Password service dynamic monitoring system based on multi-level and multi-dimensional model
1. A dynamic monitoring system of cipher service based on multi-layer and multi-dimension model is characterized in that,
the password service dynamic monitoring system comprises various levels of password service dynamic monitoring systems, wherein each level of password service dynamic monitoring system is a headquarter level monitoring system, a data center monitoring system and a provincial level monitoring system, and each level of password service dynamic monitoring system respectively comprises a data acquisition module, a management configuration module, a system monitoring module, a system operation and maintenance module, an abnormity alarm module, a database and an information display module;
the headquarter monitoring system is used for monitoring and displaying the running states of the password service systems, the key issuing states, the equipment service states and the key management systems of the data center monitoring system and the provincial level monitoring system in a centralized manner in a video, data and control connection mode. When the equipment gives an alarm, the monitoring alarm acquisition service at the front end transmits the alarm information to a monitoring system display area for remote command processing;
the data center monitoring system is used for collecting the running state information of the provincial level password service system in the jurisdiction range, alarming, uploading data and carrying out system operation and maintenance according to the level of a problem, and receiving remote command and regulation of the headquarter level monitoring system;
the provincial monitoring system is mainly used for collecting operation state information of a provincial password service system, alarming, uploading data, operating and maintaining the system according to the level of a problem, and receiving remote command and regulation of the data center monitoring system.
2. The dynamic cryptographic service monitoring system of claim 1,
the data acquisition module is used for acquiring system logs, a preposed route, database resources, an operation state, a micro-service state and a password resource calling state.
3. The dynamic cryptographic service monitoring system of claim 1,
and the management configuration module is used for configuring monitoring indexes, newly adding a monitoring task according to service requirements, and managing and monitoring the system operation and maintenance module.
4. The dynamic cryptographic service monitoring system of claim 1,
the system monitoring module is used for monitoring the running states and indexes of various services, acquiring monitoring data through the monitoring services, acquiring abnormal information of equipment and services through collecting running diaries of the system and cleaning and analyzing the running diaries, and generating alarm information or operation and maintenance information based on the monitoring data, wherein the abnormal information comprises alarm time, alarm types, alarm levels, alarm states, alarm modules and alarm information.
5. The dynamic cryptographic service monitoring system of claim 1,
and the system operation and maintenance module is used for sending the abnormal information to the operation and maintenance personnel according to the monitoring data and the alarm data, and the operation and maintenance personnel processes the abnormality.
6. The dynamic cryptographic service monitoring system of claim 1,
the abnormity alarm module is used for setting an alarm rule according to alarm equipment, alarm registration, an alarm index, an alarm threshold value and the duration times, judging whether alarm data of different levels need to be generated according to the alarm rule, and storing the alarm data into a database, and the abnormity alarm module supports a multi-dimensional alarm mode combining active alarm and abnormal log alarm.
7. The dynamic cryptographic service monitoring system of claim 1,
the information display module is used for displaying the classified, summarized and organized structured monitoring data, alarm information and operation and maintenance information to a user in a graphical mode, quickly judging the running state and the reason of alarm of the password system, reminding related personnel and timely processing the alarm.
8. The dynamic cryptographic service monitoring system of claim 6, wherein setting alarm rules based on alarm devices, alarm registrations, alarm indicators, alarm thresholds, and durations comprises:
determination of the alarm index IniAlarm threshold VtDuration time TsWeight w ofi;
According to the alarm index IniAlarm threshold VtDuration time TsAnd a weight wiCalculating the alarm value V by calculating a weighted average suma:
When the alarm value V isaGreater than or equal to the set alarm threshold value VtAnd for a number of times TsIs greater than a preset time threshold value T0And then, carrying out system alarm and storing the alarm information into a database.
9. The dynamic cryptographic service monitoring system of claim 4, wherein the obtaining of monitoring data by the monitoring service, the obtaining of anomaly information of devices and services by collecting running diaries of the system, cleaning and analyzing comprises:
determining a service state S of a device or system1Interface state S2CPU utilization S3Memory utilization ratio S4Connection utilization ratio S5;
Determining service state S according to service demand1Weight W of1Interface state S2Weight W of2CPU utilization S3Weight W of3Memory utilization ratio S4Weight W of4Connection utilization ratio S5Weight W of5Judging the priority P and determining the comprehensive operation performance of the equipment or the system;
determining the operation state grade of the equipment or the system according to the comprehensive operation performance, and alarming the equipment or operating and maintaining the equipment;
when the equipment or the system does not influence the normal service operation, alarming processing is carried out; and when the normal operation of the equipment or the system is influenced, alarming, and carrying out operation and maintenance processing.
