CN100411350C - Mixed policy loading system and method for realizing policy management - Google Patents

Mixed policy loading system and method for realizing policy management Download PDF

Info

Publication number
CN100411350C
CN100411350C CNB2005100086766A CN200510008676A CN100411350C CN 100411350 C CN100411350 C CN 100411350C CN B2005100086766 A CNB2005100086766 A CN B2005100086766A CN 200510008676 A CN200510008676 A CN 200510008676A CN 100411350 C CN100411350 C CN 100411350C
Authority
CN
China
Prior art keywords
strategy
tactful
request
descriptor
policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2005100086766A
Other languages
Chinese (zh)
Other versions
CN1829160A (en
Inventor
朱震
王新华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CNB2005100086766A priority Critical patent/CN100411350C/en
Publication of CN1829160A publication Critical patent/CN1829160A/en
Application granted granted Critical
Publication of CN100411350C publication Critical patent/CN100411350C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The present invention discloses a mixed strategy loading system which comprises a descriptive file of strategy type information, a definition unit of strategy managing procedures, an executing unit of strategy procedures, and a managing unit of strategy arrangement data, wherein the definition unit of strategy managing procedures is used for loading the contents in the descriptive file into a memory, the executing unit of strategy procedures is used for receiving strategy requests, reading an extracting method from the memory and extracting strategy raw data, and the managing unit of strategy arrangement data is used for reading a formatting method and a global treating method from the memory, carrying out formatting and global treatment to the strategy raw data, and returning the treating result to a requestor. The present invention also discloses a method realizing strategy management, which firstly reads the extracting method from the memory to extract the strategy raw data, and secondly reads the formatting and global treating method to carry out the formatting and global treatment to the raw data. The present invention can realize the simultaneous mixing management of a plurality of strategies, flexibly and simultaneously treat the different strategies according to a network global environment, provide convenience for loading new procedures of strategy management and reduce developing cost.

