Shulou(Shulou.com)06/03 Report--

1. Management Challenge of Operation and maintenance in Ping an City

   Ping an City is a complex network system composed of all kinds of software and hardware, and video service is its core business. A large number of video image information acquisition, transmission, processing equipment and application software systems are deployed in the Ping an city network. These equipment and application software systems not only meet the diversified needs of public security management, urban management, traffic management and emergency command, but also put forward new requirements and challenges to operation and maintenance management.

The challenges faced by the operation and maintenance management of    Ping an City are shown in figure 1.

   aims at the operation and maintenance management challenges of Ping an City. The function and scope definition of Ping an City Operation and maintenance Management system (hereinafter referred to as Operation and maintenance Management system) is shown in figure 2.

   is different from the operation and maintenance management system of telecommunication network and computer network, the management unit managed by the operation and maintenance management system of Ping an City is more diversified and complicated, and it focuses on providing multi-level value for users in function.

Figure 3 of    takes a typical Ping an city project built by Suzhou Koda as an example to describe the relationship between the operation and maintenance management system and various management units in Ping an city.

two。 Thoughts on the Management of Operation and maintenance in Ping an City

   We divide the management units involved in the operation and maintenance management system into two categories: one is equipment, including general equipment, video image information acquisition equipment, and the other is application software system, including video image information application system, video surveillance platform, video library and other software systems.

For the operation and maintenance management of equipment,    can fully refer to the operation and maintenance management standards and practices in telecommunications and other engineering fields, which will not be repeated in this article.

   is a new topic for the operation and maintenance management of application software systems, and the main problems are as follows:

1. The construction period of the Ping an City project is long, and the continuously purchased application software is provided by different manufacturers, with great differences: not only in the technical architecture (for example, some software is monothetic design, some software is service-oriented design), but also in the external interface (the lack of corresponding standard constraints is the main reason).

two。 The application software system in Ping an City can provide the value that users pay attention to (such as data collection, statistics, analysis, etc.). These values need to be reflected in the operation and maintenance management system to provide a better user experience.

3. Avoid "repeating the wheel". For the diagnostic testing, statistical analysis and other functions already provided by the application software system in Ping an City, the operation and maintenance management system should try its best to refer to these functions rather than redevelop them.

3. Ping an City Operation and maintenance Management structure 3.1. Logical structure

   in view of the challenges faced by the operation and maintenance management of the application software system, we first abstract the application software system logically:

   abstracts the application software system as a container of software services, expressed as S = {applications}: s as an application software system, and represents the software services that can be provided by the software system S.

   defines the abstraction of a software service as a triple, then the operation provided by the software service is represented by o, the data provided by the software service is represented by d, and the interactive interface provided by the software service is represented by I.

After the above logic abstraction, the operation and maintenance management of the application software system is transformed into the operation and maintenance management system for each   .

According to the definition of functional scope in figure 2 and the practical experience in Ping an urban construction,    is classified into the following categories of services:

Remote diagnosis and test operation services: the application software systems in Ping an City, some of which are independent equipment management systems, can provide a series of remote diagnosis and remote testing functions for equipment. These functions are extracted and packaged as software services to provide to the operation and maintenance management system, which is convenient for users to implement one-stop remote diagnosis and testing functions for various types of equipment in the operation and maintenance management system. Data statistics display services: application software systems in Ping an City, some provide complete data statistics, mining, display functions (such as commonly used report systems). These data charts full of analytical value can be extracted and provided to the operation and maintenance management system as a data display service. It is convenient for users to switch among all kinds of data reports in the operation and maintenance management system. Data export services: application software systems in Ping an City, some of which include data warehouses. Build a data export service to export the data from these data warehouses to the operation and maintenance management system, which is convenient for users to comprehensively analyze the multi-domain data in the operation and maintenance management system.

In addition to the above three main types of services,    also has some general software services, such as system status, exception information reporting, service governance and so on. The management of these general software services can refer to the operation and maintenance management ideas of the micro service architecture system, which will not be discussed in depth in this paper. 3.2. Software architecture

For the convenience of description, the software systems involved in this paper are all    S architecture.

There are a large number of application software systems that have been in service for many years in    Ping an City, and the software services needed by the operation and maintenance management system depend on these legacy application software systems. Obviously, it is not advisable to provide software services through substantial transformation of legacy application software systems. Following the "open-close" principle of software design, for these application software systems, we extract and package the software services that the system can provide to the operation and maintenance management system, and add Microgateway (Micro Gateway) as a bridge between the application software system and the operation and maintenance management system (do you think of the northbound interface of the telecom network management system for a moment) to provide software services for the operation and maintenance management system The overall software architecture of Ping an City Operation and maintenance Management is shown in figure 4.

The architecture in figure 4 of    is a typical micro-service architecture (portal is like apigateway, operation and maintenance management system and application software systems are like micro-services, and some other components (such as service registration) are omitted. According to figure 4, let's sort out the user's operation flow:

1. Users enter the portal page through the portal of Ping an City, use SSO (single point of login) to log in to the Unified Authorization Server (authorization server) in Ping an City for authentication, and obtain an access token (access token).

two。 The user jumps from the portal page to the operation and maintenance management system and carries the access token in the redirect request.

3. The operation and maintenance management system verifies the access token to determine the identity of the user and returns to the operation page.

4. Users consume target application software system software services in the operation and maintenance management system. The operation request carries an access token and is sent to the Microgateway corresponding to the destination application software system.

