitoring items according to the request of each subscriber, and different subscribers can monitor the data in the range of the respective request through the security isolation module 102 and decide what kind of data to use.
The technical effects of the present embodiment are as follows: after the data of the field device is collected to the edge computing gateway 10, the data subscribers in the industrial internet platform 20 are connected with the safety isolation module 102, and the safety isolation module 102 sets monitoring items according to the request of each subscriber to conduct data publishing, so that the operation in an untrusted network can be realized, and the data access safety is improved.
An edge computing gateway 10 is provided in a third embodiment of the present application, and the process of issuing the instruction from the industrial internet platform 20 is described based on the first embodiment, where the process of issuing the instruction is as follows: the message proxy module 101 receives the instruction of the industrial internet platform 20, analyzes the instruction, and sends the analyzed instruction to the security isolation module 102; the security isolation module 102 sends the parsed instruction to the industrial protocol driving module 103; the industrial protocol driving module 103 obtains the corresponding protocol according to the parsed instruction, encapsulates the data frame according to the protocol, and sends the encapsulated data frame to the external subsystem 30.
The industrial internet platform 20 provides a browser man-machine interface for user operation, the user operation sends a message to the message proxy module 101 through the Server end of the industrial internet platform 20 in a command mode or a command automatically generated by the platform, the message proxy module 101 analyzes the message and sends the message to the security isolation module 102, the security isolation module 102 sends the command to the industrial protocol driving module 103, and the industrial protocol driving module encapsulates a data frame according to a protocol and sends the data frame to the external subsystem 30.
The technical effects of the embodiment are as follows: the instruction of the industrial internet platform 20 is sent to the external subsystem 30 through the analysis of the message proxy module 101, the transmission of the security isolation module 102 and the protocol conversion of the industrial protocol driving module 103, so that the data instruction is issued under the condition of ensuring the network security.
A fourth embodiment of the present application provides an edge computing gateway 10, as shown in fig. 2, and a specific implementation of a message broker module 101 and a security isolation module 102 is given on the basis of the first embodiment, where this implementation is only one of multiple implementations of the message broker module 101 and the security isolation module 102, and does not represent the only implementation.
As one implementation of the message broker module 101 and the security isolation module 102 in embodiment four, the message broker module 101 includes an AMQP plug-in 111 and an Http/Https plug-in 112; the security isolation module 102 includes an OPC UA PubSub bridge that includes OPC UA publishers 121 and OPC UA Subscriber122.
The AMQP (Advanced Message Queuing Protocol ) is an application layer standard advanced message queuing protocol for providing unified message service, is an open standard of the application layer protocol, and is designed for message oriented middleware. HTTP (Hyper Text Transfer Protocol ) is a simple request-response protocol that typically runs on top of TCP. OPC UA PubSub: the full name of OPC UA is OPC Unified Architecture (OPC unified architecture). Is a machine-to-machine network transmission protocol applied by OPC foundation in automation technology. Providing secure, reliable, and vendor-independent transfer of information implementing raw data and pre-processing from the manufacturing level to the production planning or ERP level. PubSub refers to data publish and subscribe, and through OPC UA PubSub technology, all the required information is available to each authorized application at any time, anywhere, and by each authorized person. This functionality is independent of the manufacturer's original application, programming language and operating system.
In this embodiment, the working procedure of the message broker module 101 and the security isolation module 102 for receiving a data subscription publishing request is as follows: the AMQP plugin starts a publishing function according to the data subscription publishing request; the Http/Https plug-in sends data subscription information to the security isolation module 102 according to the data subscription publication request. OPC UA publicher 121 receives the data subscription information, OPC UA Subscriber122 creates a monitoring item according to the data subscription information, and when OPC UA publicher 121 monitors that the subscription point of the data subscription information changes in real time, a callback function is triggered, and point value change information of the subscription point is pushed to a queue of MQTT in an AMQP plug-in to be published to industrial Internet platform 20.