Description

The method of a kind of mixed strategy loading system and implementation strategy management
Technical field
The present invention relates to network equipment centralized management technology, relate in particular to a kind of mixed strategy loading system of policy service and method of implementation strategy management of in centralized manager, carrying out.
Background technology
Along with the expansion day by day of network environment scale, the quantity of various device also sharply increases in the network, and this comprises various route exchange devices, memory device, and numerous safety means are such as fire compartment wall, intruding detection system (IDS, Intrusion Detection System) or the like.
The very important aspect that numerous network equipments are managed is provided with various running environment parameters to these equipment exactly, and the exercises condition of equipment, and these all are classified as the tactical management to equipment.
A kind of initial method of equipment strategy management is directly to sign in on the equipment or the web page by equipment carries out man-to-man Long-distance Control.The advantage of this method is that operation is direct, and control in time.But, increase along with the network equipment, this man-to-man policy management method has obviously substantially exceeded network manager's live load, and increased and in numerous equipment, carried out the probability that policy configurations makes the mistake, these mistakes may be from network manager's input error, also may be from logic error, can not collaborative work between various device thereby cause.Especially when getting rid of logic error, the network manager often will spend very big energy just can deal with problems.
In present equipment strategy management, more and more tend to use the scheme of centralized management, to strengthen tactical management ability to various device in the network.In the tactical management tactful at each, mainly comprise to the extracting method of tactful initial data with to the formatting method of tactful initial data, how tactful extracting method wherein mainly provides the flow process and the parameter of acquisition strategy initial data, transformat that formatting method can be discerned the tactful initial data equipment of being converted into.An equipment can comprise a plurality of strategies, and each strategy all has its corresponding strategy extracting method and formatting method.
In present centralized manager tactical management scheme, the policy store of equipment is in centralized manager, and strategy can be issued to distinct device from the centralized manager unification.In centralized manager, all corresponding different policy management module of distinct device, each policy management module all has corresponding strategy abstraction function and format function.Each equipment in the network is single to the centralized manager request strategy.When centralized manager is received the strategy request of certain equipment, start with this equipment corresponding strategy administration module, this tactful initial data is extracted in strategic process management by inside, more tactful initial data is formatd, and the policy data after the format is returned to equipment.
But there is number of drawbacks in above-mentioned existing centralized management scheme:
At first, existing centralized manager can only be handled respectively different strategies separately, can not realize simultaneously mixed management to multiple strategy, simultaneously, owing to, independently carry out tactical management by policy management module separately at the different policy management module of distinct device exploitation, when therefore centralized manager is faced a large amount of strategy request at the same time, can not tackle different strategy request flexibly according to the network overall situation, tactical management efficient is low, and it is serious to expend system resource; Secondly, each policy management module stand-alone development and operation in the centralized manager make strategy expand and lack necessary ability that cause a kind of strategy of every expansion all to need to develop again a policy management module, waste of manpower resource, development cost are very high; Once more, owing to lack the connection cooperation relation between the Different Strategies administration module, therefore can not well solve the cooperation problem that forms between the Different Strategies cooperation fast, and, make policy management module newly developed be difficult to be attached in original system because centralized manager lacks necessary inner connecting structure; In addition, the leaching process of strategy and formatting procedure mix and finish in policy management module, strategy leaching process big city takies other system resource, such as file access, database access or access to netwoks etc., simultaneously, the tactful formative time also can calculate within the use of whole resource, both additions, thus make that the occupancy of system resource is too high.
Summary of the invention
In view of this, main purpose of the present invention provides the method for a kind of mixed strategy loading system and implementation strategy management, to realize simultaneously mixed management to multiple strategy, simultaneously different strategies is handled flexibly according to the network global context, and convenient new tactical management flow process, the reduction development cost of loading.
In order to realize the foregoing invention purpose, technical scheme of the present invention is:
A kind of mixed strategy loading system, this system comprises:
Policing type information description file (240), be used to write down the policing type that variety classes equipment can support the policing type descriptor, handle every kind of required extracting method of policing type and the interface message of formatting method and the interface message of strategy being carried out overall processing method;
Tactical management flow definition registering unit (210), system is carried in the internal memory during operation, be used for that policing type descriptor with policing type information description file (240) record is loaded in self and read the descriptor of extracting method, formatting method and the overall processing method of every kind of strategy, the descriptor that reads is loaded in self according to the interface message of described extracting method, formatting method and overall processing method;
Strategic process performance element (220), be used to receive strategy request, from tactical management flow definition registering unit (210), obtain the policing type information of being asked, the descriptor that comprises the extracting method of tactful descriptor and this strategy correspondence, create general policy data managerial structure, and carry out extraction according to the descriptor of extracting method and operate, extract the initial data of institute's request strategy, tactful descriptor and described tactful initial data are inserted on the position of relative strategy in the policy data managerial structure of being created; Also be used for sending the request of processing, receive the result of tactful topology data administrative unit (230), export this result to strategy request side to tactful topology data administrative unit (230);
Strategy topology data administrative unit (230), be used to receive the processing request of strategic process performance element (220), the descriptor of reading format method and overall processing method from tactical management flow definition registering unit (210), according to descriptor the tactful initial data in the described policy data managerial structure is formatd, and the data after the format are carried out the overall situation handle, return result to strategic process performance element (220).
Preferably, described policing type information description file (240) is for meeting the expandable mark language XML file of predetermined policy type information descriptor format.
Preferably, described tactical management flow definition registering unit (210) further comprises policing type Registering modules (211), policing type access modules (212) and policing type representation module (213), wherein:
Policing type Registering modules (211) is used for that policing type descriptor with policing type information description file (240) record is loaded in the policing type representation module (213) and reads the descriptor of extracting method, formatting method and the overall processing method of every kind of strategy according to the interface message of described extracting method, formatting method and overall processing method, and the descriptor that reads is loaded in the policing type representation module (213);
Policing type access modules (212) is used for receiving the request of other unit of described mixed strategy loading system, and access strategy type representation module (213), obtains the policy information of being asked, the result who obtains to the unit backward reference of initiating request;
Policing type representation module (213) is arranged in the internal memory of system, be used for the content that reception and conversation strategy type Registering modules (211) are loaded, and the access request of reception policing type access modules (212), to policing type access modules (212) backward reference result.
Preferably, described strategic process performance element (220) further comprises command interface module (221), construction of strategy module (222) and policy object module (223), wherein:
Command interface module (221) is used to receive strategy request, sends the strategic process enabled instruction to construction of strategy module (222), and receives the final strategy request result that policy object module (223) is returned, and returns this result to the strategy request initiator;
Construction of strategy module (222) is used to receive the strategic process starting command of command interface module (221), from tactical management flow definition registering unit (210), obtain the policing type information of being asked, the descriptor that comprises the extracting method of tactful descriptor and this strategy correspondence, create general policy data managerial structure, and carry out extraction according to the descriptor of extracting method and operate, extract the initial data of institute's request strategy, tactful descriptor and described tactful initial data are inserted on the position of relative strategy in the policy data managerial structure of being created; Also be used for sending the request of processing, receive the result of tactful topology data administrative unit (230), result is sent to policy object module (223) to tactful topology data administrative unit (230);
Policy object module (223) is used for receiving and conversation strategy makes up the result that module (222) sends, and this result is dosed in the policy object in the relative strategy request, and the policy object after will dosing returns to command interface module (221).
Preferably, described tactful topology data administrative unit (230) further comprises: tactful format module (231), tactful scale module (232), tactful factory module (233), wherein:
Strategy factory's module (233) is used to receive the access request of tactful format module (231) and tactful scale module (232), transmit access request to tactical management flow definition registering unit (210), and receive the visit result who returns, will visit the result and return to tactful format module (231);
Strategy scale module (232) is used to receive the request strategy type of tactful format module (231) input, policing type by registration in tactful factory module (233) the request access strategy management process definition registering unit (210), receive the visit result, and according to the visit result policing type of request is screened, only to the policing type in internal memory, registered descriptor to tactful factory module (233) request formatting method;
After strategy format module (231) is used to receive the processing request of strategic process performance element (220) transmission, send the policing type of being asked to tactful scale module (232), and receive the descriptor of the formatting method that tactful factory module (233) returns, according to this descriptor the tactful initial data in the described policy data managerial structure is formatd, and send the request of the overall processing method descriptor of visit to tactful factory module (233), after receiving the overall processing method descriptor that tactful factory module (233) returns, carry out the overall situation according to the result of this descriptor after and handle, and return final result to strategic process performance element (220) to described format.
Described policy data managerial structure is based on the mixing multiway tree structure of breathing out western index.
Root node district in the described mixing multiway tree structure and one-level node area storage equipment and policing type descriptor, secondary and secondary are deposited tactful initial data with lower node.
Described overall processing method further comprises inference method and legitimacy detection method.
A kind of method of implementation strategy management is applicable to centralized manager, and this method comprises:
A, storage policy type information description document in centralized manager in advance; The policing type descriptor of the policing type that record variety classes equipment can be supported in this policing type information description file, every kind of required extracting method of policing type of processing and the interface message of formatting method and the interface message of strategy being carried out overall processing method;
When B, centralized manager startup, the policing type descriptor that writes down in the policing type information description file is loaded in the internal memory and reads the descriptor of extracting method, formatting method and the overall processing method of every kind of strategy, the descriptor that reads is loaded in the internal memory according to the interface message of described extracting method, formatting method and overall processing method;
C, receive the external policy request after, from internal memory, read the descriptor of request designated equipment policing type according to this strategy request, the construction strategy data management structure, and from internal memory the descriptor of fetch policy type extracting method, according to the initial data of this descriptor fetch strategy, and the descriptor and the tactful initial data of described policing type inserted on the correspondence position of the policy data managerial structure of being created;
