Background
With the increasing informatization degree of various organizations such as governments, enterprises and the like. The size of IT networks, particularly TCP/IP networks, that provide informational support for the operation of various organizations is also expanding.
In conventional network management work, there are generally the following problems:
1. almost all network equipment such as routers, switches and the like are configured in a manual command line mode, so that the network management work comprises a large amount of tedious and repeated manual labor, and the management efficiency is low;
2. moreover, the maintenance and configuration of network equipment such as a router, a switch and the like have higher requirements on personnel, and IT maintenance personnel serving as non-business personnel of various mechanisms cannot be equipped in large quantities, so the IT maintenance work of various mechanisms is often in a state of manual tension and high working pressure of personnel;
3. because different manufacturers, even different models and versions of equipment exist in the TCP/IP network, the commands are different; in addition, in the use of the TCP/IP network, the configuration of the network device is frequently changed due to various safety and service change reasons, so that a large number of redundant and even contradictory network device configuration items are easily accumulated, and great troubles are brought to daily maintenance;
4. manual command line approaches typically lack a configuration backup and management mechanism; therefore, when the network is abnormal, the rapid recovery cannot be realized, and the use of the service part on the network is further influenced.
The core of the organization is to concentrate on the business and the industry of the organization, the requirement of protecting the sensitive data of the network is gradually improved along with the deepening of the dependence of various organizations such as governments, enterprises and the like on the network, and network personnel are under increasing pressure and face stricter auditing responsibility of network specifications. Meanwhile, errors are easy to occur in the traditional network configuration mode, and as many as 90% of network problems can be attributed to configuration errors (Enterprise Management Associates of IT consulting company). Therefore, how to effectively manage the configuration and maintenance of network devices such as routers and switches is a problem that needs to be solved urgently.
SUMMERY OF THE UTILITY MODEL
The utility model provides a network management equipment based on WEB, the device mountable is in the TCP/IP network that needs were managed to reduce or avoid the aforementioned problem.
In order to solve the above problem, the utility model provides a network management equipment based on WEB, it is arranged in managing the network equipment in the TCP/IP network, and it includes, is used for saving different producers the driver server of network equipment's script driver package, respectively with driver server and what network equipment connects is used for managing, configuring network equipment's function server, with what function server connects is used for providing WEB interactive interface's presentation server, with the management client who has the browser that supports flash that presentation server connects.
Preferably, the function server comprises a device discovery module.
Preferably, the function server includes an apparatus information acquisition module.
Preferably, the function server comprises a configuration management module.
Preferably, the function server includes a task management module.
Preferably, the function server includes a report management module.
Preferably, the function server comprises an identity authentication module.
Preferably, the WEB-based network management device further includes an authentication server connected to the function server.
The utility model provides a network management equipment based on WEB, it carries out centralized management through the network equipment to in the TCP/IP network, has greatly reduced the repetitive labor that managers dispose network equipment, has greatly improved network management work efficiency; in addition, configuration errors of network equipment are effectively reduced, network robustness is improved, the network management operation and maintenance level is improved, meanwhile, due to the fact that the control capability of the network equipment is improved, the network fault repair rate is improved, network availability is improved, and operation and maintenance cost is greatly reduced.
Detailed Description
In order to clearly understand the technical features, objects, and effects of the present invention, embodiments of the present invention will be described with reference to the accompanying drawings. Wherein like parts are given like reference numerals.
The structure and the principle of a WEB-based network management device according to the present invention will be described in detail with reference to the accompanying drawings.
Fig. 1 is a schematic structural diagram of a WEB-based network management device according to an embodiment of the present invention. As shown in fig. 1, the utility model provides a network management equipment 10 based on WEB, it is arranged in managing network equipment 1 in the TCP/IP network, it includes, be used for storing different producers the driver server 2 of network equipment 1's script driver package, respectively with driver server 2 and the function server 3 that is used for managing, configuration network equipment 1 that network equipment 1 is connected, with the presence server 4 that is used for providing WEB interactive interface that function server 3 is connected, with the management client 5 that has the browser that supports flash that presence server 4 is connected.