10. The dynamic cryptographic service monitoring system of claim 9, wherein the priority P is determined by:
wherein, TiwaitWaiting for a task; t isileftFor free time, TirunIs the task runtime.
11. The dynamic cryptographic service monitoring system of claim 9, wherein determining the comprehensive operational performance of a device or system comprises:
determining the comprehensive operational performance of the device or system according to the following formula:
wherein S is the comprehensive operation performance of the equipment or the system, and f (p)1) Priority of service status, f (p)2) Priority of interface state, f (p)3) For CPU utilization S3Priority of f (p)4) For memory utilization S4Priority of f (p)5) For connecting utilization ratio S5The priority of (2).
Background
In order to implement the password policies of the countries and companies, realize centralized and unified construction, management and maintenance of password infrastructure resources, standardize the application of passwords in various service systems, and the national power grid companies develop and construct a unified password service platform. The platform provides software and hardware facilities such as a cipher machine, micro-service and a database for each business system, and is used for supporting cipher services such as digital certificate issuing, user identity authentication, real-name authentication, business data encryption and decryption and the like. In order to ensure the normal operation of various software and hardware devices and services in the password service platform, it becomes important to monitor the operation states of various software and hardware devices and process abnormal information in time.
At present, most monitoring systems mainly adopt manual monitoring to monitor whether equipment and service are normal or not, and after abnormality occurs, operation and maintenance personnel need to go to a background to check error logs to carry out system operation and maintenance. The whole operation and maintenance process has low efficiency and poor operability.
Disclosure of Invention
The embodiment of the disclosure provides a password service dynamic monitoring system based on a multi-level and multi-dimensional model, which is used for at least solving the problems that most monitoring systems in the prior art mainly adopt manual monitoring to determine whether equipment and service are normal or not, and operation and maintenance personnel need to go to a background to check error logs to carry out system operation and maintenance after abnormality occurs. The whole operation and maintenance process has low efficiency and poor operability.
According to an aspect of the embodiments of the present disclosure, there is provided a dynamic password service monitoring system based on a multi-level and multi-dimensional model, including: the password service dynamic monitoring system comprises various levels of password service dynamic monitoring systems, wherein each level of password service dynamic monitoring system is a headquarter level monitoring system, a data center monitoring system and a provincial level monitoring system, and each level of password service dynamic monitoring system respectively comprises a data acquisition module, a management configuration module, a system monitoring module, a system operation and maintenance module, an abnormity alarm module, a database and an information display module; the system comprises a headquarter level monitoring system, a data center monitoring system, a provincial level monitoring system, a front-end monitoring alarm acquisition service and a monitoring system display area, wherein the headquarter level monitoring system is used for monitoring and displaying the running state of a password service system, a key issuing state, an equipment service state and a crypto-control system of the data center monitoring system and the provincial level monitoring system in a centralized manner in real time in a video, data and control connection mode; the data center monitoring system is used for collecting the running state information of the provincial level password service system in the jurisdiction range, alarming, uploading data and carrying out system operation and maintenance according to the level of a problem, and receiving remote command and regulation of the headquarter level monitoring system; the provincial monitoring system is mainly used for collecting operation state information of a provincial password service system, alarming, uploading data, operating and maintaining the system according to the level of a problem, and receiving remote command and regulation of the data center monitoring system.
In the invention, the password service dynamic monitoring system based on the multi-level and multi-dimensional model can dynamically monitor the running states of the password service system and software and hardware equipment, discover abnormal information in time and give an alarm, and help operation and maintenance personnel diagnose and resolve alarm information by adopting a visual interface, thereby reducing the workload of the operation and maintenance personnel of the uniform password service platform, improving the operation and maintenance working efficiency and reducing the complexity of system operation and maintenance.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the disclosure and together with the description serve to explain the disclosure and not to limit the disclosure. In the drawings:
FIG. 1 is a schematic diagram of a monitoring model for implementing a multi-level and multi-dimensional cryptographic service according to an embodiment of the disclosure;
FIG. 2 is a diagram of the logical architecture of a dynamic monitoring system for cryptographic services at various levels according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of a dynamic monitoring method for cryptographic services based on a multi-level and multi-dimensional model according to an embodiment of the disclosure.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.
Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
According to the embodiment, a dynamic password service monitoring system with a multi-level and multi-dimensional model is provided. The password service dynamic monitoring system comprises various levels of password service dynamic monitoring systems, wherein each level of password service dynamic monitoring system is a headquarter level monitoring system, a data center monitoring system and a provincial level monitoring system, and each level of password service dynamic monitoring system respectively comprises a data acquisition module, a management configuration module, a system monitoring module, a system operation and maintenance module, an abnormity alarm module, a database and an information display module; the system comprises a headquarter level monitoring system, a data center monitoring system, a provincial level monitoring system, a front-end monitoring alarm acquisition service and a monitoring system display area, wherein the headquarter level monitoring system is used for monitoring and displaying the running state of a password service system, a key issuing state, an equipment service state and a crypto-control system of the data center monitoring system and the provincial level monitoring system in a centralized manner in real time in a video, data and control connection mode; the data center monitoring system is used for collecting the running state information of the provincial level password service system in the jurisdiction range, alarming, uploading data and carrying out system operation and maintenance according to the level of a problem, and receiving remote command and regulation of the headquarter level monitoring system; the provincial monitoring system is mainly used for collecting operation state information of a provincial password service system, alarming, uploading data, operating and maintaining the system according to the level of a problem, and receiving remote command and regulation of the data center monitoring system.
For example, referring to fig. 1, the dynamic password service monitoring system mainly comprises a headquarters level monitoring system, a data center monitoring system (shanghai, beijing, xi' an) and a provincial level monitoring system. The dynamic monitoring system for each level of password service mainly comprises functional modules of data acquisition, management configuration, data monitoring, abnormity alarming, system operation and maintenance, information display and the like.
The dynamic monitoring system for the headquarter-level password service is mainly used for carrying out centralized display and command control on the password service states of all levels, and carrying out centralized monitoring and real-time display on the operation states, the key issuing states, the equipment service states, the operation states of the password service systems of the data centers of three places and other provinces and companies through video, data and control connection modes. When the equipment gives an alarm, the monitoring alarm acquisition service at the front end can accurately transmit alarm information (images) to a display area of a monitoring system, and leaders and experts can remotely command and process the alarm information.
The data center monitoring system is mainly used for collecting information such as the running state of the provincial level password service system in the jurisdiction range, alarming according to the level of the problem, uploading data, maintaining the system operation and receiving remote command and regulation of the headquarter level password service dynamic monitoring system.
The provincial monitoring system is mainly used for collecting information such as the running state of the provincial password service system, alarming according to the level of a problem, uploading data, carrying out system operation and maintenance, and receiving remote command and regulation of the dynamic password service monitoring system of the headquarter level and the third-place data center level.
Referring to fig. 2, fig. 2 is a logic architecture of a dynamic monitoring system for cryptographic services at different levels. The dynamic monitoring system for each level of password service mainly comprises functional modules of data acquisition, management configuration, data monitoring, abnormity alarming, system operation and maintenance, information display and the like.
The data acquisition module is mainly used for acquiring information such as system logs, preposed routes, database resources, running states, micro-service states, password resource calling states and the like.
The management configuration module is mainly used for configuring monitoring indexes, newly adding monitoring tasks according to service requirements, managing and monitoring operation and maintenance systems and the like.
The system monitoring module is mainly used for monitoring the running states and indexes of various services from different sources and acquiring abnormal information of equipment and services by monitoring the services; by collecting the operation diary of the system, after cleaning and analyzing, obtaining abnormal information therein, such as: alarm time, alarm type, alarm level, alarm state, alarm module, alarm detail information and the like, and alarm information or operation and maintenance information is generated based on the monitoring data.
The system operation and maintenance module is mainly used for pushing the monitoring data and the alarm data to operation and maintenance personnel through a popup window and the like, and the operation and maintenance personnel handle the abnormity.
The abnormity alarm module is mainly used for setting an alarm rule according to alarm equipment, alarm registration, an alarm index, an alarm threshold value and the duration times, judging whether alarm data of different levels need to be generated according to the alarm rule, and storing the alarm data in a database. The abnormity alarm module supports a multi-dimensional alarm mode combining active alarm and abnormity log alarm.