D, from internal memory the descriptor of the formatting method of fetch policy type correspondence, according to this descriptor the tactful initial data on the described policy data managerial structure is formatd; Read the descriptor of overall processing method from internal memory, the result after according to this descriptor format being handled carries out the overall situation and handles, and the result after the overall situation is handled returns to the initiator of strategy request.
Preferably, among the described step C, after receiving the external policy request, and from internal memory, read before the descriptor of request designated equipment policing type, further comprise:
C1, judge according to the record of the tactful data bank of centralized manager whether the strategy of being asked changes, if, then continue the subsequent operation of execution in step C, otherwise, directly the corresponding identical policy configurations that writes down in the tactful data bank is the more new-type policy object of nothing, and returns to strategy request side.
Preferably, among the described step C1, the detailed process whether strategy that judgement is asked changes comprises:
C11, according to the policy lookup strategy data bank of being asked, but whether this tactful Policy Status that writes down in the determination strategy data bank is issued state, if but be issued state, execution in step C12 then; Otherwise institute's request strategy is change not;
C12, judge whether carry initialization sign in the described strategy request, if then strategy has change; Otherwise, execution in step C13;
Whether the path of the institute's request strategy that writes down in C13, the determination strategy data bank is upgraded, if then strategy has change, otherwise, execution in step C14;
C14, judge current institute request strategy last time the request after whether carried out tactful editing and updating, if then strategy has change; Otherwise strategy does not have change.
Preferably, after step C, before the step D, further comprise:
The policing type of being asked is screened, filter out the policing type that in internal memory, has loaded; And in step D, only from internal memory, read the descriptor of the formatting method of policing type correspondence that filters out, and only the initial data of this policing type is formatd.
Preferably, in step D, the described overall situation returns to before the strategy request initiator after handling, and further comprises:
E, judge whether the mode of described strategy request is initialization, if then overall result is carried out complete formula policy object configuration, and return to strategy request side; Otherwise, execution in step F;
F, judge whether the tactful content in the overall result is upgraded, do not upgrade then overall result is not had more new-type policy object configuration, return overall result to the strategy request initiator again if having; Otherwise, execution in step G;
G, the overall result former policy data copy identical with policing type in the tactful data bank compared, generate the increment strategy data;
Whether the increment strategy data that H, determining step G are generated are less than the threshold value of storing in advance, if, then overall result is carried out the configuration of increment type policy object, and return to the strategy request initiator, otherwise, overall result is carried out complete formula policy object configuration, and return to the strategy request initiator.
Described policy data managerial structure is based on the mixing multiway tree structure of breathing out western index.
The root node district in the described mixing multiway tree structure and the descriptor of one-level node area storage equipment and policing type, secondary and secondary are deposited tactful initial data with lower node.
Described overall processing method further comprises inference method and legitimacy detection method.
Beneficial effect of the present invention comprises:
The present invention can realize simultaneously the mixed management of multiple strategy is handled different strategies simultaneously flexibly according to the network global context, and conveniently loads new tactical management flow process, reduces development cost.
Concrete, the mixed strategy loading system has changed the simple strategy transfer mode of " individual equipment is to administrative center's request strategy " in the past, by workflow management that strategy is handled and unified mixing multiway tree structure, loading system has the ability simultaneously polytype strategy to be carried out extraction and analysis, this unifies the structure system that makes have an opportunity to analyze at the synchronization tactful specification of numerous safety on line equipment, therefore can be than the general safety situation between the safety means in the policy management system more concern network in the past.Loading system provides the standard Processing Interface, by configuration, can define the associated treatment process between any equipment strategy that needs to be concerned about.
The mixed strategy loading system is divided into basic framework partial design and service logic part design with the tactical management problem in the network equipment, and has provided module composition and the flow process relation of basic framework partial design and the methods of loaded with traffic strategy.By to the structural division of tactful problem of management, improved the versatility and the expandability of tactical management, only need just can organize tactical management demand in the whole network arbitrarily now by the XML deployment file.
Since member the mixed strategy loading system, the strategy that concrete business game problem just only needs to pay close attention to himself extracts and formatting method, be not concerned about their scheduling, RELEASE PROBLEM and do not spend at the centralized management center, thus, make the efficient and the reliability of the tactful content that exploitation is new be greatly improved.Can followingly calculate: originally develop and verify that the parts of a cover tactical management need (x+y) day for human beings, x is the valuation of exploitation authentication policy flow process with management, and y is the valuation that specific strategy content tissue is verified in exploitation.If there is n kind strategy just to need n* (x+y) day for human beings, then need the m*x+n*y day for human beings now, wherein m*x is the structure day for human beings of this mixed strategy loading system, m is slightly larger than 1.Both differences are (n-m) * x day for human beings so, as n during much larger than m, then can be that the progress of project is saved the considerable time.
The mixed strategy loading system itself has been optimized the centralized management process to strategy, and the case method of the concrete business game logic of its self maintained guarantees that they have only a copy in internal memory.This way has improved space availability ratio and tactful processing speed, because in the past policy management method, come temporarily all can Resources allocation when strategy request, uses the back to discharge resource.The mixed tactful loading system shielding of this process, it can guarantee the latest edition and distribution use of resource, in fact, the strategy of same kind can use same strategy to handle resource, does not distribute and removal process.Every request in 3 minutes once for the sight of strategy, system just will save and surpass 20 times resource allocation and removal process each second for 2000 equipment, and it is more tactful that CPU also will obtain the more time processing.
The mixed strategy loading system not only self has promoted the efficient of tactful processing, also improves the service efficiency of other system resource simultaneously as possible, and this is embodied in loading system the process of tactical management was divided for each stage.Be that strategy extracts to mix with format and finishes in the past, and tactful leaching process big city takies other system resource, such as file access, database access or access to netwoks etc., and the tactful formative time also can calculate within the use of whole resource, thereby makes that the occupancy of resource is too high.Loading system has been divided this two flow processs the most basic, and the pipeline transmission data are provided between two flow processs, makes strategy extract with being formatted in the different stages like this and finishes, thereby make the strategy extraction use as soon as possible and discharge the associated external resource.When carrying out the strategy format, the external resource that has discharged, the new strategy that offers that can also be concurrent extracts flow process, has therefore improved the utilization rate of other system resource.
Description of drawings
Fig. 1 is the position view of mixed strategy loading system of the present invention in centralized manager;
Fig. 2 is the overall structure figure of mixed strategy loading system;
Fig. 3 is the mixing multiway tree structural representation of embodiment of the present invention;
Fig. 4 realizes the method flow diagram of centralized management network equipment strategy for mixed strategy loading system of the present invention;
Fig. 5 is the detail flowchart of described step 43 of present embodiment and step 44;
Fig. 6 is the schematic diagram that tactful topology data administration module is carried out flow process;
Fig. 7 is that the relevant environment schematic diagram is implemented in the deployment of mixed strategy loading system of the present invention.
Embodiment
Further specify implementation method of the present invention below in conjunction with the drawings and specific embodiments.
Fig. 1 is the position view of mixed strategy loading system of the present invention in centralized manager.As shown in Figure 1, the policy service system comprises mixed strategy loading system and tactful communication module, and each equipment in the network can be by tactful communication module and policy service system interaction information; Policy service system and other service system are assembled into respectively in the JAVA administration extensions server (JMX Server); JMX Server has formed centralized manager with the service system of its assembling; Centralized manager has further been formed centralized management system with other data resources.Other outer equipment of centralized management system can send each service system interactive information in external request and the centralized manager.
Fig. 2 is the overall structure figure of mixed strategy loading system.As shown in Figure 2, external environment condition 20 is that mixed strategy loading system and external equipment carry out mutual interface section, it is above-mentioned tactful communication module, the strategy communication module mainly comprises strategy request unit 201, the strategy request that is used for the external equipment that will receive is transmitted to the mixing loading system, and the result that will mix loading system returns to corresponding external equipment.
Mixed strategy loading system 21 mainly comprises:
Policing type information description file 240, be used to write down the policing type information of managed network equipment, comprising: the descriptor of the basic descriptor of each policing type, the extracting method of this policing type and formatting method and the overall processing method information of this policing type etc.In managed network, for every kind of different policing type, all there is corresponding strategy type specification information to be recorded in this policing type information description file, can be provided with by the running environment parameter of equipment, the exercises of equipment etc. as for concrete policing type information.If increase certain type strategy, only need the descriptor of this policing type is added in this policing type information description file 240.The extraction of 21 pairs of variety classes strategies of mixed strategy loading system, format, the overall situation are handled and are issued all by this policing type information description document definition explanation.
Tactical management flow definition registering unit 210, be arranged in the internal memory of system, be management variety classes policy interface unit, be used for when system initialization the policing type information of policing type information description file 240 is loaded in the Installed System Memory, comprise tactful descriptor in the policing type information, and handle the method that every kind of strategy needs, and for example extracting method, formatting method and overall processing method, described overall processing method can be inference method, legitimacy detection method etc.In the present embodiment, the describing mode of these methods is a binary system byte sign indicating number.Tactical management flow definition registering unit 210 provides interface for loading different tactical management flow processs.
Strategic process performance element 220, it is the main member of implementation strategy extraction and analysis issue, be used to receive the strategy request of strategy request module 201, according to the tactful access strategy management process definition registering unit 210 of being asked, obtain the policing type information of institute's request strategy, descriptor comprising tactful descriptor and the corresponding extracting method of this strategy, descriptor according to each request strategy is created general policy data managerial structure, multiple policing type information all is illustrated in this policy data managerial structure, and at each policing type, carry out its corresponding extracting method, extract this tactful initial data, and should the strategy initial data insert on the position of relative strategy in the policy data managerial structure of being created.Strategic process performance element 220 go back request strategy topology data administrative unit to the tactful initial data of extracting format, rational analysis and legitimate verification of overall importance, and the policy data after will handling by strategy request module 201 to being distributed to requesting service or deriving to the keeper.
Strategy topology data administrative unit 230 is used for the tactful initial data that tactful flow performing unit 220 is extracted is handled.Concrete, after strategy topology data administrative unit 230 is received the processing request of strategic process performance element 220, policing type in the policy data managerial structure of being created is traveled through, from tactical management flow definition registering unit 210, read the descriptor of the formatting method of each policing type, initial data with each policing type is input, carry out the formatting method of this policing type correspondence, the initial data of each policing type is formatd; Add, this strategy topology data administration module 230 also reads the descriptor of general inference method and legitimacy detection method from tactical management flow definition registering unit 210, and be input parameter with the result after the format of each policing type, operation inference method and legitimacy detection method, the rational analysis and the legitimacy of the format result being carried out again the overall situation detect, and result returns to strategic process performance element 220 the most at last.