In order to perform unified centralized management on network devices 1 such as routers, switches, firewalls and the like of different manufacturers, different versions and different models in a TCP/IP network, it is necessary to collect script driver packages for the network devices 1 such as routers, switches, firewalls and the like of different manufacturers, different versions and different models according to IEEE standards or information and other data provided by each manufacturer, and each driver package supports at least one manufacturer or one series of networks or security devices. The core of each driver package may be a set of perl scripts and xml files, where xml defines the structure of the driver, and perl scripts are used to help implement the interaction with the managed network device 1. The access modes or protocols supported by the driver package may include: CLI (telnet/ssh), tftp, ftp, scp, snmp, https, http, and the like, which are stored in the drive server 2.
The function server 3 may retrieve information of the driver package from the driver server 2, and further manage the network device 1 in the TCP/IP network. Taking CLI method as an example, when the function server 3 needs to manage the network device 1, the driver package corresponding to the network device 1 is called from the driver server 2, management parameters are defined by xml, the management parameters are automatically logged in the network device 1 in a manner of telnet or ssh through a perl script, after a command is sent to the network device 1, feedback of the network device 1 is waited, and the perl script can determine the processing logic of the next step by identifying character string data (VTY) fed back by the network device 1. The mode completely simulates the operation mode of manual login and management equipment, and can realize configuration and change management on any network equipment 1. Therefore, network managers do not need to log in each network device 1 manually for management, the repeated labor of the managers for configuring the network devices is greatly reduced, and the working efficiency of network management is greatly improved.
In order to make the network administrator not limited by the operating system and the management tool of the terminal used, the presentation server 4 converts the control interfaces of the functions of the function server 3 into a web mode, and transmits and displays the web mode, so that on one hand, the information display and interaction can be flexibly realized by using the flash mode, and on the other hand, the management client 5 (such as a webmaster pc) does not need to install any program when in use, as long as a browser supporting flash is available, and common browsers such as IE and Firefox at the present stage support flash, so that the management client 5 does not have compatibility problem. Therefore, network managers can realize management on any management client 5 connected with the presentation server 4 through a web interface, the management mode of the managers is simplified, the professional requirements on the management equipment are met, the control capability on the network equipment 1 is effectively improved, and the operation and maintenance cost is greatly reduced.
In a preferred embodiment, the function server 3 comprises a device discovery module. The device discovery module can be a hard disk or an SD card, and can also be an integrated board card. When the network device 1 to be managed is added through the device discovery module, a manual mode can be adopted, namely, a manager inputs a management IP address of the network device 1 and selects a proper driver package; the addition can also be performed in an automatic discovery manner, that is, parameter information such as an IP range and a network segment can be specified, the device discovery module performs traversal query on the parameter information such as the specified IP range and the network segment, and calls possible information of the network device 1 through protocols such as SNMP, and then automatically selects a suitable driver package from the driver server 2 to implement the addition to the network device 1.
In addition, the device discovery module may also provide a "seed" discovery mode, that is, one or several network devices 1 (e.g. core switches) are used as a "seed", and through the ARP table, MAC table, interface, CDP, etc. of these network devices 1, other online network devices 1 are discovered, and then an appropriate driver package is automatically selected from the driver server 2 to implement the addition to the network device 1. The "seed" mode makes the discovery procedure targeted, and enables fast and accurate finding of the network devices 1 that are online in the network.
In a preferred embodiment, the function server 3 includes a device information acquisition module. The device information acquisition module can be a hard disk or an SD card, and can also be an integrated board card. The network device 1 can automatically acquire information such as basic system information, an ARP table, a port table, a routing table and the like from the network device 1 by using protocols such as SNMP, Sflow, CFlow, Netflow and the like. Therefore, the network can be effectively supervised by the management personnel conveniently.