The technical effects of the present embodiment are as follows: the OPC UA PubSub technology adopted at the edge computing gateway 10 serves as isolation between the industrial internet platform 20 and the external subsystem 30, and the industrial internet platform 20 cannot directly access the data collected from the external subsystem 30 through AMQP messages and Http protocols because the OPC UA PubSub serves as a "proxy" for data access. The subscription request issued by the AMQP agent is safely isolated through the OPC UA PubSub, so that the information security of the memory data pool 104 is ensured, the network security is ensured, and network vulnerabilities are avoided.
In this embodiment, the message broker module 101 and the security isolation module 102 issue instructions as follows: the AMQP plug-in 111 receives the instruction of the industrial Internet platform 20, analyzes the instruction, and sends the analyzed instruction to the OPC UA public 121; OPC UA publicher 121 sends the parsed instruction to OPC UA Subscriber122; OPC UA Subscriber122 sends the parsed instructions to the industrial protocol driver module 103.
The industrial internet platform 20 provides a browser man-machine interface for a user to operate, the user operates an instruction in an instruction mode or an instruction automatically generated by the platform to send a message to the AMQP plug-in 111 of the edge computing gateway 10 through the Server end of the industrial internet platform 20, the AMQP plug-in 111 analyzes the message, and invokes an OPC UA method to send the message to the OPC UA public 121, the OPC UA public 121 issues the instruction to OPC UA Subscriber, OPC UA Subscriber122, and then sends the instruction to the industrial protocol driving module 103, and finally the industrial protocol driving module 102 encapsulates a data frame according to a protocol and sends the data frame to the external subsystem 30 according to requirements.
The technical effects of the present embodiment are as follows: the instruction of the industrial internet platform 20 is sent to the external subsystem 30 through the analysis of the AMQP plug-in 111, the transmission of the OPC UA PubSub and the protocol conversion of the industrial protocol driving module 103, so that the data instruction is issued under the condition of ensuring the network security.
In the technical scheme of the embodiment, an OPC UA PubSub bridge is adopted as an information isolation gateway, so that the safety access of the industrial Internet platform 20 to the industrial field data is ensured, and meanwhile, the OPC UA PubSub can also support the connection of flow data or point cloud data to a cloud platform; supporting connection of OPC DA data to a cloud platform; lossless transmission is achieved in a hybrid connected link environment.
The technical scheme of the embodiment solves the most worry network security problem in the application of the industrial Internet in the industrial field, the OPC UA PubSub technology is an industrial 4.0 interconnection technical standard recommended by OPC foundation, the design goal of the OPC UA PubSub technology is to solve the problem of information transmission security and everything interconnection in the industrial 4.0 stage, through the configuration of the designated port in OPC UA PubSub communication, the traversing firewall is not a roadblock for OPC UA PubSub communication any more, the transmission performance is improved, the OPC UA PubSub ensures the privacy, confidentiality and integrity of data transmission through an end-to-end communication mechanism, and the risk that equipment on the Internet is attacked by hackers is effectively avoided.
The fifth embodiment of the present application provides an edge computing gateway 10, which adds a technical solution supporting an industrial protocol based on the first embodiment, and specifically, the industrial protocol driving module 103 stores one or more of Modbus TCP protocol, RTU protocol, IEC104 protocol, SNMP protocol, serial port protocol and CAN protocol.
The technical effects of the embodiment are as follows: in this embodiment, the industrial protocol driving module 103 supports industrial protocols, which satisfies the capability of the "industrial level" edge computing gateway 10. The method supports Modbus protocol, TCP protocol, RTU protocol, IEC104 protocol, SNMP protocol, serial port protocol, CAN protocol and the like which are mainstream in the industrial automation field, and meets industrial-level application.
As shown in fig. 3, the following specifically describes the application technical scheme through a specific working process:
the industrial protocol driving module 103 in the edge computing gateway 10 communicates with the external subsystem 30 through a corresponding interface protocol, collects various data, stores the collected data in the memory data pool 104, and waits for the data to be subscribed to the industrial internet platform 20.
When the main process of the edge computing gateway 10 starts to run, the OPC UA PubSub service and the AMQP service are started successively, and the initialization of the memory data pool 104 and other works are completed.