Below tactful type information description document 240, tactical management flow definition registering unit 210, strategic process performance element 220 and tactful topology data administrative unit 230 are further elaborated.
In the present embodiment, described policing type information description file XML file format up to specification, the standard criterion file format of this XML file content is as follows:
<?XML?version=′1.0′encoding=″GB2312″?>
<policyconfig>
<device?NodeType=″LgdFWPower?V″>
The strong five fire compartment wall elementary tactics of<policytype name=' POLICYTYPE_FWR ' desc=' ' 〉
<implementation construct=′com.lenovo.publish.FWPolicyConstruction′
manner =′share′path=′need′format=′com.lenovo.publish.FWRulePTImpl′
check=’com.lenovo.publish.FWRuleInspectionImpl’>
</implementation>
</policytype>
The strong five fire compartment wall VPN strategies of<policytype name=' POLICYTYPE_VPN ' desc=' ' 〉
<implementation?construct=′com.lenovo.publish.VPNPolicyConstruction′
manner=′share′path=′noneed′format=′com.lenovo.publish.VPNPTImpl′>
</implementation>
</policytype>
</device>
<common>
<rocess?deduce=’com.lenovo.publish.Reasoning’
check=’com.lenovo.publish.Check’/>
</common>
</policyconfig>
Now the standard criterion file format to above-mentioned XML file is described as follows:
1) the device label is used for declares device, and the NodeType attribute shows the type of this equipment; Can state any a plurality of device, promptly state any a plurality of equipment;
2) can state the policing type that any a plurality of these equipment may be supported in each device label, each policing type is by the statement of policytype label, and the attribute that it comprises has strategy names name and describes desc;
3) in each policytype label, will the flow process implementation method and the association attributes of this policing type be described, these contents are included in the implementation label;
4) two most important attributes, construct and format are arranged in the implementation label.
The construct attribute description interface of the tactful extracting method in the tactical management flow process, in the present embodiment, this interface is the memory address of tactful extracting method descriptor, descriptor that can the fetch policy extracting method from this address, this strategy extracting method is called strategy again and extracts service, according to the tactful extracting method that this descriptor is described, extract the initial data of strategy.The format attribute description strategy is extracted the result, it is the interface that tactful initial data is carried out the formatting method of format manipulation service, this interface is the memory address of this formatting method descriptor, descriptor that can the reading format method from this address, formatting method according to this descriptor description, tactful raw data format can be turned to the desired tactful form of this implementation label relative strategy, this strategy form can be by this policing type corresponding equipment identification.
5) descriptor that also provides basic facilities to serve in the implementation label.Wherein, the manner attribute offers to extract serves a resource connection performance easily, if value " share ", then the database that uses it self of mixed strategy loading system connects quotes and offers concrete strategy and extract service, the service of extracting of concrete strategy can be shared this connection, therefore can accelerate the access speed to resource, if value " standalone ", then strategy extracts service with the extraction visit of self handling data source; The path attribute is served the path profile that current strategies corresponding device place institutional framework is provided for strategy extracts, if the routing information that certain type strategy need be correlated with is " need " with the value that this attribute is set, otherwise is " noneed ".In addition, the check attribute provides the legitimacy of this policing type to detect interface, and this interface is the memory address of legitimacy detection method descriptor, can read the descriptor of legitimacy detection method from this address.
6) common provides the overall processing method after all types of strategies are handled.Process label has wherein been stated two attributes: the deduce attribute has indicated the inference interface that whole policy datas are handled, this inference interface is the memory address of inference method descriptor, can read the descriptor of inference method from this address, the main effect of described inference method is according to the situation of the network overall situation policy data after formaing to be screened, output meets the policy data form of the network overall situation, be that concrete inference method can define as the case may be than the screening process of aftermentioned check attribute relative complex.In the present embodiment, default inference method is for merging the format output result of each strategy, with this result as a whole strategy represent.The check attribute provides the interface that deduce attribute output result is carried out the legitimacy check, and this interface also is a memory address, can read the descriptor of described legitimacy detection method from this address.In the present embodiment, the default action of described legitimacy detection method is not for checking.The check attribute is simple relatively screening process.
In the present embodiment, the binary system byte representation that all can discern of the descriptor of said extracted method, formatting method, inference method and legitimacy detection method by the network equipment.
Described tactical management flow definition registering unit 210 further comprises policing type Registering modules 211, policing type access modules 212, policing type representation module 213, wherein:
Policing type Registering modules 211 is used for the above-mentioned XML file that records policing type information is handled, comprise fault-tolerant processing, default action processing etc., and when mixed strategy manager 21 begins to start from the XML file fetch strategy type information, policing type information herein also is the tactical management procedure information, and with the policing type information that extracts according in the policing type representation module 213 of certain format organization in the internal memory, for construct, format, the realization of the method for label such as deduce and check correspondence, policing type Registering modules 211 is according to construct, format, the address that label such as deduce and check is described, inquiry realizes the binary system byte sign indicating number of corresponding method from corresponding address, the binary system byte that inquires is piled up in the internal memory, these binary system byte sign indicating numbers have identified the detailed process and the parameter of " extraction " or methods such as " formats ", and this process is called " instantiation ".But when start-up loading, a kind of " extracting method " of policing type and method instantiations such as " formats " once and exist in the internal memory always, after system reinitializes internal memory, carry out instantiation again.The situation that system reinitializes internal memory comprises at least: system restarts, and under the situation of not halt system operation, upgrades described XML file, and reinitializes internal memory with the XML file after upgrading.In addition, policing type Registering modules 211 also provides searches the function that the corresponding strategies service is quoted, and in view of this function is existing known technology, no longer describes in detail herein.
Policing type access modules 212, be used for receiving the order of acquisition request policy information of other unit of mixed strategy loading system, and according to the policy information that is loaded in this request command access strategy type representation module, obtain the policy information of being asked, and the result who obtains to the module backward reference of initiating request.Policing type access modules 212 is main by basic traversal mode, visits and return policy information.
Policing type representation module 213 is arranged in the internal memory of system, receives the also policing type information of conversation strategy type Registering modules 211 extractions, and the data structure of responsible maintenance strategy type information; The policy information of these policing type identification module 213 inside is safeguarded by a hash, each of this hash is made up of a device type and a corresponding chained list element, each element in this chained list is the policing type information that this chained list institute corresponding device is supported, each policing type information comprises: the ground literal to this policing type is described, a code instance of the extracting method of this policing type and formatting method quote and the code instance of general overall processing method is quoted.Described code instance quote the idiographic flow of having described policing type extracting method, formatting method and overall processing method, the binary system byte sign indicating number that is cited as description extracting method, formatting method and overall processing method of this code instance, can from the address that above-mentioned tactful extracting method interface, formatting method interface and overall processing method interface are described, read out, in view of how to describe the whole bag of tricks by quoting of example is the known technology of this area, and not key point of the present invention, no longer describe in detail herein.Simultaneously, policing type representation module 213 also receives the access request of policing type access modules 212, the policing type that will visit according to this access request returns the policing type information of being asked to policing type access modules 212, comprises the tactful descriptor of needs and quoting of described code instance.
Described strategic process performance element 220 mainly comprises command interface module 221, construction of strategy module 222 and policy object module 223, wherein:
Command interface module 221 is starting points of strategy extraction and format manipulation, be used to receive the strategy request of strategy request module 201, send the strategic process enabled instruction according to this strategy request to construction of strategy module 222, start the inner strategy handling process of mixed strategy loading system, and receive the final strategy request result that policy object module 223 is returned, promptly need policy object, this policy object is returned to strategy request module 201 to the requesting service distribution.Parameter in the described strategy request comprises the combination of following several parameters: the register name of request strategy object, policing type, device object, device type, whether initialization flag, whether carry out by force that data derive sign.Wherein: the request strategy object is to be empty object to the content of mixed strategy loading system request, and this object has set form, and the policy data that the mixed strategy loading system is returned will be dosed and return to requesting service in this policy object; Initialization flag indicates that whether this current strategy request is the initial request to same strategy; The described data of whether carrying out by force derive sign and are used to illustrate whether the current strategies request is the administration order that the keeper initiates, and for this strategy request, the policy object of returning to the equipment distribution, does not just derive, and analyzes for the keeper.
Construction of strategy module 222 is used to receive the strategic process starting command of command interface module 221, content parameters according to strategy request, by the policing type access modules 212 policing type information that the acquisition strategy request is asked from policing type representation module 213, comprise the descriptor of policing type and the binary system byte sign indicating number of formatting method, and set up the policy data managerial structure of many policy informations of storage current strategies request according to this policing type information, utilize the formatting method fetch strategy initial data of policing type correspondence, and initial data is inserted in the policy data managerial structure.
Among the present invention, the mixed strategy loading system is handled multiple Different Strategies simultaneously and can be analyzed Different Strategies simultaneously, just be that the mixed strategy loading system provides general policy data managerial structure for different strategic processes when the acknowledgment strategy request, this general policy data managerial structure both can be handled single strategy request, also can handle simultaneously a plurality of strategy request, and strategic server is formatd and global analysis the policy data that obtains, and then the policy data after will handling sends.In the present embodiment, described general policy data managerial structure is based on the mixing multiway tree structure of breathing out western index, but policy data managerial structure of the present invention also is not limited to mix the multiway tree structure, those skilled in the art other similar data managerial structures that can directly expect all applicable to the present invention.
Fig. 3 is the schematic diagram of the described mixing multiway tree of present embodiment structure.As shown in Figure 3, logically this mixing multiway tree can be divided into root node district, one-level node area, two-level node district ..., except that first order node area, all the other interstitial contents at different levels are unrestricted.The mixed strategy loading system is responsible for the management of root node district and one-level node area, and the later node area of secondary is then managed by each the tactful extracting method stated in described XML file and formatting method, and the scheduling of these methods is controlled by the mixed strategy loading system.
Mix multiway tree and create, can use by the tactful format module 231 in tactful construction part module 222 self and the tactful topology data administrative unit by tactful construction part module 222.