In a preferred embodiment, the function server 3 comprises a configuration management module. The configuration management module can be a hard disk or an SD card, and can also be an integrated board card. Thus, the management personnel can conveniently implement operations such as configuration backup, configuration comparison, configuration change, configuration rollback and the like on the network device 1 in batch. For example: the start/Saved and Running/Current configurations of the network device 1 can be automatically backed up; row-to-row comparisons (may be performed in a wrong row comparison) may be performed for any configuration file of different network devices 1; the configuration of different time points before and after the same network device 1 can be compared in a row-to-row manner; the same said network device 1Startup/Saved and Running/Current can be compared; when the network device 1 is configured and backed up, the configuration difference can be automatically identified, and only the changed configuration is backed up again; a specified historical start/Saved configuration may be uploaded to the network device 1 (configuration rollback); any edited configuration file may be uploaded to the network device 1 as the Startup/Saved configuration of the network device 1.
In a preferred embodiment, the function server 3 comprises a task management module. The task management module can be a hard disk or an SD card, and can also be an integrated board card. The task management module may define the foregoing management work as a task, and may select to run immediately when executing a task, or may create an operation plan in the task management module, and execute operations for a set range of the network device 1 according to a set period and time. Whether an immediately running task or a scheduled task may be allowed to run in the background and any number of tasks may be allowed to run concurrently. Therefore, the network management efficiency can be greatly improved.
In the task management module, the scope of the network device 1 may be allowed to be defined dynamically, and the search condition supports operations such as wildcard character (, for example, the scope of the network device 1 may be set to manage IP address "192.168.0"), and when a new device conforming to this rule is added, the task management module may start to execute the task on the new device in the next cycle. The task management module may also provide for setting dynamic range conditions for attributes such as management IP address, port IP address, OS version, model, device name, label, and the like. That is, the task management module can provide a very flexible planning mechanism and is simple and easy to use. Each plan allows multiple triggers to be defined. The trigger can be once, daily, weekly or monthly, or a cron table expression can be directly set, and the trigger can also define the effective starting time and the effective ending time.
Therefore, the repetitive labor of the administrator for configuring the network equipment is greatly reduced, and the network management working efficiency is greatly improved; in addition, configuration errors of network equipment can be effectively reduced, the network robustness is improved, the network management operation and maintenance level is improved,
in a preferred embodiment, the function server 3 includes a report management module. The report management module can be a hard disk or an SD card, and can also be an integrated board card. The report form counting system can provide rich, convenient and fast report forms, carries out report form counting on management work of management personnel, and can set the report forms into a task plan and generate the report forms regularly. The report management module can provide a report format in a pdf or html mode, and can support Email mass-sending of reports, including automatically sending report files as attachments to a plurality of Email mailboxes, or sending only links of reports. Therefore, management personnel can report the management work to the leader conveniently in time.
In a preferred embodiment, the function server 3 comprises an identity authentication module. The identity authentication module can be a hard disk or an SD card, and can also be an integrated board card. It can be used to perform control level restrictions on different administrators, so that different administrators can only manage the network device 1 within the scope of authority.
In a preferred embodiment, the WEB-based network management device 10 further includes an authentication server 6 connected to the function server 3. The authentication server 6 may be an AAA server, so that a unified authentication system (e.g., ACS) can be conveniently deployed, and when necessary, the user authentications of the network device 1 are all directed to the AAA server, thereby further enhancing the security of the management of the network device 1.
The utility model provides a network management equipment based on WEB, it carries out centralized management through the network equipment to in the TCP/IP network, has greatly reduced the repetitive labor that managers dispose network equipment, has greatly improved network management work efficiency; in addition, configuration errors of network equipment are effectively reduced, network robustness is improved, the network management operation and maintenance level is improved, meanwhile, due to the fact that the control capability of the network equipment is improved, the network fault repair rate is improved, network availability is improved, and operation and maintenance cost is greatly reduced.
It is to be understood by those skilled in the art that while the present invention has been described in terms of several embodiments, it is not intended that each embodiment cover a separate embodiment. The description is given for clearness of understanding only, and it is to be understood that all matters in the embodiments are to be interpreted as including all technical equivalents which are encompassed by the claims.
The above description is only exemplary of the present invention, and is not intended to limit the scope of the present invention. Any equivalent changes, modifications and combinations that may be made by those skilled in the art without departing from the spirit and principles of the invention should be considered within the scope of the invention.