   5. Microgateway verifies the access token to determine the identity of the user, selects the corresponding service route according to the request, invokes the corresponding service of the destination application software system, and returns the call result to the operation and maintenance management system.

3.2.1. About system security

   system security is an eternal topic in software design. In Ping an City, we have designed a unified authorization server. If PKI (Public Key Infrastructure) has been built in Ping an City, the authorization server should make full use of the existing PKI. At the same time, as a SSO server, it supports OAuth3 protocol. Users can log in from portal, operation and maintenance management system and other application software systems to verify and obtain access tokens issued by the authorization server. Access tokens are recommended to use the JWT (Java Web Token) format to authenticate when calling between services on the system.

   if JWT uses a signature method, such as "RS256", each system (service) in Ping an City needs to apply to the Unified Authorization Server for a public key certificate to verify the signature.

What    needs to note is that JWT has a time limit, and each system (service) needs to reapply for the expiration of JWT.

   access control for system resources, if there is a built PMI (Privilege Management Infrastructure), the existing PMI should be given priority for access control. When using JWT to represent the authentication result, you can carry part of the PMI attribute certificate (such as the group and role to which the user belongs) in the payload of the JWT. The advantage of this approach is that the process of obtaining the user attribute certificate from the PMI platform to be implemented by the access control system is omitted The efficiency is improved, but it is not appropriate to use this method if the users' groups and roles change frequently in the system. If there is no available PMI, each system needs to build its own access control system. For access requests with access tokens, each system can use its own access control system to identify users for access control.

   from the perspective of system consistency, I strongly recommend the establishment of a unified PKI/PMI system in Ping an City to achieve the goal of unified authentication, authorization and authentication, and provide a perfect user experience.

3.2.2. About Microgateway

Take a look at the definition of    Microgateway. CA Company of the United States defines Microgateway as follows:

   CA Microgateway is a lightweight, containerized gateway, designed to scale within highly decentralized environments. It supports common microservices patterns by providing service-discovery, routing, rate-limiting and last-mile security, and is easily deployable and configurable by developers at design time using provided policy templates.

As can be seen from the definition of   , Microgateway can be regarded as a local gateway to solve the "last kilometer" problem. Microgateway also provides flexible and configurable templates for users to use at design time, and users can modify the configuration data of the template at run time so that Microgateway can achieve new functions without code modification and recompilation and deployment.

The application software in    Ping an City is provided by different manufacturers, and the update and upgrade of the application software may lead to changes in the interface provided. If the operation and maintenance management system modifies the interface changes caused by each update of the application software, then the workload is huge. Microgateway can encapsulate this change in Microgateway through flexible and configurable policy templates.

   for example, for the database of the application software system, Microgateway provides the Restful query interface to the operation and maintenance management system, and queries the corresponding data of the database of the application software system. You can write a database query template in Microgateway, set the database tables and fields to be queried, and the URI of the Restful interface and return data format in the template configuration file. When the operation and maintenance management system needs to add query interfaces, you only need to add the corresponding entries in the template configuration file; when the database of the application system changes (such as table fields change), modify the corresponding fields in the template configuration file. The template configuration file makes the operation and maintenance management system unaware of the interface changes of the managed application software system.

   aims at the HTTP interface of the application software system. Microgateway can also write a routing template, set the routing rules for HTTP requests in the template configuration file, and route the requests from the operation and maintenance management system to the software services provided by the application software system according to the routing rules (is it a bit like the zuul of spring cloud).

   should note that Microgateway is not the flexible extension implemented by silverbullet,Microgateway but also based on constraints, which are used to guide the design of templates.

4. Sample DEMO

   this section introduces a sample DEMO that simulates the operations management architecture mentioned in section 3. The code of the DEMO is stored at: https://github.com/solarkai/IomsSimu/. System security is not involved in this example (it will be made up later).

   this DEMO simulates an operation and maintenance management system, a report service in a traffic control platform and a Microgateway for the report service.

The report service in    simulation traffic control platform is written in spring-boot framework, which provides a Restful interface to provide simple report data (data format is JSON format).

The Microgateway of the    report service is written in Node.js and Express frameworks, and a HTTP routing template is defined using "http-proxy-middleware" middleware to handle operation requests from the operation and maintenance management system. The configuration file of the route template is defined by the gateway.json file, and an example of the content is as follows:

{"gatewayList": [{"path": "/ chart1", "method": "get", "proxy": {"target": "http://127.0.0.1:8082"," pathRewrite ": {" ^ / reports/chart1 ":" / loadChart1 "}}]}

   Microgateway provides a report display page, and the data comes from the report service in the simulation traffic control platform. Figure 5 is the report display page.

   simulated operation and maintenance management system is written in Node.js and Express framework. The application software system management interface of the simulation operation and maintenance management system of the operation and maintenance management module is like this.

   simulates the operation and maintenance management system, which can configure the software service information provided by Microgateway and consume these software services. Figure 7 shows the consumption of the reporting services provided by Microgateway.

5. Summary

   safe city system has diversity and complexity, which puts forward high requirements for operation and maintenance management. In this paper, according to the characteristics of Ping an city system, the operation and maintenance software architecture of Ping an city is designed for the operation and maintenance management of application software system in Ping an city, and an example of DEMO is given. The software architecture emphasizes the role of Microgateway to realize the flexible expansion of operation and maintenance management.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.