When the AMQP service is started, the AMQP pre-valued URL information is read, the communication connection with the AMQP server is started to be attempted, and the message subscription and release function is started.
An Http/Https connection is established between edge computing gateway 10 and industrial internet platform 20 to receive data information subscribed to by industrial internet platform 20 from edge computing gateway 10.
The edge computing gateway 10 and the industrial internet platform 20 mainly perform interactive data through information release and acceptance provided by AMQP, and in addition, data subscription is completed through an http/Https interface, and the data is obtained from the memory data pool 104 through OPC UA publicher through OPC UA Subscriber. Secure access to the memory data pool 104 is achieved via the OPC UA PubSub bridge.
The industrial internet platform 20 needs subscribed data points, the data points are sent to the OPC UA publishers from data subscription requests through AMQP messages and http/Https, monitoring items are created OPC UA Subscriber according to the subscription requests through data publishing and subscription mechanisms of the OPC UA PubSub bridge, the OPC UA publishers monitor point value changes of the subscribed points in real time, callback functions are automatically triggered when the changes occur, point value change information is transmitted to a queue of the MQTT in the callback functions, and then the messages are published to the industrial internet platform 20. The industrial internet platform 20 is used as a Server end of an AMQP plug-in and a Server end of an http protocol, receives the message transmitted by the edge computing gateway 10, and calls a human-computer interface of the industrial internet platform 20 to update interface change, thereby completing the process from the data generation source to the data presentation.
The industrial internet platform 20 provides a browser man-machine interface for user operation, the user operation sends a message to an AMQP plug-in of the edge computing gateway 10 via a Server end of the industrial internet platform 20 in a command mode or a command automatically generated by the platform, the message is parsed via the edge computing gateway 10, an OPC UA method is called to send the message to an OPC UA publicher, the OPC UA publicher issues the command to OPC UA Subscriber, OPC UA Subscriber, the command is then transmitted to an industrial protocol driver, and finally the industrial protocol driver encapsulates a data frame according to a protocol and sends the data frame to the external subsystem 30 as required.
The sixth embodiment of the present application provides a rail transit control system, as shown in fig. 1, including the edge computing gateway of the first to fifth embodiments, an industrial internet platform and an external subsystem, where the industrial internet platform is connected to the edge computing gateway, and the edge computing gateway is connected to the external subsystem.
For the number of edge computing gateways, the number of the edge computing gateways is at least two, one end of each edge computing gateway is connected with an industrial internet platform, and the other end of each edge computing gateway is connected with a different external subsystem.
And the plurality of edge computing gateways are connected in parallel between the industrial Internet platform and the external subsystems in a cascading mode through the edge computing gateways, so that the number of the external subsystems connected is increased.
The technical effects of the embodiment are as follows: by increasing the number of edge computing gateways, real-time collection of a large amount of data is satisfied, expansion of the architecture is realized, and the expandable architecture enables the architecture to be deployed in a large network, the edge computing gateway serves as a proxy between cloud and end, and thousands of devices can publish and subscribe data from the proxy.
An embodiment seven of the present application provides a method for controlling an edge computing gateway, where the edge computing gateway includes a security isolation module, as shown in fig. 4, including:
s101, receiving a data subscription and release request of an industrial Internet platform, and sending the data subscription and release request to a security isolation module to enable the security isolation module to access a memory data pool;
and S102, receiving data corresponding to the data subscription and release request, and releasing the data to an industrial Internet platform.
The execution body of the control method in this embodiment is a message proxy module, which is located in the edge computing gateway, and the edge computing gateway further includes a security isolation module, and other structures of the edge computing gateway, and specific structures of the message proxy module and the security isolation module are referred to in embodiments one to five, and are not described herein again.
The seventh technical effect of the embodiment of the application is that: through the intercommunication with the safety isolation module, safety isolation is carried out in the process of publishing data, the industrial Internet platform is prevented from directly collecting data from between external subsystems, the information safety of a memory data pool is guaranteed, meanwhile, a plurality of firewall ports are not required to be deployed at the external subsystem end, a vulnerability attacked by a network is not exposed, and the network safety is improved.