The database is mainly used for storing information such as monitoring data, alarm data and operation and maintenance data in a classified mode.
The information display module is mainly used for displaying the classified, summarized and sorted structural monitoring data, alarm information, operation and maintenance information and the like to a user in a graphical mode, quickly diagnosing the running state and the alarm reason of the password system, reminding related personnel and timely processing the alarm.
Referring to fig. 3, fig. 3 is a dynamic monitoring method for cryptographic services based on a multi-level and multi-dimensional model. The password service dynamic monitoring method based on the multi-level and multi-dimensional model mainly comprises the steps of configuring monitoring strategies of all levels of password service monitoring systems, collecting all operating data of a unified password service platform, carrying out monitoring analysis, finding problems in time, giving an alarm, notifying operation and maintenance personnel of alarm information, helping the operation and maintenance personnel to quickly locate and solve the problems, and the steps comprise monitoring strategy configuration, alarm rule formulation, data collection, data monitoring, abnormal alarm, system operation and maintenance, information display and the like.
The monitoring strategy is configured to be a headquarter level monitoring system, a three-place data center monitoring system and a provincial level monitoring system for monitoring the state of the password service in a multi-level and multi-dimension mode. The headquarter service dynamic monitoring system performs centralized display and command control on the state of each level of password service; the third place data center monitoring system collects and monitors the provincial-level password service monitoring system, uploads the monitoring data to the headquarter-level monitoring system and receives command control of the headquarter level; the provincial monitoring system uploads monitoring data to the three-place data center and receives command control of the headquarter level, the data center and the like. And each level of monitoring system mainly monitors the running states of the cipher machine, the preposed router, the microservice, the database and the cipher resource according to the cipher service requirement, and increases and decreases the monitoring service according to the actual service.
The alarm rule making process comprises the following steps: firstly, determining an alarm parameter, namely an alarm index IniAlarm threshold VtDuration time TsDetermining the weight w of each parameter according to the actual service requirementiCalculating the alarm value V by calculating a weighted average sumaAnd setting an alarm rule. When V isaGreater than or equal to the set alarm threshold value VtAnd for a number of times TsIs greater than a preset time threshold value T0And then, carrying out system alarm and storing the alarm information into a system database.
The alarm value calculating method comprises the following steps:
the data acquisition process comprises the following steps: the monitoring system periodically and actively acquires monitoring data such as the cipher machine, the preposed route, the micro-service, the database, the running state of the cipher resource and the like through an interface mode and stores the monitoring data into the database.
The monitoring analysis acquires abnormal information of equipment and service through monitoring service, or acquires the abnormal information of the equipment and service through collecting running diary of the system after cleaning and analysis. The specific process is as follows: the monitoring system obtains the service state S of the equipment or system such as the cipher machine, the preposed route, the micro service, the database, the cipher resource and the like1Interface state S2CPU utilization S3Memory utilization ratio S4Connection utilization ratio S5After waiting for the performance data, determining the weight W of each parameter according to the service requirement, judging the priority P, and calculating the priority of each parameter according to the weight sum of each parameterAnd calculating the comprehensive operation performance of the equipment or the system according to the priority, determining the running state grade of the equipment or the system according to the comprehensive performance, and alarming or operating and maintaining the equipment. When the equipment or the system does not influence the normal service operation, only the alarm processing is carried out on the equipment or the system; and when the normal operation of the equipment or the system is influenced, alarming, and carrying out operation and maintenance processing.
The priority P needs to be determined according to the urgency of the monitoring task, the shorter the waiting time of the monitoring task is, the higher the priority is, and the calculation method is
In the formula, TiwaitWaiting for a task; t isileftFor free time, TirunIs the task runtime.
The comprehensive operation performance calculation method comprises the following steps:
the system operation and maintenance process comprises the following steps: all the abnormalities are pushed to operation and maintenance personnel in a mode of popup window and the like, and the operation and maintenance personnel process the abnormalities; all operation and maintenance data need to be stored in the database on time.
The information display process comprises the following steps: after the information display module performs data processing, structured monitoring data, alarm information, operation and maintenance information and the like after classification, collection and arrangement are displayed to a user in a graphical mode, the running state and the alarm reason of the password system are diagnosed rapidly, related personnel are reminded, and alarm is processed in time.
Therefore, the password service dynamic monitoring system based on the multi-level multi-dimensional model can dynamically monitor the running states of the password service system and software and hardware equipment, find abnormal information in time and give an alarm, and help operation and maintenance personnel diagnose and resolve alarm information by adopting a visual interface, so that the workload of the operation and maintenance personnel of the unified password service platform is reduced, the operation and maintenance working efficiency is improved, and the complexity of system operation and maintenance is reduced.
Optionally, the data acquisition module is configured to acquire a system log, a pre-routing, a database resource and running state, a micro-service state, and a password resource calling state.
Optionally, the management configuration module is configured to configure a monitoring index, add a monitoring task according to a service requirement, and manage and monitor the system operation and maintenance module.
Optionally, the system monitoring module is configured to monitor operation states and indexes of multiple services, obtain monitoring data through the monitoring services, obtain abnormal information of the device and the services through collecting an operation diary of the system and through cleaning and analysis, generate alarm information or operation and maintenance information based on the monitoring data, where the abnormal information includes alarm time, alarm type, alarm level, alarm state, alarm module, and alarm information. And the system operation and maintenance module is used for sending the abnormal information to the operation and maintenance personnel according to the monitoring data and the alarm data, and the operation and maintenance personnel processes the abnormality.
Optionally, the abnormal alarm module is configured to set an alarm rule according to the alarm device, the alarm registration, the alarm index, the alarm threshold and the duration, determine whether to generate alarm data of different levels according to the alarm rule, and store the alarm data in a database, and the abnormal alarm module supports a multidimensional alarm mode combining active alarm and abnormal log alarm.
Optionally, the information display module is configured to display the classified, summarized and organized structured monitoring data, alarm information and operation and maintenance information to a user in a graphical manner, quickly determine an operation state and an alarm reason of the password system, remind related personnel, and timely process an alarm.
Optionally, setting an alarm rule according to the alarm device, the alarm registration, the alarm index, the alarm threshold, and the number of times of continuation, including: determination of the alarm index IniAlarm threshold VtDuration time TsWeight w ofi(ii) a According to the alarm index IniAlarm threshold VtDuration time TsAnd a weight wiCalculating the alarm value V by calculating a weighted average suma:
When the alarm value V isaGreater than or equal to the set alarm threshold value VtAnd for a number of times TsIs greater than a preset time threshold value T0And then, carrying out system alarm and storing the alarm information into a database.
Optionally, the acquiring monitoring data through the monitoring service, and the acquiring abnormal information of the device and the service through collecting the running diary of the system and cleaning and analyzing includes: determining a service state S of a device or system1Interface state S2CPU utilization S3Memory utilization ratio S4Connection utilization ratio S5(ii) a Determining service state S according to service demand1Weight W of1Interface state S2Weight W of2CPU utilization S3Weight W of3Memory utilization ratio S4Weight W of4Connection utilization ratio S5Weight W of5Judging the priority P and determining the comprehensive operation performance of the equipment or the system; determining the operation state grade of the equipment or the system according to the comprehensive operation performance, and alarming the equipment or operating and maintaining the equipment; when the equipment or the system does not influence the normal service operation, alarming processing is carried out; and when the normal operation of the equipment or the system is influenced, alarming, and carrying out operation and maintenance processing.
Optionally, the calculation method for determining the priority P includes:
wherein, TiwaitWaiting for a task; t isileftFor free time, TirunIs the task runtime.
Optionally, determining the comprehensive operational performance of the device or system includes:
determining the comprehensive operational performance of the device or system according to the following formula:
wherein S is the comprehensive operation performance of the equipment or the system, and f (p)1) Priority of service status, f (p)2) Priority of interface state, f (p)3) For CPU utilization S3Priority of f (p)4) For memory utilization S4Priority of f (p)5) For connecting utilization ratio S5The priority of (2).
Therefore, the password service dynamic monitoring system based on the multi-level multi-dimensional model can dynamically monitor the running states of the password service system and software and hardware equipment, find abnormal information in time and give an alarm, and help operation and maintenance personnel diagnose and resolve alarm information by adopting a visual interface, so that the workload of the operation and maintenance personnel of the unified password service platform is reduced, the operation and maintenance working efficiency is improved, and the complexity of system operation and maintenance is reduced.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The scheme in the embodiment of the application can be implemented by adopting various computer languages, such as object-oriented programming language Java and transliterated scripting language JavaScript.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