The root node district 30 of mixing multiway tree is made of a root node 301, this intra-node is a hash, each of hash to element by [label n, pointer n] form, label n needs the equipment identity of strategy for certain, this label can obtain according to the tactful data bank in the register name search strategy server of device object in the strategy request, and the pointer n of this label correspondence will point to the corresponding node in the one-level node area.
The policing type of 31 pairs of equipment supports of one-level node area segments, each intra-node is a hash that belongs to it, shown in node among the figure 311, the form of every pair of element is [policing type b in the table, pointer b], wherein the policing type b type that belongs to this equipment support in the XML document definition is added an equipment self-described type, and this equipment self-described type is to mix the type that the loading system acquiescence provides, and pointer b will point to the actual memory memory block of this policing type.
Two-level node district 32 is the actual extracting memory block as a result of tactful initial data, exists a zone and an one-level node area that is called as the self-described attribute to get in touch at least, as node 3210, is used for the essential information of declares device.Remaining data storage area is extracted by the extracting method that the construct label of relative strategy type in the XML file indicates, the mixed strategy loading system will extract it inserts the relevant position in this mixing multiway tree two-level node district as a result, as node 3211 and 3212.
In addition, also have three grades of node area 33 in the mixing multiway tree.For a policing type, have the subtype relation that is under the jurisdiction of this policing type as required and exist, therefore if this kind situation, concrete strategic process can continue to add policy information in this relevant position of mixing on the multiway tree, as node 33111.
In the data on the leaf node of described mixing multiway tree is that equipment self-described information or process construct label indicate the result after extracting method is extracted, promptly tactful initial data.But these tactful initial data might not be the tactful forms that actual physical device is supported.Therefore, construction of strategy module 222 also needs to send formatted requests to tactful topology data administration module 230, after 230 pairs of tactful raw informations of mixing on the multiway tree of the tactful topology data administrative unit of process format processing, can become the tactful form of recognition of devices, and the data after will formaing deposit policy object module 223 in and dose into policy object.
Policy object module 223 is used for the policy data after conversation strategy makes up module 222 extractions and format, this policy data is dosed in the policy object in the relative strategy request, and the policy object after will dosing returns to command interface module 221, by this command interface module 221 policy object is distributed to requesting service by strategy request module 201, perhaps derives and give the keeper.The base attribute of policy object module has policy update sign, policing type, device password, tactful content.
Strategy topology data administrative unit 230 mainly comprises tactful format module 231, tactful scale module 232, tactful factory module 233.Wherein:
After strategy format module 231 is used to receive the processing request of construction of strategy module 222 transmissions, policing type in the policy data managerial structure of being created is traveled through, filter the policing type of in internal memory, not registering by tactful scale module 232, filter the binary system byte sign indicating number of the formatting method of back policing type again to the request of policing type access modules by tactful factory module 233, and carry out the binary system byte sign indicating number of the formatting method ask, the initial data of corresponding strategy type is formatd; Add, this strategy format module also returns the binary system byte sign indicating number of general inference method and legitimacy detection method by tactful factory module 233 request strategy type of access modules 212, and with the format after the result be input parameter, the binary system byte sign indicating number of operation inference method and legitimacy detection method, the rational analysis and the legitimacy of the format result being carried out again the overall situation detect, and result returns to construction of strategy module 222 the most at last.
Strategy scale module 232, be optional module, be used to receive the request strategy type of tactful format module 231 inputs, return the policing type of registering in the internal memory by tactful factory module 233 request strategy type of access modules 212, and the policing type of request screened, only to the binary system byte sign indicating number of the policing type request formatting method in internal memory, registered.
Strategy factory module 233, be the interface module of carrying out communication with the policing type access modules, the access request of reception strategy format module 231 and tactful scale module 232, transmit access request to policing type access modules 212, obtain relevant visit result, and will visit the result and return to tactful format module 231 and do follow-up processing.
Fig. 4 realizes the method flow diagram of centralized management network equipment strategy for mixed strategy loading system of the present invention.As shown in Figure 4, described method comprises:
Step 41, storage policy type information description document in centralized manager in advance, promptly above-mentioned XML file.
When step 42, centralized manager startup, the back-up environment of strategic server initialization mixed strategy loading system 21, promptly Analysis of X ML file at first carries out default process such as mistake proofing, verification to the XML file, the policing type information in the XML file is loaded in the internal memory of centralized manager again.After initialization finished, strategic server began to wait for strategy request.
Concrete, the policing type information that is loaded comprises the basic descriptor of each policing type that the XML file is included and the descriptor of this policing type corresponding strategy extracting method, formatting method, inference method and legitimacy detection method.Descriptor in the present embodiment is a binary system byte sign indicating number.The detailed process that loads described binary system byte sign indicating number is: the address of reading labels such as construct, format, deduce and the check description of each policing type in the XML file, inquiry realizes the binary system byte sign indicating number of corresponding method from these addresses, the binary system byte sign indicating number that inquires is loaded in the internal memory goes.Described policing type information is loaded in the policing type representation module in the internal memory, safeguard by a hash, each of this hash is made up of a device type and a corresponding chained list element, and each element in this chained list is the policing type information that this chained list institute corresponding device is supported.
In case step 43 mixed strategy loading system receives the external policy request, from internal memory, read the descriptor of request designated equipment policing type according to this strategy request, the policy data managerial structure of construction strategy type information, be mixing multiway tree structure in the present embodiment, and from internal memory the binary system byte sign indicating number of fetch policy type extracting method, carry out the binary system byte sign indicating number of this extracting method, extract tactful initial data, and should the strategy initial data insert on the correspondence position in the mixing multiway tree of being created.
Concrete, this step 43 comprises:
Tactical management flow performing unit 220 in step 431, the mixed strategy loading system judges at first whether the strategy of being asked changes, if, execution in step 432 more then, otherwise, directly being configured to does not have more new-type policy object, and returns to the equipment of request strategy.
Step 432, according to the device identification in the strategy request, and the descriptor of the policing type that reads from internal memory is created the mixing multiway tree can represent multiple policing type; Wherein, the root node district of this mixing multiway tree is the equipment identity of required strategy and the pointer that points to the one-level node area thereof, and the one-level node area is each policing type of each device identification corresponding equipment self-described information and this equipment and the pointer that points to the two-level node district thereof.
Step 433, from the policing type representation module 213 of internal memory, read the binary system byte sign indicating number of describing the policing type extracting method according to policing type.
The binary system byte sign indicating number of the extracting method that step 434, operation read, extract policing type corresponding strategy initial data, and the tactful initial data that will extract is inserted in the leaf node in the mixing multiway tree of above-mentioned establishment i.e. two-level node or the more node of subordinate.
In the above-mentioned step 43, the mixed strategy loading system receives the request that may once can receive multiple strategy, also only can create one this moment and mix multiway tree, contains the data message of each policing type in all current requests in this mixing multiway tree.
Step 44, tactical management flow performing unit 220 starts the handling process of tactful topology data administrative unit 230, the binary system byte sign indicating number of strategy topology data administrative unit 230 formatting method of fetch policy type correspondence from internal memory, with the tactful initial data in the described mixing multiway tree is the format input parameter, the binary system byte sign indicating number of operation formatting method, described tactful initial data is converted into the transformat that requesting service can be discerned, and further read the binary system byte sign indicating number of overall processing method, after carrying out overall situation processing, return to the initiator of strategy request by strategic process performance element 220.
Concrete, this step 44 comprises:
Step 441, the tactful kind that at first can need export through tactful scale module 232 screening requesting services have only those policing types of registering in internal memory just can be carried out subsequent treatment.
Step 442, access memory are obtained the binary system byte sign indicating number with step 441 a screening strategy kind corresponding strategy formatting method.
Step 443, be formative input parameter with the original strategy data of mixing in the multiway tree, the binary system byte sign indicating number of the tactful formatting method that operating procedure 442 obtains, described original strategy data are formatd, be converted into the transformat that requesting service can be discerned.
Step 444, access memory are obtained and the corresponding overall processing method of the selected tactful kind of step 441, i.e. inference method and legitimacy detection method, binary system byte sign indicating number.
Step 445, the result after handling with step 442 format are input parameter, the binary system byte sign indicating number of inference method that operating procedure 444 obtains and legitimacy detection method, and the policy data that reasoning and legitimacy detect after handling returned to requesting service.
Fig. 5 is the detail flowchart of described step 43 of present embodiment and step 44.This flow process is mainly carried out by construction of strategy module 222 and tactful topology data administration module 230 cooperations.As shown in Figure 5, this flow process comprises three main flow processs, is respectively that flow process 51, tactful handling process 52 and tactful increment handling process 53 are judged in the strategy change.This schematic diagram has been described the implementation of tactical management flow process.
Those skilled in the art will appreciate that strategic server when the device request strategy, the strategy of being asked is saved to tactful data bank by policy management client end (UI) instrument.Therefore among the present invention, when construction of strategy module 222 is received strategy request 50 from command interface module 221, need the search strategy data bank, according to the policy characteristics that tactful data bank write down is that standard is analyzed with policy update strategy request and judged, thereby judge requested strategy fast whether renewal is arranged, and according to the configuration mode of the object module of judging of decision-making as a result 223.
The strategy change judges that flow process specifically comprises:
Step 511, according to the policy lookup strategy data bank of being asked, but whether this tactful Policy Status that writes down in the determination strategy data bank is issued state, if but be issued state, then execution in step 512; Otherwise as the policy object to the requesting service distribution, execution in step 54 does not have update strategy object configuration process with the former policy data that writes down in the tactful data bank; Described can not issued state for example: requested strategy is being in editing mode, for avoiding unpredictable policy conflict, forbids to the equipment publishing policy this moment.
Step 512, judge whether the mode of described strategy request is initialization, be i.e. whether carry the initialization sign in the determination strategy request, if then the current strategies request is an initial request, implementation strategy handling process 52; Otherwise this current strategy request is not an initial request, execution in step 513.
Whether the path of the institute's request strategy that writes down in step 513, the determination strategy data bank is upgraded, if then the implementation strategy handling process 52, otherwise, execution in step 514.
Why carry out this step 513, be because the management of general networking equipment is to carry out tree-shaped hierarchy management by the mode of management domain, therefore a network equipment is from belonging to some specific management domains in logic, thereby have specific tactful topological path, and the strategy of himself to be subjected to the influence of each management domain facility strategy of higher level.If certain equipment corresponding strategy topological path changes, then its strategy is also followed and is carried out corresponding change, therefore needs to judge whether its path is upgraded.
Step 514, judge current institute request strategy last time the request after whether carrying out tactful editing and updating, promptly judge that according to the record of tactful data bank the strategy of current request is during last request is asked to this, whether carried out edit operation by policy management tool, for example comprise operations such as increase, deletion, modification, if carried out edit operation, strategy editing and updating then is described, implementation strategy handling process 52; If if no edit operation, then explanation does not have editing and updating, with the former policy data that writes down in the tactful data bank as the policy object of distributing, execution in step 54 to requesting service.Concrete, the realization mechanism that the strategy edit operation upgrade to be judged is to compare by the strategy modification time with policy issue time last time and each node of path to judge and have or not operability to upgrade, and the strategy modification time is by the policy management tool configuration and be kept in the tactful data bank.
In addition, the strategy change judges that the policy information that also comprises in the flow process after tactful handling process 52 processing carries out tactful content update determination step 515, does not upgrade if having, and then execution in step 54; Otherwise implementation strategy increment handling process 53 is handled.This strategy content update judge 515 realization mechanism be by will newly obtaining strategy cryptographic Hash and last time distributing policy cryptographic Hash compare and realize by this comparison procedure, whether the content that can accurately judge institute's request strategy has renewal.
Strategy handling process 52 is responsible for creating the mixing multiway tree automatically according to the sign and the type of the requesting service that carries in the strategy request, the fetch strategy initial data, and tactful initial data formatd.
Strategy handling process 52 comprises:
Step 521, the control of strategy assembling flow path, soon the device type of registering in the device type of requesting service and the internal memory is mated, obtaining the tabulation and the corresponding tactful example that extracts binary system byte sign indicating number of whole policing types of this device type from internal memory quotes, create the mixing multiway tree according to the equipment identity in whole policing types that obtain and the strategy request, and carry out the binary system byte sign indicating number of this policing type corresponding strategy extracting method according to each policing type, extracting the tactful initial data of this policing type, and will extract the result and place the secondary and the following node area of secondary of mixing multiway tree.
In this step, if device type corresponding strategy type need this equipment organize path profile the time, during promptly described path label value " need ", can from pond, tactful path, extract the corresponding strategy path.
Step 522, the control of policy resolution flow process, that is: the binary system byte sign indicating number of the formatting method of fetch policy type correspondence, inference method and legitimacy detection method from internal memory, with the tactful initial data in the described mixing multiway tree is the format input parameter, the binary system byte sign indicating number of operation formatting method, described tactful initial data is converted into the transformat that requesting service can be discerned, and utilizes inference method and legitimacy detection method to carry out the overall situation to the result after the format and handle.
Policy data after step 523, construction of strategy module 222 are handled step 522 is submitted to the tactful buffering area of appointment and is stored, to satisfy the policy data requirement of other interfaces.
Step 524, judge whether the mode of described strategy request is initialization, if then execution in step 56, otherwise, execution in step 515.
Described tactful increment handling process 53 is responsible for the strategy that has extracted being carried out increment handling, to generate optimal transmission formats when handling non-initialization request strategy.Strategy increment handling process 53 comprises:
Step 531, at each policing type of being asked, by the increment strategy generator the pairing former policy data copy of same policy type in new extraction and formative policy data and the tactful data bank in the tactful handling process 52 being carried out with " OK " is the comparison of unit, generates the increment strategy data.The implementation method of described increment strategy generator is existing known technology, and relatively the function that realizes of (diff) and patch (patch) instrument is consistent for the file in its function and the Unix system, herein detailed description no longer.
Step 532, at each policing type of being asked, whether the increment strategy data that determining step 531 is generated less than the threshold value of storage in advance, if, then execution in step 55, adopt the configuration of increment type policy object, otherwise, execution in step 56 adopts complete formula policy object configuration.
It is the configuration of policy object that strategy distribution is given last link before the requesting service, mainly divides three kinds of patterns:
Step 54, the policy data object of being distributed there are not update strategy object configuration, execution in step 57.This step 54 mainly is responsible for the strategy of asking at equipment without any upgrading and the request mode is carried out attribute configuration to the policy object of distribution when being non-initialization, and promptly the attribute of this policy object is no update strategy object.
Step 55, the policy data object of being distributed is carried out increment type policy object configuration, execution in step 57.This step 55 mainly is responsible for renewal being arranged and meeting increment strategy distribution threshold condition and the request mode is carried out attribute configuration to policy object when being non-initialization at the strategy of being asked, and promptly the attribute of this policy object is the increment type policy object.
Step 56, the policy data object of being distributed is carried out the configuration of complete formula policy object, execution in step 57.It is that initialization or be not suitable for is used under the situation of increment strategy distribution mode policy object is carried out attribute configuration that this step 56 mainly is responsible for request mode in strategy request, and promptly the attribute of this policy object is complete formula policy object.
Step 57, the policy object of being distributed returned to the equipment that sends strategy request.
Above-mentioned steps 522 is main by tactful topology data administration module execution.Fig. 6 is the detailed process schematic diagram of tactful topology data administration module execution in step 522.As shown in Figure 6, this detailed process comprises:
Step 601: construction of strategy module 222 is to the format result of tactful format module 231 request strategies, and the mixing multiway tree set up of step 521 is for treating formative content, and specified an empty data buffer zone that is used for the output format result.
Step 602: the element in the described mixing multiway tree root node hash is traveled through, to each to element execution in step successively 603 to step 618.
Step 603: find relevant device self-described information in the mixing multiway tree one-level node area according to device id, export this device descriptive information to the empty data buffer zone of step 601 appointment.
In the present embodiment, the default conventional data expression syntax of described output buffer satisfy following production:
PolicySet::=(PolicyEntity?RN?PolicyRule*)*
PolicyEntity::=PolicyEntityType“:”EntityProperties
EntityProperties::=Properties
PolicyRule::=Ruletitle“:”RuleProperties?RN
RuleProperties::=Properties
Properties::=(Name=Value)[,Name=Value]*
PolicyEntity::=String
Ruletitle::=String
Name::=String
Value::=String
Figure C20051000867600311
Step 604: indicate tactful scale module 232 to select the policing type of the required output of requesting service.
Step 605: to the policing type of needs output execution in step 606 to 617 successively.
Step 606: tactful scale module 232 obtains the policing type of prescribed form, and this form is the example that comprises device type and policing type combination.
Step 607: tactful scale module 232 is a parameter with the device type that step 606 obtains, and seeks the policing type that this device type is supported to tactful factory module 233.
Step 608: tactful factory module 233 is submitted request to policing type access modules 212, the Policy List that acquisition request described request equipment is supported.
Step 609 is to 611: the Policy List that policing type access modules 212 is supported to tactful representation module 213 query requests equipment, and the Policy List that Returning equipment is supported is to tactful factory module 233, and tactful engineering module 233 returns to this Policy List tactful scale module 232 again.
Step 612: whether the policing type that obtains in tactful scale module 232 determining steps 607 is included among the Policy List that step 609 returns, if, then submit request to policing type access modules 212 by tactful factory module 233, the example of the formatting method of the policing type correspondence that acquisition request step 607 is obtained is quoted, i.e. the binary system byte sign indicating number of formatting method.
Step 613 is to 616: policing type access modules 212 is to policing type representation module 213 inquiry, and the binary system byte sign indicating number that returns described policing type formatting method is to tactful factory module 233, and further returns to tactful format module 231.
Step 617: the format binary system byte sign indicating number that tactful format module 231 operations obtain, arrive the buffering area of appointment with the policing type corresponding strategy raw data formatization of mixing in the multiway tree.This formative being input as is mixed the content that the corresponding pointer of policing type points in the multiway tree in the two-level node district, be output as the form of describing in the step 603.More direct a kind of form, processing speed is very fast.
, provide policy management framework and process automation process herein, therefore require formatting method self identification to mix loading system and offer its input parameter owing to mix loading system.Input parameter is generated by tactful extracting method.Mixing loading system provides the interface that articulates different phase in the tactical management, and for example strategy extracts and the format stage, and concrete tactful formatting procedure needs the binary system byte sign indicating number of concrete formatting method to realize.Indicated the general format syntax of output buffer in the step 603, this syntax are succinctly efficient, are fit to machine and people's judgement simultaneously, are the usings method of system default.But the present invention does not require concrete formatting method must force output in this manner, and formatting method can produce the various character expression waies that equipment can Direct Recognition voluntarily.Reasoning and legitimacy testing process also are provided in the step of back, have made that mixing loading system has an opportunity again Final Format to be put in order.
Step 619 is to 621: tactful format module 231 obtains the binary system byte sign indicating number of general inference method and legitimacy detection method from policing type representation module 213 by tactful factory module 233 and policing type access modules 212.
Step 622: tactful format module 231 is input with the content of described buffering area, calls the inference method binary system byte sign indicating number that obtains and carries out the global policies format analysis processing.Special, if this inference method is empty, then system default adds up the content in the aforementioned buffering area in proper order.
Step 623: the result of step 622 as input, is called the binary system byte sign indicating number of legitimacy detection method, data are carried out legitimacy detect.Special, if this legitimacy detection method is empty, then system does not process.
Step 624: tactful format module 231 will return to construction of strategy module 222 through the tactful Final Format that above-mentioned a series of processes dispose.
Above-mentioned part has been done detailed explanation to mixed strategy loading system of the present invention and method, is the deployed environment of mixed strategy loading system of the present invention with the lower part.
Fig. 7 is that the relevant environment schematic diagram is implemented in the deployment of mixed strategy loading system of the present invention.As shown in Figure 7, described mixed strategy loading system is positioned at the policy service system (Mbean) of server end.For the mixed strategy loading system is got into smooth, the member of server end comprises: bottom hardware is work station or server; Internal memory need be more than or equal to 256M; Installation can move the operating system of JAVA virtual machine, and at present the operating system of main flow all can satisfy, on operation JAVA virtual machine, version is greater than 1.4; The centralized management program of JMX standard is supported in operation in the virtual machine, adopts the LeadSec Server of association here; Load policy service MBean code in the configuration file of Server environment, this MBean inside has comprised the code of mixed strategy loading system and tactful communication module.
Belong to the system framework part with top, in server end, also have the code packages relevant to need to dispose with the specific strategy management, these are to use different and content that can replace along with concrete, comprise the XML deployment file that preamble is mentioned, this XML file is the necessary configuration of the present invention, the tactical management example code bag that meets interface standard that relates in the XML file is realized compressed package as device type 1 strategy, and device type 2 strategies are realized compressed package etc.
The equipment of request reception strategy need be arranged in the network that server access can reach in addition, and left part has been described exemplary apparatus among Fig. 7, as firewall box, gateway equipment and other network equipments.The common ground of these equipment the has been built-in tactful communication module that can be connected with server.
Relevant device and strategic server have constituted the applied environment of tactical management jointly.The mixed strategy loading system provides policy management capability therein.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with the people of this technology in the disclosed technical scope of the present invention; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.

Claims (16)

1. a mixed strategy loading system is characterized in that, this system comprises:
Policing type information description file (240), be used to write down the policing type that variety classes equipment can support the policing type descriptor, handle every kind of required extracting method of policing type and the interface message of formatting method and the interface message of strategy being carried out overall processing method;
Tactical management flow definition registering unit (210), system is carried in the internal memory during operation, be used for that policing type descriptor with policing type information description file (240) record is loaded in self and read the descriptor of extracting method, formatting method and the overall processing method of every kind of strategy, the descriptor that reads is loaded in self according to the interface message of described extracting method, formatting method and overall processing method;
Strategic process performance element (220), be used to receive strategy request, from tactical management flow definition registering unit (210), obtain the policing type information of being asked, the descriptor that comprises the extracting method of tactful descriptor and this strategy correspondence, create general policy data managerial structure, and carry out extraction according to the descriptor of extracting method and operate, extract the initial data of institute's request strategy, tactful descriptor and described tactful initial data are inserted on the position of relative strategy in the policy data managerial structure of being created; Also be used for sending the request of processing, receive the result of tactful topology data administrative unit (230), export this result to strategy request side to tactful topology data administrative unit (230);
Strategy topology data administrative unit (230), be used to receive the processing request of strategic process performance element (220), the descriptor of reading format method and overall processing method from tactical management flow definition registering unit (210), according to descriptor the tactful initial data in the described policy data managerial structure is formatd, and the data after the format are carried out the overall situation handle, return result to strategic process performance element (220).
2. the system as claimed in claim 1 is characterized in that, described policing type information description file (240) is for meeting the expandable mark language XML file of predetermined policy type information descriptor format.
3. the system as claimed in claim 1 is characterized in that, described tactical management flow definition registering unit (210) further comprises policing type Registering modules (211), policing type access modules (212) and policing type representation module (213), wherein:
Policing type Registering modules (211) is used for that policing type descriptor with policing type information description file (240) record is loaded in the policing type representation module (213) and reads the descriptor of extracting method, formatting method and the overall processing method of every kind of strategy according to the interface message of described extracting method, formatting method and overall processing method, and the descriptor that reads is loaded in the policing type representation module (213);
Policing type access modules (212) is used for receiving the request of other unit of described mixed strategy loading system, and access strategy type representation module (213), obtains the policy information of being asked, the result who obtains to the unit backward reference of initiating request;
Policing type representation module (213) is arranged in the internal memory of system, be used for the content that reception and conversation strategy type Registering modules (211) are loaded, and the access request of reception policing type access modules (212), to policing type access modules (212) backward reference result.
4. the system as claimed in claim 1 is characterized in that, described strategic process performance element (220) further comprises command interface module (221), construction of strategy module (222) and policy object module (223), wherein:
Command interface module (221) is used to receive strategy request, sends the strategic process enabled instruction to construction of strategy module (222), and receives the final strategy request result that policy object module (223) is returned, and returns this result to the strategy request initiator;
Construction of strategy module (222) is used to receive the strategic process starting command of command interface module (221), from tactical management flow definition registering unit (210), obtain the policing type information of being asked, the descriptor that comprises the extracting method of tactful descriptor and this strategy correspondence, create general policy data managerial structure, and carry out extraction according to the descriptor of extracting method and operate, extract the initial data of institute's request strategy, tactful descriptor and described tactful initial data are inserted on the position of relative strategy in the policy data managerial structure of being created; Also be used for sending the request of processing, receive the result of tactful topology data administrative unit (230), result is sent to policy object module (223) to tactful topology data administrative unit (230);
Policy object module (223) is used for receiving and conversation strategy makes up the result that module (222) sends, and this result is dosed in the policy object in the relative strategy request, and the policy object after will dosing returns to command interface module (221).
5. the system as claimed in claim 1 is characterized in that, described tactful topology data administrative unit (230) further comprises: tactful format module (231), tactful scale module (232), tactful factory module (233), wherein:
Strategy factory's module (233) is used to receive the access request of tactful format module (231) and tactful scale module (232), transmit access request to tactical management flow definition registering unit (210), and receive the visit result who returns, will visit the result and return to tactful format module (231);
Strategy scale module (232) is used to receive the request strategy type of tactful format module (231) input, policing type by registration in tactful factory module (233) the request access strategy management process definition registering unit (210), receive the visit result, and according to the visit result policing type of request is screened, only to the policing type in internal memory, registered descriptor to tactful factory module (233) request formatting method;
After strategy format module (231) is used to receive the processing request of strategic process performance element (220) transmission, send the policing type of being asked to tactful scale module (232), and receive the descriptor of the formatting method that tactful factory module (233) returns, according to this descriptor the tactful initial data in the described policy data managerial structure is formatd, and send the request of the overall processing method descriptor of visit to tactful factory module (233), after receiving the overall processing method descriptor that tactful factory module (233) returns, carry out the overall situation according to the result of this descriptor after and handle, and return final result to strategic process performance element (220) to described format.
6. as each described system of claim 1 to 5, it is characterized in that described policy data managerial structure is based on the mixing multiway tree structure of breathing out western index.
7. system as claimed in claim 6 is characterized in that, the root node district in the described mixing multiway tree structure and one-level node area storage equipment and policing type descriptor, and secondary and secondary are deposited tactful initial data with lower node.
8. as each described system of claim 1 to 5, it is characterized in that described overall processing method further comprises inference method and legitimacy detection method.
9. the method for an implementation strategy management is applicable to centralized manager, it is characterized in that this method comprises:
A, storage policy type information description document in centralized manager in advance; The policing type descriptor of the policing type that record variety classes equipment can be supported in this policing type information description file, every kind of required extracting method of policing type of processing and the interface message of formatting method and the interface message of strategy being carried out overall processing method;
When B, centralized manager startup, the policing type descriptor that writes down in the policing type information description file is loaded in the internal memory and reads the descriptor of extracting method, formatting method and the overall processing method of every kind of strategy, the descriptor that reads is loaded in the internal memory according to the interface message of described extracting method, formatting method and overall processing method;
C, receive the external policy request after, from internal memory, read the descriptor of request designated equipment policing type according to this strategy request, the construction strategy data management structure, and from internal memory the descriptor of fetch policy type extracting method, according to the initial data of this descriptor fetch strategy, and the descriptor and the tactful initial data of described policing type inserted on the correspondence position of the policy data managerial structure of being created;
D, from internal memory the descriptor of the formatting method of fetch policy type correspondence, according to this descriptor the tactful initial data on the described policy data managerial structure is formatd; Read the descriptor of overall processing method from internal memory, the result after according to this descriptor format being handled carries out the overall situation and handles, and the result after the overall situation is handled returns to the initiator of strategy request.
10. method as claimed in claim 9 is characterized in that, among the described step C, after receiving the external policy request, and reads from internal memory before the descriptor of request designated equipment policing type, further comprises:
C1, judge according to the record of the tactful data bank of centralized manager whether the strategy of being asked changes, if, then continue the subsequent operation of execution in step C, otherwise, directly the corresponding identical policy configurations that writes down in the tactful data bank is the more new-type policy object of nothing, and returns to strategy request side.
11. method as claimed in claim 10 is characterized in that, among the described step C1, the detailed process whether strategy that judgement is asked changes comprises:
C11, according to the policy lookup strategy data bank of being asked, but whether this tactful Policy Status that writes down in the determination strategy data bank is issued state, if but be issued state, execution in step C12 then; Otherwise institute's request strategy is change not;
C12, judge whether carry initialization sign in the described strategy request, if then strategy has change; Otherwise, execution in step C13;
Whether the path of the institute's request strategy that writes down in C13, the determination strategy data bank is upgraded, if then strategy has change, otherwise, execution in step C14;
C14, judge current institute request strategy last time the request after whether carried out tactful editing and updating, if then strategy has change; Otherwise strategy does not have change.
12. method as claimed in claim 9 is characterized in that, after step C, before the step D, further comprises:
The policing type of being asked is screened, filter out the policing type that in internal memory, has loaded; And in step D, only from internal memory, read the descriptor of the formatting method of policing type correspondence that filters out, and only the initial data of this policing type is formatd.
13. method as claimed in claim 9 is characterized in that, in step D, the described overall situation returns to before the strategy request initiator after handling, and further comprises:
E, judge whether the mode of described strategy request is initialization, if then overall result is carried out complete formula policy object configuration, and return to strategy request side; Otherwise, execution in step F;
F, judge whether the tactful content in the overall result is upgraded, do not upgrade then overall result is not had more new-type policy object configuration, return overall result to the strategy request initiator again if having; Otherwise, execution in step G;
G, the overall result former policy data copy identical with policing type in the tactful data bank compared, generate the increment strategy data;
Whether the increment strategy data that H, determining step G are generated are less than the threshold value of storing in advance, if, then overall result is carried out the configuration of increment type policy object, and return to the strategy request initiator, otherwise, overall result is carried out complete formula policy object configuration, and return to the strategy request initiator.
14., it is characterized in that described policy data managerial structure is based on the mixing multiway tree structure of breathing out western index as each described method of claim 9 to 13.
15. method as claimed in claim 14 is characterized in that, the root node district in the described mixing multiway tree structure and the descriptor of one-level node area storage equipment and policing type, and secondary and secondary are deposited tactful initial data with lower node.
16., it is characterized in that described overall processing method further comprises inference method and legitimacy detection method as each described method of claim 9 to 13.
CNB2005100086766A 2005-03-01 2005-03-01 Mixed policy loading system and method for realizing policy management Expired - Fee Related CN100411350C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005100086766A CN100411350C (en) 2005-03-01 2005-03-01 Mixed policy loading system and method for realizing policy management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005100086766A CN100411350C (en) 2005-03-01 2005-03-01 Mixed policy loading system and method for realizing policy management

Publications (2)

Publication Number Publication Date
CN1829160A CN1829160A (en) 2006-09-06
CN100411350C true CN100411350C (en) 2008-08-13

Family

ID=36947302

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100086766A Expired - Fee Related CN100411350C (en) 2005-03-01 2005-03-01 Mixed policy loading system and method for realizing policy management

Country Status (1)

Country Link
CN (1) CN100411350C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI496016B (en) * 2013-01-02 2015-08-11 104 Corp Method and system for managing hibrid database

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014085952A1 (en) 2012-12-03 2014-06-12 华为技术有限公司 Policy processing method and network device
CN103974220B (en) * 2013-01-25 2018-02-09 中兴通讯股份有限公司 Strategy generating device and its method of work, strategy generating system and its method of work
CN104734872B (en) * 2013-12-19 2018-02-23 中国科学院沈阳自动化研究所 A kind of industrial backhaul network implementation method and system based on software defined network
CN103746920B (en) * 2014-01-24 2017-03-15 成都卫士通信息产业股份有限公司 A kind of method that data transfer is realized based on gateway
CN109327434B (en) * 2018-09-04 2021-07-30 郑州云海信息技术有限公司 System and method for hybrid management of security policy
CN112541793B (en) * 2020-12-23 2022-04-26 北京五八信息技术有限公司 Information processing method, information processing device and electronic equipment
CN112925648B (en) * 2021-03-25 2024-01-12 支付宝(杭州)信息技术有限公司 Business strategy issuing method and device
CN115221205B (en) * 2022-09-09 2023-01-06 中电科新型智慧城市研究院有限公司 Policy determination method, device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6393474B1 (en) * 1998-12-31 2002-05-21 3Com Corporation Dynamic policy management apparatus and method using active network devices
US20030149591A1 (en) * 2002-02-07 2003-08-07 Alcatel Deploying rules by policy management apparatus as a function of information concerning network equipment
US20040039803A1 (en) * 2002-08-21 2004-02-26 Eddie Law Unified policy-based management system
CN1483270A (en) * 1999-06-10 2004-03-17 �йȲ��� Strategy based network architecture

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6393474B1 (en) * 1998-12-31 2002-05-21 3Com Corporation Dynamic policy management apparatus and method using active network devices
CN1483270A (en) * 1999-06-10 2004-03-17 �йȲ��� Strategy based network architecture
US20030149591A1 (en) * 2002-02-07 2003-08-07 Alcatel Deploying rules by policy management apparatus as a function of information concerning network equipment
US20040039803A1 (en) * 2002-08-21 2004-02-26 Eddie Law Unified policy-based management system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI496016B (en) * 2013-01-02 2015-08-11 104 Corp Method and system for managing hibrid database

Also Published As

Publication number Publication date
CN1829160A (en) 2006-09-06

Similar Documents

Publication Publication Date Title
CN100411350C (en) Mixed policy loading system and method for realizing policy management
US11451398B2 (en) Management of interoperating machine learning algorithms
US11562293B2 (en) Adaptation of machine learning algorithms
US11823017B2 (en) Interoperation of machine learning algorithms
CN110311790B (en) Method and device for sending authenticable message in cross-link mode
US11698818B2 (en) Load balancing of machine learning algorithms
CN108200203B (en) Block chain system based on double-layer network
CN102656557B (en) Automate enterprise-software-development
US20190172057A1 (en) Blockchain-implemented method and system
CN111324571B (en) Container cluster management method, device and system
CN101946258B (en) Model based deployment of computer based business process on dedicated hardware
CN110024422A (en) The name of Internet of Things and block chained record
AU2004200639A1 (en) Integrating design, deployment, and management phases for systems
CN102622227B (en) A kind of device of the component model and element factory for supporting dynamic configuration
CN109948003B (en) Block chain system of isomorphic dual-mode main and auxiliary chains and block production method thereof
CN111931220B (en) Consensus processing method, device, medium and electronic equipment for block chain network
CN103942281A (en) Method and device for operating object persistently stored
US10248686B2 (en) Shared data with relationship information
US20200311051A1 (en) Data linkage management method, data linkage management system, and node
CN114363352A (en) Block chain-based Internet of things system cross-chain interaction method
Bordeaux et al. Using process algebra for web services: Early results and perspectives
CN108228197A (en) A kind of method and apparatus for installing software in the cluster
CN110417742B (en) Method, device and storage medium for cross-link sending, transferring and receiving authenticable message
CN113239255B (en) Heterogeneous data resource sharing method and device, computer equipment and medium
CN116975158B (en) Request processing method, apparatus, computer device and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20080813

Termination date: 20210301

CF01 Termination of patent right due to non-payment of annual fee