In one embodiment, a computer readable storage medium stores a computer program which when executed by a processor implements the method of controlling an edge computing gateway in the above embodiments.
Those skilled in the art will appreciate that a computer program implementing all or part of the above-described methods of the embodiments may be implemented by means of hardware associated with instructions of the computer program, and may be stored on a non-volatile computer readable storage medium, where the computer program, when executed, may include the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions.
The above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention.
Claims (12)
1. An edge computing gateway, comprising: the system comprises a message agent module, a safety isolation module, an industrial protocol driving module and a memory data pool;
the industrial protocol driving module is used for communicating with an external subsystem and storing data of the external subsystem in the memory data pool;
the message agent module is used for receiving a data subscription and release request of the industrial Internet platform and sending the data subscription and release request to the security isolation module;
and the security isolation module accesses the memory data pool according to the data subscription and release request, and releases the data corresponding to the data subscription and release request to the industrial Internet platform through the message agency module.
2. The edge computing gateway of claim 1, wherein the security isolation module creates a monitoring item according to the data subscription publishing request, and when detecting that a subscription point of the data subscription publishing request changes in real time, publishes point value change information of the subscription point to an industrial internet platform through the message proxy module.
3. The edge computing gateway of claim 1, wherein the industrial internet platform comprises a plurality of subscribers, the message broker module receiving a plurality of data subscription publication requests;
and the security isolation module creates a monitoring item according to each data subscription and release request, and when the change of the subscription point of the data subscription and release request is monitored in real time, the point value change information of the subscription point is released to the subscriber corresponding to the subscription point through the message proxy module.
4. The edge computing gateway of claim 1, wherein the message broker module receives instructions of an industrial internet platform, parses the instructions, and sends the parsed instructions to the security isolation module;
the safety isolation module sends the analyzed instruction to the industrial protocol driving module;
and the industrial protocol driving module acquires a protocol corresponding to the instruction according to the analyzed instruction, encapsulates the data frame according to the protocol and sends the encapsulated data frame to the external subsystem.
5. The edge computing gateway of claim 1, wherein the message broker module comprises an AMQP plug-in and an Http/Https plug-in;
the AMQP plug-in starts a publishing function according to the data subscription publishing request;
and the Http/Https plug-in sends data subscription information to the security isolation module according to the data subscription release request.
6. The edge computing gateway of claim 5, wherein the security isolation module comprises an OPC UA PubSub bridge, the OPC UA PubSub bridge comprising OPC UA publicher and OPC UA Subscriber, the OPC UA publicher receiving data subscription information, the OPC UA Subscriber creating a monitoring item according to the data subscription information, and pushing point value change information of a subscription point to a queue of MQTT in the AMQP plug-in to be published to the industrial internet platform when the OPC UA publicher monitors that a subscription point of the data subscription information changes in real time.
7. The edge computing gateway of claim 6, wherein the AMQP plug-in receives an instruction of an industrial internet platform, parses the instruction, and sends the parsed instruction to the OPC UA publicher;
the OPC UA Publisher sends the analyzed instruction to the OPC UA Subscriber;
the OPC UA Subscriber sends the parsed instruction to the industrial protocol driver module.
8. The edge computing gateway of claim 1, wherein the industrial protocol driver module stores one or more of Modbus TCP protocol, RTU protocol, IEC104 protocol, SNMP protocol, serial port protocol, and CAN protocol.
9. A rail transit control system comprising the edge computing gateway of any one of claims 1 to 8, an industrial internet platform, and an external subsystem, the industrial internet platform being connected to the edge computing gateway, the edge computing gateway being connected to the external subsystem.
10. The track traffic control system of claim 9, wherein the number of edge computing gateways is at least two, one end of each edge computing gateway being connected to the industrial internet platform, and the other end of each edge computing gateway being connected to a different external subsystem.
11. A method for controlling an edge computing gateway, wherein the edge computing gateway comprises a security isolation module, the method comprising:
receiving a data subscription and release request of an industrial Internet platform, and sending the data subscription and release request to a security isolation module to enable the security isolation module to access a memory data pool;
and receiving data corresponding to the data subscription and release request, and releasing the data to the industrial Internet platform.
12. A computer readable storage medium storing a computer program, which when executed by a processor performs the steps of the method according to claim 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211202105.6A CN117834345A (en) | 2022-09-29 | 2022-09-29 | Rail transit control system, edge computing gateway, method and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211202105.6A CN117834345A (en) | 2022-09-29 | 2022-09-29 | Rail transit control system, edge computing gateway, method and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117834345A true CN117834345A (en) | 2024-04-05 |
Family
ID=90516109
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211202105.6A Pending CN117834345A (en) | 2022-09-29 | 2022-09-29 | Rail transit control system, edge computing gateway, method and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117834345A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111142487A (en) * | 2019-12-30 | 2020-05-12 | 浪潮通用软件有限公司 | Equipment data acquisition system based on OPC UA unified architecture protocol |
| CN112637198A (en) * | 2020-12-22 | 2021-04-09 | 辽宁大学 | Multi-protocol self-adaption module design method based on OPC UA PubSub |
| CN115086379A (en) * | 2022-07-20 | 2022-09-20 | 云宏信息科技股份有限公司 | Numerical control machine tool data acquisition method based on edge calculation and virtualization technology |
-
2022
- 2022-09-29 CN CN202211202105.6A patent/CN117834345A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111142487A (en) * | 2019-12-30 | 2020-05-12 | 浪潮通用软件有限公司 | Equipment data acquisition system based on OPC UA unified architecture protocol |
| CN112637198A (en) * | 2020-12-22 | 2021-04-09 | 辽宁大学 | Multi-protocol self-adaption module design method based on OPC UA PubSub |
| CN115086379A (en) * | 2022-07-20 | 2022-09-20 | 云宏信息科技股份有限公司 | Numerical control machine tool data acquisition method based on edge calculation and virtualization technology |
Non-Patent Citations (1)
| Title |
|---|
| "OPC Unified Architecture Specification Part 14: PubSub Release 1.04", 6 February 2018, pages: 16 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109559258B (en) | Educational resource public service system | |
| EP2378741B1 (en) | Systems and Methods for Conducting Communications Among Components of Multidomain Industrial Automation System | |
| CN112104754B (en) | Network proxy method, system, device, equipment and storage medium | |
| US9172765B2 (en) | Polling-based secure network message notification system and method with performance enhancing features | |
| EP3267649B1 (en) | Method and industrial computing apparatus for performing a secure communication | |
| CN112613024A (en) | Data interaction method, device and system and storage medium | |
| EP2378716A2 (en) | Systems and methods for conducting communications among components of multidomain industrial automation system | |
| Boyd et al. | Building Real-time Mobile Solutions with MQTT and IBM MessageSight | |
| US9871848B1 (en) | Integration engine for communications between source and target applications | |
| US10887408B2 (en) | Remote monitoring of network communication devices | |
| CN101404630B (en) | Method and system for implementing internet service access gate | |
| CN107317802A (en) | A kind of generating date dissemination system based on SOA and DDS | |
| EP2869530B1 (en) | Systems and methods for secure remote access | |
| US10432448B2 (en) | Systems and methods for stream-based, protocol-agnostic messaging | |
| US9306915B2 (en) | Systems and methods for secure file transfers | |
| Church et al. | Moving SCADA systems to IaaS clouds | |
| CN113556387A (en) | Edge gateway control method, system, device, electronic equipment and storage medium | |
| Machidon et al. | Remote SoC/FPGA platform configuration for cloud applications | |
| CN117834345A (en) | Rail transit control system, edge computing gateway, method and storage medium | |
| CN112492055A (en) | Method, device and equipment for redirecting transmission protocol and readable storage medium | |
| JP5206995B2 (en) | Network monitoring system, server device, and network monitoring method | |
| CN113810264A (en) | Information transmission method and device, electronic equipment and storage medium | |
| JP5035286B2 (en) | Bus-type message exchange system, bus-type message exchange method and program | |
| CN114189532B (en) | Mass connection control strategy and instruction distribution method | |
| CN108737525A (en) | A kind of Web service system based on REST frameworks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |