[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2020057163A1 - Mec平台部署方法及装置 - Google Patents

Mec平台部署方法及装置 Download PDF

Info

Publication number
WO2020057163A1
WO2020057163A1 PCT/CN2019/087776 CN2019087776W WO2020057163A1 WO 2020057163 A1 WO2020057163 A1 WO 2020057163A1 CN 2019087776 W CN2019087776 W CN 2019087776W WO 2020057163 A1 WO2020057163 A1 WO 2020057163A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
mec platform
authentication
software
policy
Prior art date
Application number
PCT/CN2019/087776
Other languages
English (en)
French (fr)
Inventor
周艳
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP19861838.1A priority Critical patent/EP3846522A4/en
Publication of WO2020057163A1 publication Critical patent/WO2020057163A1/zh
Priority to US17/207,232 priority patent/US12149519B2/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/51Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP for resellers, retailers or service providers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/80Rating or billing plans; Tariff determination aspects
    • H04M15/8044Least cost routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/60Subscription-based services using application servers or record carriers, e.g. SIM application toolkits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/24Connectivity information management, e.g. connectivity discovery or connectivity update
    • H04W40/248Connectivity information update
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a method and device for deploying multi-access edge computing (Multi-Access Edge Computing, MEC).
  • MEC Multi-Access Edge Computing
  • MEC deploys application, content, and core business processing and resource scheduling functions to the edge of the network near the access side, making content and services closer to users, increasing mobile network speeds, reducing latency, and improving connection reliability.
  • MEC platforms are mainly constructed by operators.
  • the operator's exclusive construction of the MEC platform has the following problems: (1) If the operator uniformly constructs MEC nodes for multiple users, that is, the MEC node is reused by multiple users, because the number of users connected to the MEC node is large, The number of forwarding routing tables is also large, resulting in increased delay in querying the forwarding routing table. In addition, since the MEC node is connected to multiple users, once the MEC node is changed, the services of multiple users will be affected. (2) If the operator builds different MEC nodes for different vendors, because the operator's existing network room space is limited and more servers cannot be deployed, the operator needs to invest a lot of funds to build new sites, which increases the operator Operating costs.
  • MEC platform Because operators have many problems with the exclusive construction of the MEC platform, operators need to cooperate with third parties such as virtual operators, enterprises, and service providers to build MEC platforms in their respective network environments to integrate the edge computing of the operator's network. Extend to third-party network environments. However, at present, the deployment of the MEC platform requires manual configuration by the user, and the configuration process is cumbersome. This makes it difficult for multiple parties to build a MEC platform.
  • This application provides a method and device for deploying a MEC platform, which are used to implement rapid deployment of the MEC platform, so as to facilitate the implementation of a multi-party co-construction MEC platform solution.
  • a method for deploying a MEC platform includes: a server initiates an authentication process to a cloud server through a characteristic root device, and the characteristic root device stores a user's digital certificate and first authentication information in advance; MEC platform components, MEC platform components include local user plane functions LUPF software and / or application agent APP agent software; thereafter, the server uses LUPF software to execute edge policies, which include offloading policies and / or charging policies; and / or, The server uses APP agent software to implement service management for local applications.
  • the server after the server inserts the characteristic root device, the server automatically initiates an authentication process, and after the authentication is passed, the server automatically installs the MEC platform component and uses the MEC platform component. In this way, the plug-and-play deployment of the MEC platform on the server is realized, which is conducive to the implementation of the MEC platform solution for multiple parties.
  • the server initiates an authentication process to the cloud server through the characteristic root device, which includes: the server obtains the first authentication information from the characteristic root device; the server sends the first authentication information to the cloud server; and the server receives the first Second authentication information; the server uses the user's digital certificate to encrypt the second authentication information; the server sends the encrypted second authentication information to the cloud server; the server receives the authentication result sent by the cloud server, and the authentication result is that the authentication is passed or failed In this way, the cloud server can determine whether the server is a trusted node through the authentication process to avoid untrusted nodes from affecting the security of the operator's network.
  • the method further includes: after the authentication is passed, the server receives a session token sent by the cloud server, and the session token is used to identify the cloud server and the server. Session between servers. In this way, in the subsequent information interaction process, the information sent by the server to the cloud server carries the session token, so that the cloud server can know that the information is sent by the server.
  • the method before the server installs the MEC platform component, the method further includes: when the characteristic root device stores the image file of the MEC platform component in advance, the server obtains the image file of the MEC platform component from the characteristic root device; or, The server obtains the image file of the MEC platform components from the cloud server.
  • the method before the server executes the edge policy using LUPF software, the method further includes: when the characteristic root device stores the edge policy in advance, the server obtains the edge policy from the characteristic root device; or the server obtains the edge from the cloud server Strategy.
  • the server uses LUPF software to execute the edge policy, including: when the characteristic root device stores the policy authorization information in advance, the server uses LUPF software to execute the edge policy, and the policy authorization information is used to indicate that the LPUF software has the execution edge policy permission.
  • the server cannot use LUPF software to execute the edge policy. That is, whether a MEC server deployed by a third party can use LUPF software to execute an edge policy depends on whether policy authorization information is stored in the characteristic root device. Operators can control whether a MEC server deployed by a third party can use LUPF software to implement edge policies through the characteristic root device.
  • the server uses APP agent software to implement service management for local applications, including: the server uses APP agent software to register services provided by the local application with the service management center. In this way, the local application can provide corresponding services to the terminal.
  • the above server uses APP agent software to implement service management for local applications, including: if the APP agent software detects an abnormality in the process of the local application, the server uses APP agent software to send service status information to the service management center, The service status information is used to notify the service management center that the service provided by the local application is unavailable. In this way, after learning that the services provided by the local application are unavailable, the service management center updates the network-side distribution rules to block the traffic to the local application where the process is abnormal, thereby avoiding invalid access by the terminal.
  • a MEC platform deployment device including: an authentication module for initiating an authentication process to a cloud server through a characteristic root device, and the characteristic root device stores a user's digital certificate and first authentication information in advance.
  • the installation module is used to install a MEC platform component after the authentication is passed.
  • the MEC platform component includes a local user plane function LUPF software and / or an application agent APP agent software.
  • An enabling module is used to execute an edge policy using LUPF software.
  • the edge policy includes a traffic distribution policy and / or a charging policy; and / or, an APP agent software is used to implement service management for local applications.
  • the authentication module is configured to initiate an authentication process to the cloud server through the characteristic root device, including the following steps: obtaining the first authentication information from the characteristic root device; sending the first authentication information to the cloud server; receiving the cloud server sending Encrypting the second authentication information with the user's digital certificate; sending the encrypted second authentication information to the cloud server; receiving the authentication result sent by the cloud server, and the authentication result is that the authentication is passed or failed.
  • the authentication module is further configured to receive a session token sent by the cloud server after the authentication is passed, and the session token is used to identify a session between the cloud server and the server.
  • the installation module is further configured to obtain the image file of the MEC platform component from the characteristic root device when the characteristic root device stores the image file of the MEC platform component in advance; or, obtain the MEC platform component from the cloud server. Image file.
  • the enabling module is further configured to obtain the edge policy from the feature root device when the feature root device stores the edge policy in advance; or obtain the edge policy from the cloud server.
  • the enabling module is used to execute the edge policy using LUPF software, which includes: when the characteristic root device stores policy authorization information in advance, using LUPF software to execute the edge policy, and the policy authorization information is used to indicate that the LPUF software Permission to execute edge policies.
  • an enabling module is used to implement service management of local applications using APP agent software, including: using APP agent software to register services provided by the local application with the service management center.
  • an enable module is used to implement service management of the local application using the APP agent software, including: if the APP agent software detects an abnormality in the process of the local application, the APP agent software is used to send the service to the service management center Status information, service status information is used to notify the service management center that the services provided by the local application are unavailable.
  • a server including: a communication interface, a processor, and a memory, where the memory is used to store computer execution instructions, and when the server is running, the processor executes the computer execution instructions stored in the memory, so that the server Perform the MEC platform deployment method described in any one of the first aspects.
  • a computer-readable storage medium stores instructions that, when run on a computer, enable the computer to perform the deployment of the MEC platform according to any one of the first aspects. method.
  • a computer program product containing instructions which, when run on a computer, enables the computer to execute the method of deploying the MEC platform according to any one of the first aspects.
  • a chip system includes a processor for supporting a server to implement the functions of the MEC platform deployment method according to any one of the first aspects.
  • the chip system further includes a memory, and the memory is used to store program instructions and data necessary for the server.
  • the chip system can be composed of chips, and can also include chips and other discrete devices.
  • the technical effects brought by any one of the design methods in the second aspect to the sixth aspect may refer to the technical effects brought by the different design methods in the first aspect, and are not repeated here.
  • FIG. 1 is a schematic structural diagram of a MEC system according to an embodiment of the present application.
  • FIG. 2 is a schematic structural diagram of a server according to an embodiment of the present application.
  • FIG. 3 is a schematic diagram of a software architecture of a MEC server according to an embodiment of the present application.
  • FIG. 4 is a schematic structural diagram of a characteristic root device according to an embodiment of the present application.
  • FIG. 5 is a flowchart of a method for configuring a characteristic root device according to an embodiment of the present application
  • FIG. 6 is a flowchart of a MEC platform deployment method according to an embodiment of the present application.
  • FIG. 7 is a flowchart of an authentication method according to an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of a MEC platform deployment device according to an embodiment of the present application.
  • a and / or B can mean: A exists alone, A and B exist simultaneously, and There are three cases of B.
  • the network architecture and service scenarios described in the embodiments of the present application are intended to more clearly illustrate the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided in the embodiments of the present application. Those of ordinary skill in the art may know that The evolution of the architecture and the emergence of new business scenarios. The technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.
  • the technical solutions provided in the embodiments of the present application may be applied to a wireless communication system, and the wireless communication system may be a Long Term Evolution (LTE) system, an LTE-Advanced (LTE-A) system, a 5G system, or Other communication systems in the future.
  • LTE Long Term Evolution
  • LTE-A LTE-Advanced
  • 5G 5th Generation
  • the technical solutions provided in the embodiments of the present application are applicable to mass machine type (Communication, mMTC) scenarios, and ultra-reliable and low-latency communication (uRLLC) scenarios.
  • mMTC mass machine type
  • uRLLC ultra-reliable and low-latency communication
  • FIG. 1 it is a schematic architecture diagram of a MEC system according to an embodiment of the present application.
  • the MEC server is deployed between the radio access network and the core network.
  • the MEC server is the server on which the MEC platform is deployed and managed by the MEC platform.
  • the MEC server can connect to cloud data centers and other networks, such as corporate networks. Therefore, the MEC server uses the wireless access network to provide services and cloud computing functions for the terminals nearby.
  • the MEC server may be established by an operator, an enterprise, a virtual operator, or a service provider.
  • the terminal may be various handheld devices, communication devices, wearable devices, computers, and network devices with communication functions.
  • the handheld device may be a smartphone.
  • the vehicle-mounted device may be a vehicle-mounted navigation system.
  • the wearable device may be a smart bracelet.
  • the computer may be a personal digital assistant (PDA) computer, a tablet computer, and a laptop computer.
  • Network devices can be residential gateways (RGs) and switches.
  • FIG. 2 it is a schematic diagram of a hardware structure of a server according to an embodiment of the present application.
  • the server 200 may be used to deploy a MEC platform.
  • the server 200 includes at least one processor 201, a memory 202, and at least one communication interface 203.
  • the processor 201 may be a central processing unit (CPU).
  • the processor 201 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 2.
  • the server 200 may include multiple processors, such as the processor 201 and the processor 206 in FIG. 2. Each of these processors can be a single-core processor or a multi-core processor.
  • the communication interface 203 is configured to communicate with other devices or communication networks, such as Ethernet, wireless local area networks (WLAN), and the like.
  • devices or communication networks such as Ethernet, wireless local area networks (WLAN), and the like.
  • the memory 202 may be a read-only memory (ROM), a random access memory (RAM), an electrically erasable programmable read-only memory (electrically, programmable, read-only memory, EEPROM), an optical disk, or Other optical storage devices, magnetic disks, or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and can be accessed by a computer.
  • the memory 203 may exist independently, and is connected to the processor 201 through a communication line. Alternatively, the memory 203 may be integrated with the processor 201.
  • the memory 202 is configured to store computer-executable instructions for executing the solution of the present application.
  • the computer-executable instructions in the embodiments of the present invention may also be referred to as application program codes.
  • the processor 201 is configured to execute computer-executable instructions stored in the memory 202 and control the communication interface 203 to implement the MEC platform deployment method provided by the embodiment of the present application.
  • the server 200 may further include an output device 204 and an input device 205.
  • the output device 204 may be a liquid crystal display (LCD), a cathode ray tube (CRT) display, or a projector.
  • the input device 205 may be a mouse, a keyboard, a touch screen device, or a sensing device.
  • FIG. 3 it is a schematic diagram of a software architecture of a MEC server according to an embodiment of the present application.
  • the software architecture includes: Operating System (OS), Cloud Computing Management Platform, Platform as a Service (PaaS), Middleware, Multi-access Edge Platform (MEP), Local Users Local user (plane, function, LUPF) software, application (APP), and / or application agent (APP) agent software.
  • OS Operating System
  • PaaS Platform as a Service
  • MEP Multi-access Edge Platform
  • plane plane, function, LUPF
  • APP application agent
  • APP application agent
  • An operating system is a computer program that manages and controls computer hardware and software resources. It is the most basic system software. Any other software must run under the support of the operating system.
  • the functions of the operating system include managing the hardware, software, and data resources of the computer system, controlling the operation of the program, improving the man-machine interface, and providing support for other application software to maximize the use of all the resources of the computer system.
  • the cloud computing management platform is used to manage virtual resources or physical resources involved in cloud computing.
  • the cloud computing management platform is deployed using Openstack.
  • Openstack is an open source cloud computing management platform project, including Nova, Swift, Glance and other modules, each module is used to provide corresponding services.
  • Openstack provides an application programming interface (Application Programming Interface), and each service is integrated through the API.
  • the Nova module is used to provide virtual services. Users can implement operations such as creating and deleting virtual machines through the Nova-API.
  • the cloud computing management platform may also be implemented using other technologies, and this embodiment of the present application does not place any restrictions on this.
  • PaaS provides developers with a test environment, basic applications, and components in the form of services to facilitate the development, deployment, and management of software-as-a-service (SaaS) applications.
  • SaaS software-as-a-service
  • Middleware is an independent system software or service program, which is located between the operating system software and the user's application software, and is used to connect two independent application programs or independent systems.
  • middleware can have multiple implementations that conform to interface and protocol specifications. Through middleware, applications can work in a multi-platform or multi-operating system environment.
  • a MEP is a collection of basic functions required to run applications on a specific virtualized infrastructure and enable it to provide and use multiple access edge services.
  • the MEP is also used to provide hosting of multiple access edge services, receive Domain Name System (DNS) records, and configure DNS proxy / server.
  • DNS Domain Name System
  • the multi-access edge services include: information providing services, positioning services, and bandwidth management services.
  • LUPF software is used to enforce edge policies, such as charging policies and / or offload policies.
  • the offloading strategy is used to offload traffic passing through the MEC platform.
  • the charging policy is used to charge traffic passing through the MEC platform.
  • the application program may be an enterprise park application, an industrial application, an Internet of Things application, or a Content Delivery Network (CDN) application.
  • enterprise campus applications are applications deployed by enterprises in their campus networks.
  • the industrial application refers to an application program used in the industrial field, for example, an application program in a sensor device responsible for collecting data, controlling, and communicating functions.
  • the Internet of Things application refers to an application program used in the field of Internet of Things, for example, an application program for sending alarm information to other vehicles in a vehicle-to-vehicle (V2V) scenario.
  • V2V vehicle-to-vehicle
  • CDN applications are used to provide services such as live video streaming.
  • APP agent software is used to implement service management for local applications, including: managing the service life cycle, monitoring service performance, and invoking management services.
  • an embodiment of the present application provides a feature root device.
  • the characteristic root device is used to enable a bare metal (ie, a server without an operating system and other software installed) or a server with an operating system to automatically deploy software included in the software architecture shown in FIG.
  • the server with the software architecture shown in 3 automatically uses LUPF software to implement edge policies, and / or uses APP agent software to implement service management for local applications.
  • third parties such as enterprises, virtual operators or service providers can implement the plug-and-play deployment of the MEC platform.
  • the characteristic root device is used to make the server inserted in the characteristic root device pass the authentication of the cloud server, so that the server can become a trusted node in the operator's network.
  • trusted nodes can normally provide services to terminals, and untrusted nodes cannot provide services to terminals. In this way, the operator controls the issuance of feature root devices to control the number and area of MEC servers deployed by third parties.
  • the characteristic root device 400 includes: a memory 401 and at least one communication interface 402.
  • the memory 401 and the communication interface 402 are connected through a communication line.
  • the memory 401 may be a read-only memory, a random access memory, an electrically erasable programmable read-only memory, an optical disk or other optical storage device, a magnetic disk or other magnetic storage device, or can be used to carry or store instructions or data structures In the form of desired program code and any other medium that can be accessed by a computer.
  • the memory 401 is configured to store a user's digital certificate and first authentication information.
  • the memory 401 is further configured to store an edge policy and / or an image file of a MEC platform component.
  • the communication 402 is used to communicate with other devices. For example, when the characteristic root device is inserted into the server, the communication interface 402 of the characteristic root device establishes a connection with the communication interface 203 of the server. In this way, the server can obtain the first authentication information from the characteristic root device.
  • the characteristic root device 400 further includes: a processor 403.
  • the processor 403 may be a central processing unit.
  • the processor 403 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 4.
  • the feature root device 400 may include multiple processors, such as the processor 403 and the processor 404 in FIG. 4. Each of these processors can be a single-core processor or a multi-core processor.
  • this embodiment provides a method for configuring a characteristic root device, and the method includes the following steps:
  • a business support system (business support system, BSS) receives a user's application request.
  • the application request is used to apply a characteristic root device to an operator.
  • the BSS obtains registration information of the user.
  • the registration information includes at least the following:
  • the identity information of the user may be the name of the enterprise.
  • Account information such as account number, account balance, and account authority.
  • the location information is used to indicate a service area of the MEC platform.
  • the service area is an area where the MEC platform provides services.
  • the service area is determined by a user on a map.
  • the location information includes latitude and longitude information, a tracking area identifier (TAI), or a base station identifier.
  • TAI tracking area identifier
  • Planning data such as domain name, access point name (APN), etc.
  • a user enters registration information on a registration page provided by the BSS / OSS, so that the BSS / OSS system obtains the user's registration information from the registration page.
  • the BSS imports the first authentication information of the user and the digital certificate into the characteristic root device.
  • the first authentication information includes identity information and a login password of the user.
  • the first authentication information further includes: an identity of the characteristic root device.
  • the digital certificate contains a key corresponding to the characteristic root device.
  • the key in the digital certificate is the private key corresponding to the characteristic root device.
  • the digital certificate further includes identity information of the user and a digital signature of a certificate authority. It should be noted that, for a method of generating a user's digital certificate, reference may be made to the prior art, and details are not described herein.
  • the BSS can also import related data such as the edge policy and the mirror file of the MEC platform components into the characteristic root device. It should be noted that the BSS opens a management interface with an edge policy, so that users can apply for or modify the edge policy through the BSS.
  • the BSS sends a key corresponding to the characteristic root device and registration information of the user to a cloud server.
  • the key sent by the BSS to the cloud server is the public key corresponding to the characteristic root device.
  • a method for configuring a characteristic root device provided in the embodiments of the present application further includes the following step S105.
  • the BSS sends the registration information of the user to the network-side device.
  • the network-side equipment includes: an operation support system (operation support system, OSS), a control plane network element, and a user plane network element.
  • operation support system operation support system
  • control plane network element is a session management function (session management function (SMF) network element).
  • user plane network element is a user plane function (UPF) network element.
  • SMF session management function
  • UPF user plane function
  • the BSS first converts the registration information into configuration information, and then sends the configuration information to the network-side device.
  • a user can obtain a characteristic root device from an operator. In this way, users can use this feature root device to quickly deploy the MEC platform on the server.
  • a method for deploying a MEC platform includes the following steps: S201-S204.
  • the server initiates an authentication process to a cloud server through the characteristic root device.
  • the server runs the characteristic root basic software stored in the characteristic root device, the characteristic root basic software automatically establishes a connection between the server and the cloud server, and the characteristic root basic software Automatically initiate an authentication process to a cloud server to verify that the server is trusted.
  • the authentication process may refer to the method shown in FIG. 7, and details are not described herein.
  • connection between the server and the cloud server may be a Hypertext Transfer Protocol (http) connection.
  • https Hypertext Transfer Protocol
  • the server receives a session token sent by the cloud server, and the session token is used to identify a session between the cloud server and the server.
  • the information sent by the server to the cloud server carries the session token, so that the cloud server knows that the information is sent by the server.
  • the aging time of the session token is preset or issued by the cloud server. When the aging time of the session token is reached, the server needs to initiate an authentication process to the cloud server again.
  • the server installs a MEC platform component.
  • the MEC platform components include LUPF software and / or APP agent software.
  • the MEC platform components further include: an operating system, a cloud computing management platform, PaaS, middleware, and the like.
  • the image file of the MEC platform component is stored in a feature root device, or is stored in a database of a cloud server, or is stored in a server.
  • the image file may have different names, such as an installation package, an installation file, and the like, and there is no limitation on this in the embodiment of the present application.
  • local deployment refers to: the server obtains the MEC platform component image file from the characteristic root device or its own database; then, the server runs the MEC platform component image file to install the MEC platform component.
  • Remote deployment means that the server sends remote deployment information to the cloud server. The remote deployment information is used to request the image file of the MEC platform component. After that, the server obtains the image file of the MEC platform component from the cloud server. Finally, the server Run the MEC platform component image file to install the MEC platform component.
  • the remote deployment information is used to request all MEC platform components, or the remote deployment information is used to request MEC platform components required by the server.
  • the server can use both local deployment and remote deployment. For example, for MEC platform components stored in a feature root device or server, the server installs these MEC platform components in a locally deployed manner. For MEC platform components that are not stored in the feature root device or server, the server installs these MEC platform components in a remote deployment manner.
  • the server updates the MEC platform component from the cloud server.
  • the server sends registration information to the cloud server, and the registration information is used to register the server as a controlled node in the operator's network.
  • the server becomes a controlled node in the operator's network. Therefore, the cloud server can manage and maintain the server, so that the server can install the MEC platform components and use the MEC platform components.
  • the server may perform the following step S203; if the server has the APP agent software installed, the server may perform the following step S204.
  • the server uses the LUPF software to execute an edge policy.
  • the edge policy includes a traffic distribution policy and / or a charging policy.
  • the edge policy may further include other policies, such as an access control policy, which are not limited in the embodiment of the present application.
  • the server when the characteristic root device stores the edge policy in advance, the server obtains an edge policy from the characteristic root device. Alternatively, the server obtains the edge policy from the cloud server.
  • the server uses the LUPF software to execute an edge policy.
  • the policy authorization information is used to indicate that the LPUF software has a right to execute an edge policy.
  • the server cannot use the LUPF software to execute an edge policy. Therefore, whether a MEC server deployed by a third party can use LUPF software to execute an edge policy depends on whether policy authorization information is stored in the characteristic root device. Therefore, the operator can control whether the MEC server deployed by a third party can use LUPF software to execute the edge policy through the characteristic root device.
  • the policy authorization information may exist in the characteristic root device in an implicit manner. For example, if an edge policy is stored in the characteristic root device, it means that the server inserted in the characteristic root device can use LUPF software to execute the edge policy; if no edge policy is stored in the characteristic root device, it means that the server inserted in the characteristic root device does not You can use LUPF software to enforce edge policies.
  • the server uses the APP agent software to implement service management for local applications.
  • the local application refers to an application deployed on the server, or an application deployed on other nodes in a local area network where the server is located.
  • the above server uses the APP software to implement service management of local applications, including at least the following situations:
  • the server uses the APP agent software to register a service provided by a local application with a service management center.
  • the local application Before the APP agent software registers the services provided by the local application with the service management center, the local application first registers the services with the APP agent software, so that the APP agent software learns the services provided by the local application.
  • the local application performs service registration through a registration API.
  • the local application registers the service by configuring service information and service available detection endpoint information on the APP agent software.
  • the service management center instructs the control plane network element and the DNS server to execute the corresponding offloading rule, and the control plane network element also instructs the UPF network element to execute the corresponding offloading rule, so that the traffic of the terminal accessing the service provided by the local application can be imported to The server.
  • the server uses the APP agent software to send service status information to a service management center, and the service status information is used to notify the service management center
  • the services provided by the local application are not available.
  • the service management center updates the distribution rules on the network side to block the traffic to the local application where the process is abnormal, thereby preventing the terminal from generating invalid access.
  • the server automatically initiates the authentication process. After the authentication is passed, the server automatically installs the MEC platform components and uses the MEC platform components to implement the MEC platform plug and play. Application, is conducive to the implementation of the MEC platform solution.
  • an authentication method provided by an embodiment of the present application includes the following steps: S301-S307.
  • the server obtains first authentication information from the characteristic root device.
  • the server sends the first authentication information to the cloud server, so that the cloud server receives the first authentication information sent by the server.
  • the cloud server sends second authentication information to the server, so that the server receives the second authentication information sent by the cloud server.
  • the cloud server After receiving the first authentication information sent by the server, the cloud server verifies whether the first authentication information is correct. When the first authentication information is correct, the cloud server searches the database for the second authentication information stored in advance, or randomly generates the second authentication information, or generates the second authentication information according to a preset rule. After that, the cloud server sends the second authentication information to the server, so that the server receives the second authentication information sent by the cloud server.
  • the cloud server generating the second authentication information according to a preset rule includes: combining the first authentication information with some information in the user's registration information to generate the second authentication information.
  • the cloud server may also adopt other rules to generate the second authentication information, which is not limited in this embodiment of the present application.
  • the server uses the digital certificate stored in the characteristic root device to encrypt the second authentication information.
  • the server encrypts the second authentication information by using a private key in a digital certificate, thereby determining the encrypted second authentication information.
  • the asymmetric encryption algorithm used by the server is an RSA encryption algorithm, a Digital Signature Algorithm (DSA), or an Elgamal algorithm.
  • DSA Digital Signature Algorithm
  • the server sends the encrypted second authentication information to the cloud server, so that the cloud server receives the encrypted second authentication information sent by the server.
  • the cloud server determines an authentication result according to the encrypted second authentication information.
  • the authentication result is that the authentication is passed or the authentication fails.
  • the cloud server decrypts the encrypted second authentication information by using a public key corresponding to the characteristic root device. If the information obtained by the decryption is the same as the second authentication information previously sent to the server, the cloud server determines that the authentication result of the server is authentication passed. If the information obtained by the decryption is different from the second authentication information previously sent to the server, the cloud server determines that the authentication result of the server is that the authentication failed.
  • the cloud server sends an authentication result to the server, so that the server receives the authentication result sent by the cloud server.
  • the cloud server can determine whether the server inserted into the characteristic root device is a trusted node, so as to prevent untrusted nodes from affecting the security of the operator's network.
  • the server includes a hardware structure or a software module corresponding to each function.
  • this application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is performed by hardware or computer software-driven hardware depends on the specific application of the technical solution and design constraints. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of the present application.
  • FIG. 8 shows a schematic structural diagram of a MEC platform deployment device.
  • the MEC platform deployment device includes: an authentication module 801, an installation module 802, and an enable module 803.
  • the authentication module 801 is configured to perform step S201 in FIG. 6, and steps S301 to S305 and S307 in FIG. 7, and / or other processes for the technology described herein.
  • the installation module 802 is configured to perform step S202 in FIG. 6 and / or other processes used in the technology described herein.
  • the enabling module 803 is configured to perform steps S203 and S204 in FIG. 6 and / or other processes for the technology described herein. Wherein, all relevant content of each step involved in the above method embodiment can be referred to the functional description of the corresponding functional module, which will not be repeated here.
  • the authentication module 801, the installation module 802, and the enable module 803 in FIG. 8 may be implemented by the processor 201 of the server in FIG. 2, or by the server 201 in FIG. 2.
  • the processor 201 controls the communication interface 203 for implementation, which is not limited in the embodiment of the present application.
  • An embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions; when the computer-readable storage medium runs on the server shown in FIG. 2, the server executes The method shown in FIG. 6 and FIG. 7 in the embodiment of the present application.
  • the computer-readable storage medium may be any medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that includes one or more media integrations.
  • the medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, an optical disk), or a semiconductor medium (for example, a solid state disk (SSD)), or the like.
  • the computer instructions may not only be stored in a computer-readable storage medium, but may also be transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be transmitted from a website site, a computer,
  • the server or data center transmits to another website site, computer, server, or data center by wired (such as coaxial cable, optical fiber, twisted pair) or wireless (such as infrared, wireless, microwave, etc.).
  • An embodiment of the present application further provides a computer program product containing computer instructions, which when run on a computer, enables the computer to execute the methods shown in FIG. 6 and FIG. 7 described above.
  • the server, the computer storage medium, and the computer program product provided in the foregoing embodiments of the present application are used to execute the corresponding methods provided above. Therefore, for the beneficial effects that can be achieved, refer to the corresponding methods provided above. The beneficial effects are not repeated here.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Stored Programmes (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

一种MEC平台部署方法,涉及通信技术领域,用于实现MEC平台的快速部署。该方法包括:服务器通过特征根装置向云端服务器发起认证流程,该特征根装置预先存储有用户的数字证书以及第一认证信息;在认证通过后,服务器安装MEC平台组件,MEC平台组件包括LUPF软件和/或APP agent软件;之后,服务器使用LUPF软件执行边缘策略,边缘策略包括分流策略和/或计费策略;和/或,服务器使用APP agent软件实现对本地应用的服务治理。本申请的技术方案适用于MEC平台部署的流程中。

Description

MEC平台部署方法及装置
本申请要求于2018年9月21日提交中国国家知识产权局、申请号为201811109750.7、发明名称为“MEC平台部署方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及通信技术领域,尤其涉及多接入边缘计算(Multi-access edge computing,MEC)部署方法及装置。
背景技术
MEC是将应用、内容和核心网部分业务处理和资源调度的功能一同部署到靠近接入侧的网络边缘,使得内容和服务更贴近用户,提高移动网络速率、降低时延并提升连接可靠性。
当前,MEC平台主要由运营商构建。运营商独家构建MEC平台存在以下问题:(1)若运营商为多个用户统一建设MEC节点,也即MEC节点被多个用户复用,则由于MEC节点对接的用户数目众多,MEC节点配置的转发路由表的数目也较多,导致查询转发路由表的时延增加。另外,由于MEC节点对接多个用户,一旦MEC节点变更,会影响到多个用户的业务。(2)若运营商为不同厂商建设不同的MEC节点,则由于运营商现网的机房空间有限,不能部署更多的服务器,因此运营商需要投入大量的资金新建站点,这样增大了运营商的运营成本。
由于运营商独家构建MEC平台存在以上诸多问题,因此,运营商需要与虚拟运营商、企业、服务提供商等第三方合作,分别在各自的网络环境中构建MEC平台,将运营商网络的边缘计算延伸到第三方的网络环境中。但是,目前,MEC平台的部署需要用户手工配置,且配置流程较为繁琐。这使得多方共建MEC平台的方案难以落地。
发明内容
本申请提供一种MEC平台部署方法及装置,用于实现MEC平台的快速部署,以便于多方共建MEC平台方案的落地。
为达到上述目的,本申请提供如下技术方案:
第一方面,提供一种MEC平台部署方法,包括:服务器通过特征根装置向云端服务器发起认证流程,该特征根装置预先存储有用户的数字证书以及第一认证信息;在认证通过后,服务器安装MEC平台组件,MEC平台组件包括本地用户面功能LUPF软件和/或应用程序代理APP agent软件;之后,服务器使用LUPF软件执行边缘策略,边缘策略包括分流策略和/或计费策略;和/或,服务器使用APP agent软件实现对本地应用的服务治理。
可见,服务器在插入特征根装置之后,服务器自动发起认证流程,并在认证通过之后,服务器自动安装MEC平台组件,并且使用MEC平台组件。这样一来,实现了MEC平台在服务器上即插即用的部署,有利于多方共建MEC平台方案的落地。
一种可能的设计中,上述服务器通过特征根装置向云端服务器发起认证流程,包括:服务器从特征根装置获取第一认证信息;服务器向云端服务器发送第一认证信息;服务器接收云端服务器发送的第二认证信息;服务器以用户的数字证书对第二认证信息进行加密;服务 器向云端服务器发送加密后的第二认证信息;服务器接收云端服务器发送的认证结果,认证结果为认证通过或者认证未通过。这样一来,云端服务器通过该认证流程,能够确定该服务器是否是一个可信的节点,以避免不可信的节点影响运营商网络的安全。
一种可能的设计中,在服务器通过特征根装置向云端服务器发起认证流程之后,该方法还包括:在认证通过后,服务器接收云端服务器发送的会话令牌,会话令牌用于标识云端服务器和服务器之间的会话。这样一来,在后续的信息交互过程中,服务器发送给云端服务器的信息携带有该会话令牌,从而使得云端服务器能够获知该信息是由服务器发送的。
一种可能的设计中,在服务器安装MEC平台组件之前,该方法还包括:当特征根装置预先存储有MEC平台组件的镜像文件时,服务器从特征根装置获取MEC平台组件的镜像文件;或者,服务器从云端服务器获取MEC平台组件的镜像文件。
一种可能的设计中,在服务器使用LUPF软件执行边缘策略之前,该方法还包括:当特征根装置预先存储有边缘策略时,服务器从特征根装置获取边缘策略;或者,服务器从云端服务器获取边缘策略。
一种可能的设计中,上述服务器使用LUPF软件执行边缘策略,包括:当特征根装置预先存储有策略授权信息时,服务器使用LUPF软件执行边缘策略,策略授权信息用于指示LPUF软件具有执行边缘策略的权限。换而言之,当特征根装置未存储有策略授权信息时,服务器不能使用LUPF软件执行边缘策略。也即,第三方部署的MEC服务器是否能够使用LUPF软件执行边缘策略,取决于特征根装置中是否存储有策略授权信息。运营商通过特征根装置,能够控制第三方部署的MEC服务器是否可以使用LUPF软件执行边缘策略。
一种可能的设计中,上述服务器使用APP agent软件实现对本地应用的服务治理,包括:服务器使用APP agent软件向服务治理中心注册本地应用提供的服务。这样一来,本地应用能够向终端提供相应的服务。
一种可能的设计中,上述服务器使用APP agent软件实现对本地应用的服务治理,包括:若APP agent软件监测到本地应用的进程出现异常,服务器使用APP agent软件向服务治理中心发送服务状态信息,服务状态信息用于通知服务治理中心本地应用提供的服务不可用。这样一来,服务治理中心在获知本地应用提供的服务不可用之后,更新网络侧的分流规则,阻塞流向进程出现异常的本地应用的流量,从而避免终端产生无效访问。
第二方面,提供一种MEC平台部署装置,包括:认证模块,用于通过特征根装置向云端服务器发起认证流程,特征根装置预先存储有用户的数字证书以及第一认证信息。安装模块,用于在认证通过后,安装MEC平台组件,MEC平台组件包括本地用户面功能LUPF软件和/或应用程序代理APP agent软件。使能模块,用于使用LUPF软件执行边缘策略,边缘策略包括分流策略和/或计费策略;和/或,使用APP agent软件实现对本地应用的服务治理。
一种可能的设计中,认证模块,用于通过特征根装置向云端服务器发起认证流程,包括以下步骤:从特征根装置获取第一认证信息;向云端服务器发送第一认证信息;接收云端服务器发送的第二认证信息;以用户的数字证书对第二认证信息进行加密;向云端服务器发送加密后的第二认证信息;接收云端服务器发送的认证结果,认证结果为认证通过或者认证未通过。
一种可能的设计中,认证模块,还用于在认证通过后,接收云端服务器发送的会话令牌,会话令牌用于标识云端服务器和服务器之间的会话。
一种可能的设计中,安装模块,还用于当特征根装置预先存储有MEC平台组件的镜像文 件时,从特征根装置获取MEC平台组件的镜像文件;或者,从云端服务器获取MEC平台组件的镜像文件。
一种可能的设计中,使能模块,还用于当特征根装置预先存储有边缘策略时,从特征根装置获取边缘策略;或者,从云端服务器获取边缘策略。
一种可能的设计中,使能模块,用于使用LUPF软件执行边缘策略,包括:当特征根装置预先存储有策略授权信息时,使用LUPF软件执行边缘策略,策略授权信息用于指示LPUF软件具有执行边缘策略的权限。
一种可能的设计中,使能模块,用于使用APP agent软件实现对本地应用的服务治理,包括:使用APP agent软件向服务治理中心注册本地应用提供的服务。
一种可能的设计中,使能模块,用于使用APP agent软件实现对本地应用的服务治理,包括:若APP agent软件监测到本地应用的进程出现异常,使用APP agent软件向服务治理中心发送服务状态信息,服务状态信息用于通知服务治理中心本地应用提供的服务不可用。
第三方面,提供一种服务器,包括:通信接口、处理器和存储器,该存储器用于存储计算机执行指令,当该服务器运行时,该处理器执行该存储器存储的计算机执行指令,以使该服务器执行上述第一方面中任一项所述的MEC平台部署方法。
第四方面,提供一种计算机可读存储介质,该计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机可以执行上述第一方面中任一项所述的MEC平台部署方法。
第五方面,提供一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机可以执行上述第一方面中任一项所述的MEC平台部署方法。
第六方面,提供一种芯片系统,该芯片系统包括处理器,用于支持服务器实现上述第一方面中任一项所述的MEC平台部署方法的功能。在一种可能的设计中,该芯片系统还包括存储器,该存储器用于保存服务器必要的程序指令和数据。该芯片系统可以由芯片构成,也可以包含芯片和其他分立器件。
其中,上述第二方面至第六方面中任一种设计方式所带来的技术效果可参见第一方面中不同设计方式所带来的技术效果,在此不再赘述。
附图说明
图1为本申请实施例提供的一种MEC系统的架构示意图;
图2为本申请实施例提供的一种服务器的结构示意图;
图3为本申请实施例提供的一种MEC服务器的软件架构示意图;
图4为本申请实施例提供的一种特征根装置的结构示意图;
图5为本申请实施例提供的一种特征根装置的配置方法的流程图;
图6为本申请实施例提供的一种MEC平台部署方法的流程图;
图7为本申请实施例提供的一种认证方法的流程图;
图8为本申请实施例提供的一种MEC平台部署装置的结构示意图。
具体实施方式
本申请中术语“至少一个”是指一个或多个,“多个”是指两个或者两个以上。本申请中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。
本申请实施例描述的网络架构以及业务场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域普通技术人员可知,随着网络架构的演变和新业务场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。
本申请实施例提供的技术方案可以应用于无线通信系统中,该无线通信系统可以是长期演进(long term evolution,LTE)系统、LTE演进(LTE-Advanced,LTE-A)系统、5G系统,或者是未来的其他通信系统等。本申请实施例提供的技术方案适用于海量机器类通信(massive Machine Type of Communication,mMTC)场景,以及超高可靠与低延迟的通信(Ultra Reliable and Low Latency Communication,uRLLC)场景等。
如图1所示,为本申请实施例提供的一种MEC系统的架构示意图。其中,MEC服务器部署于无线接入网和核心网之间。MEC服务器即为部署了MEC平台及接受MEC平台管理的服务器。并且,MEC服务器可以连接云数据中心以及其他网络,例如企业网。从而,MEC服务器利用无线接入网为终端就近提供服务和云端计算功能。在本申请实施例中,所述MEC服务器可由运营商、企业、虚拟运营商或者服务提供商建立。
上述终端可以为各种具有通信功能的手持设备、车载设备、可穿戴设备、计算机、网络设备。例如,手持设备可以是智能手机。车载设备可以是车载导航系统。可穿戴设备可以是智能手环。计算机可以是个人数字助理(personal digital assistant,PDA)电脑、平板型电脑以及膝上型电脑(laptop computer)。网络设备可以是家庭网关(residential gateway,RG)以及交换机。
如图2所示,为本申请实施例提供的一种服务器的硬件结构示意图。该服务器200可以用于部署MEC平台。该服务器200包括至少一个处理器201,存储器202以及至少一个通信接口203。
处理器201可以是中央处理器(central processing unit,CPU)。处理器201可以包括一个或多个CPU,例如图2中的CPU0和CPU1。服务器200可以包括多个处理器,例如图2中的处理器201和处理器206。这些处理器中的每一个可以是一个单核处理器,也可以是一个多核处理器。
通信接口203,用于与其他设备或通信网络通信,如以太网,无线局域网(wireless local area networks,WLAN)等。
存储器202可以是只读存储器(read-only memory,ROM),随机存取存储器(random access memory,RAM),电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、光盘或其他光存储设备、磁盘或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质。存储器203可以独立存在,通过通信线路与处理器201相连接。或者,存储器203也可以和处理器201集成在一起。其中,存储器202用于存储执行本申请方案的计算机可执行指令。可选的,本发明实施例中的计算机执行指令也可以称之为应用程序代码。处理器201用于执行存储器202中存储的计算机可执行指令,控制通信接口203实现本申请实施例提供的MEC平台部署方法。
可选的,服务器200还可以包括输出设备204和输入设备205。例如,输出设备204可以是液晶显示器(liquid crystal display,LCD),阴极射线管(cathode ray tube,CRT)显示器,或投影仪(projector)等。例如,输入设备205可以是鼠标、键盘、触摸屏设备或 传感设备等。
如图3所示,为本申请实施例提供的一种MEC服务器的软件架构示意图。该软件架构包括:操作系统(Operating System,OS)、云计算管理平台、平台即服务(Platformas a Service,PaaS)、中间件、多接入边缘平台(Multi-access edge Platform,MEP)、本地用户面功能(local user plane function,LUPF)软件、应用程序(Application,APP)和/或应用程序代理(APP agent)软件。
操作系统是管理和控制计算机硬件与软件资源的计算机程序,是最基本的系统软件,任何其他软件都必须在操作系统的支持下才能运行。操作系统的功能包括管理计算机系统的硬件、软件及数据资源,控制程序运行,改善人机界面,为其它应用软件提供支持,让计算机系统所有资源最大限度地发挥作用。
云计算管理平台用于对云计算涉及的虚拟资源或者物理资源进行管理。可选的,云计算管理平台采用Openstack来部署。Openstack是一个开源的云计算管理平台项目,包括Nova、Swift、Glance等模块,每个模块用于提供相应的服务。并且,Openstack提供了应用程序编程接口(Application Programming Interface,API),每种服务通过API集成。例如,Nova模块用于提供虚拟服务,用户可通过Nova-API实现虚拟机创建、删除等操作。当然,云计算管理平台也可以采用其他技术来实现,本申请实施例对此不作任何限制。
PaaS以服务的形式给开发人员提供开发测试环境、基础应用程序和组件,以便于开发、部署和管理软件即服务(software as a service,SaaS)应用程序。
中间件是一种独立的系统软件或服务程序,处于操作系统软件与用户的应用软件的中间,用于连接两个独立应用程序或独立系统。针对不同的操作系统和硬件平台,中间件可以有符合接口和协议规范的多种实现。通过中间件,应用程序可以工作于多平台或多操作系统的环境。
MEP是在特定的虚拟化基础架构上运行应用程序并使其能够提供和使用多接入边缘服务所需的基本功能的集合。可选的,MEP还用于提供对多接入边缘服务的托管、接收域名系统(Domain Name System,DNS)记录以及配置DNS代理/服务器。示例性的,多接入边缘服务包括:信息提供服务、定位服务以及带宽管理服务。
LUPF软件用于执行边缘策略,例如:计费策略和/或分流策略。其中,所述分流策略用于对经过MEC平台的流量进行分流。所述计费策略用于对经过MEC平台的流量进行计费。
所述应用程序可以为企业园区应用、工业应用、物联网应用或者内容分发网络(Content Delivery Network,CDN)应用等。其中,企业园区应用为企业部署在其园区网络内的应用。所述工业应用是指用于工业领域的应用程序,例如传感装置中负责采集数据、控制、通信等功能的应用程序。所述物联网应用是指用于物联网领域的应用程序,例如,在车对车(vehicle to vehicle,V2V)场景下,用于向其他车辆发送告警信息的应用程序。CDN应用用于提供视频流媒体直播等服务。
APP agent软件用于实现对本地应用的服务治理,包括:管理服务的生命周期、监控服务的性能、管理服务的调用等。
为了实现MEC平台的快速部署,本申请实施例提供一种特征根装置。一方面,该特征根装置用于使裸机(也即未安装操作系统和其他软件的服务器)或者安装了操作系统的服务器自动部署上述图3所示的软件架构包括的软件,并使具有上述图3所示的软件架构的服务器自动使用LUPF软件执行边缘策略,和/或使用APP agent软件实现对本地应用的服务治理。 这样,企业、虚拟运营商或者服务提供商等第三方能够实现MEC平台即插即用的部署。另一方面,特征根装置用于使插入该特征根装置的服务器通过云端服务器的认证,从而该服务器能够成为运营商网络中的一个可信的节点。可以理解的是,在运营商网络中,可信的节点能够正常地向终端提供服务,而不可信的节点不能够向终端提供服务。这样,运营商通过控制特征根装置的发放,以控制第三方部署MEC服务器的数量以及区域。
如图4所示,为本申请实施例提供的一种特征根装置的结构示意图。该特征根装置400包括:存储器401和至少一个通信接口402。存储器401与通信接口402之间通过通信线路连接。
其中,存储器401可以是只读存储器,随机存取存储器,电可擦可编程只读存储器、光盘或其他光存储设备、磁盘或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质。在本申请实施例中,存储器401用于存储用户的数字证书以及第一认证信息。可选的,存储器401还用于存储边缘策略和/或MEC平台组件的镜像文件。
所述通信402用于与其他设备通信。例如,当特征根装置插入服务器时,特征根装置的通信接口402与服务器的通信接口203建立连接。这样一来,服务器能够从特征根装置获取到第一认证信息。
可选的,该特征根装置400还包括:处理器403。所述处理器403可以是中央处理器。处理器403可以包括一个或多个CPU,例如图4中的CPU0和CPU1。特征根装置400可以包括多个处理器,例如图4中的处理器403和处理器404。这些处理器中的每一个可以是一个单核处理器,也可以是一个多核处理器。
如图5所示,为本申请实施例提供的一种特征根装置的配置方法,该方法包括以下步骤:
S101、业务支撑系统(business support system,BSS)接收用户的申请请求。其中,所述申请请求用于向运营商申请特征根装置。
S102、BSS获取用户的注册信息。
其中,所述注册信息至少包括以下内容:
(1)用户的身份信息。以用户为第三方企业为例,该用户的身份信息可以为企业的名称。
(2)账户信息,例如:账号、账户的余额、账户的权限等。
(3)位置信息。所述位置信息用于指示MEC平台的服务区域。其中,所述服务区域即为MEC平台提供服务的区域。可选的,所述服务区域为用户在地图上确定的。在本申请实施例中,所述位置信息包括经纬度信息、跟踪区标识(tracking area identity,TAI)或者基站标识。
(4)规划数据,例如域名、接入点名称(access point name,APN)等。
一种实现方式中,用户在BSS/OSS提供的注册页面上输入注册信息,从而BSS/OSS系统从该注册页面上获取到用户的注册信息。
S103、BSS将所述用户的第一认证信息以及数字证书导入特征根装置中。
其中,所述第一认证信息包括:用户的身份信息和登录密码。可选的,所述第一认证信息还包括:特征根装置的标识。
所述数字证书包含特征根装置对应的密钥。在采用非对称加密技术的情况下,数字证书中的密钥为特征根装置对应的私有密钥。可选的,所述数字证书还包含用户的身份信息以及证书授权中心的数字签名。需要说明的是,用户的数字证书的生成方法可参考现有技术,在 此不予赘述。
可选的,BSS还可以将边缘策略、MEC平台组件的镜像文件等相关资料导入特征根装置中。需要说明的是,BSS开放有边缘策略的管理接口,以便于用户通过BSS申请或者修改边缘策略。
S104、BSS向云端服务器发送所述特征根装置对应的密钥,以及所述用户的注册信息。
在本申请实施例中,在采用非对称加密技术的情况下,BSS发送给云端服务器的密钥为特征根装置对应的公有密钥。
可选的,本申请实施例提供的一种特征根装置的配置方法,还包括以下步骤S105。
S105、BSS将所述用户的注册信息发送给网络侧设备。
其中,网络侧设备包括:运营支撑系统(operation support system,OSS)、控制面网元和用户面网元。示例性的,所述控制面网元为会话管理功能(session management function,SMF)网元。用户面网元为用户面功能(user plane function,UPF)网元。
一种实现方式中,BSS先将注册信息转换为配置信息,然后将该配置信息发送给网络侧设备。
基于图5所示的技术方案,用户可以从运营商获取到特征根装置。这样一来,用户使用该特征根装置,能够在服务器上快速地部署MEC平台。
如图6所示,为本申请实施例提供的一种MEC平台部署方法,包括以下步骤:S201-S204。
S201、所述服务器通过所述特征根装置向云端服务器发起认证流程。
一种实现方式中,在服务器插入特征根装置后,服务器运行特征根装置中存储的特征根基础软件,该特征根基础软件自动建立服务器与云端服务器之间的连接,并且,该特征根基础软件自动向云端服务器发起认证流程,以验证该服务器是否是可信的。在本申请实施例中,所述认证流程可参考图7所示的方法,在此不予赘述。
可选的,服务器与云端服务器之间的连接可以为超文本传输协议(hypertext transfer protocol,http)连接。
可选的,在认证通过之后,所述服务器接收所述云端服务器发送的会话令牌,所述会话令牌用于标识所述云端服务器和所述服务器之间的会话。之后,服务器与云端服务器的信息交互过程中,服务器发送给云端服务器的信息中携带有该会话令牌,以便于云端服务器获知该信息由所述服务器发送。需要说明的是,所述会话令牌的老化时间是预设的或者是云端服务器下发的。在到达会话令牌的老化时间的情况下,服务器需要重新向云端服务器发起认证流程。
S202、在认证通过后,所述服务器安装MEC平台组件。
其中,所述MEC平台组件包括LUPF软件和/或APP agent软件。可选的,所述MEC平台组件还包括:操作系统、云计算管理平台、PaaS、中间件等。
可选的,所述MEC平台组件的镜像文件存储在特征根装置中,或者存储在云端服务器的数据库中,又或者存储在服务器中。需要说明的是,所述镜像文件可以有不同的名称,例如安装包、安装文件等,本申请实施例对此不作任何限制。
在本申请实施例中,服务器安装MEC平台组件的方式有以下两种:本地部署和远程部署。(1)本地部署是指:服务器从特征根装置或者自身的数据库中获取MEC平台组件的镜像文件;然后,服务器运行MEC平台组件的镜像文件,以安装MEC平台组件。(2)远程部署是指,服务器向云端服务器发送远程部署信息,该远程部署信息用于请求获取MEC平台组件的镜像文 件;之后,服务器从云端服务器获取到MEC平台组件的镜像文件;最后,服务器运行MEC平台组件的镜像文件,以安装MEC平台组件。需要说明的是,所述远程部署信息用于请求全部的MEC平台组件,或者,所述远程部署信息用于请求服务器所需的MEC平台组件。
在安装MEC平台组件的过程中,服务器可以同时采用本地部署和远程部署两种方式。例如,对于存储于特征根装置或者服务器中的MEC平台组件来说,服务器以本地部署的方式安装这些MEC平台组件。对于未存储于特征根装置或者服务器中的MEC平台组件来说,服务器以远程部署的方式安装这些MEC平台组件。
需要说明的是,当服务器安装的MEC平台组件的版本过老时,服务器从云端服务器更新MEC平台组件。
可选的,在服务器安装MEC平台组件之前,服务器向云端服务器发送注册信息,该注册信息用于使服务器注册为运营商网络中的一个受控节点。这样,该服务器成为运营商网络中的一个受控节点。从而,云端服务器能够对该服务器进行管理和维护,以便于服务器安装MEC平台组件,以及使用MEC平台组件。
在本申请实施例中,若服务器安装了LUPF软件,则服务器可以执行下述步骤S203;若服务器安装了APP agent软件,则服务器可以执行下述步骤S204。
S203、所述服务器使用所述LUPF软件执行边缘策略。
其中,所述边缘策略包括:分流策略和/或计费策略。可选的,所述边缘策略还可以包括其他策略,例如访问控制策略等,本申请实施例对此不作任何限制。
在本申请实施例中,当所述特征根装置预先存储有所述边缘策略时,所述服务器从所述特征根装置获取边缘策略。或者,所述服务器从所述云端服务器获取所述边缘策略。
可选的,当所述特征根装置预先存储有策略授权信息时,所述服务器使用所述LUPF软件执行边缘策略。其中,所述策略授权信息用于指示LPUF软件具有执行边缘策略的权限。这样一来,若所述特征根装置未存储策略授权信息,则所述服务器不能使用所述LUPF软件执行边缘策略。从而,第三方部署的MEC服务器是否能够使用LUPF软件执行边缘策略,取决于特征根装置中是否存储有策略授权信息。从而,运营商通过特征根装置,能够控制第三方部署的MEC服务器是否可以使用LUPF软件执行边缘策略。
需要说明的是,策略授权信息可以以隐式的方式存在于特征根装置中。例如,若特征根装置中存储有边缘策略,则说明插入该特征根装置的服务器可以使用LUPF软件执行边缘策略;若特征根装置中未存储有边缘策略,则说明插入该特征根装置的服务器不可以使用LUPF软件执行边缘策略。
S204、所述服务器使用所述APP agent软件实现对本地应用的服务治理。
其中,所述本地应用是指部署在所述服务器上的应用,或者部署在该服务器所在的局域网络中其他节点上的应用。
上述服务器使用所述APP软件实现对本地应用的服务治理,至少包括以下情形:
(1)所述服务器使用所述APP agent软件向服务治理中心注册本地应用提供的服务。
需要说明的是,在APP agent软件向服务治理中心注册本地应用提供的服务之前,本地应用会先向APP agent软件注册服务,以使得APP agent软件获知本地应用向外提供的服务。可选的,本地应用通过注册API进行服务的注册。或者,本地应用通过在APP agent软件上配置服务信息和服务可用探测端点信息,来注册服务。
这样一来,服务治理中心指示控制平面网元以及DNS服务器执行相应的分流规则,控制 平面网元也指示UPF网元执行相应的分流规则,以使得终端访问本地应用提供的服务的流量能够导入到所述服务器。
(2)若所述APP agent软件监测到本地应用的进程出现异常,所述服务器使用所述APP agent软件向服务治理中心发送服务状态信息,所述服务状态信息用于通知所述服务治理中心所述本地应用提供的服务不可用。
这样一来,服务治理中心更新网络侧的分流规则,对流向进程出现异常的本地应用的流量进行阻塞,从而避免终端产生无效访问。
基于图6所示的技术方案,服务器在插入特征根装置之后,服务器自动发起认证流程,并在认证通过之后,服务器自动安装MEC平台组件,并且使用MEC平台组件,实现了MEC平台的即插即用,有利于多方共建MEC平台方案的落地。
如图7所示,为本申请实施例提供的一种认证方法,包括以下步骤:S301-S307。
S301、所述服务器从所述特征根装置中获取第一认证信息。
S302、所述服务器向所述云端服务器发送所述第一认证信息,以使得所述云端服务器接收到所述服务器发送的第一认证信息。
S303、所述云端服务器向所述服务器发送第二认证信息,以使得所述服务器接收所述云端服务器发送的第二认证信息。
一种实现方式中,所述云端服务器在接收到所述服务器发送的所述第一认证信息之后,验证所述第一认证信息是否正确。在第一认证信息正确的情况下,云端服务器从数据库中查找预先存储的第二认证信息,或者随机生成第二认证信息,或者根据预设规则生成第二认证信息。之后,云端服务器将所述第二认证信息发送给所述服务器,以使得服务器接收到云端服务器发送的第二认证信息。
其中,云端服务器根据预设规则生成第二认证信息,包括:以第一认证信息结合用户的注册信息中的一些信息,生成第二认证信息。当然,云端服务器也可以采用其他规则来生成第二认证信息,本申请实施例对此不作任何限制。
S304、所述服务器使用特征根装置中存储的数字证书对所述第二认证信息进行加密。
一种实现方式中,在采用非对称加密技术的情况下,所述服务器以数字证书中的私有密钥对所述第二认证信息进行加密,从而确定加密后的第二认证信息。
示例性的,所述服务器采用的非对称加密算法为RSA加密算法、数字签名算法(Digital Signature Algorithm,DSA)或者Elgamal算法。
S305、所述服务器向所述云端服务器发送加密后的第二认证信息,以使得所述云端服务器接收到所述服务器发送的加密后的第二认证信息。
S306、所述云端服务器根据所述加密后的第二认证信息,确定认证结果。
其中,所述认证结果为认证通过或者认证未通过。
一种实现方式中,在采用非对称加密技术的情况下,云端服务器以所述特征根装置对应的公有密钥对所述加密后的第二认证信息进行解密。若解密获得的信息与之前发送给服务器的第二认证信息相同,则云端服务器确定该服务器的认证结果为认证通过。若解密获得的信息与之前发送给服务器的第二认证信息不相同,则云端服务器确定该服务器的认证结果为认证未通过。
S307、所述云端服务器向所述服务器发送认证结果,以使得所述服务器接收到所述云端服务器发送的认证结果。
基于上述图7所示的技术方案,云端服务器能够确定插入特征根装置的服务器是否是一个可信的节点,以避免不可信的节点影响运营商网络的安全。
上述主要从服务器角度对本申请实施例提供的方案进行了介绍。可以理解的是,上述服务器为了实现上述功能,其包含了执行各个功能相应的硬件结构或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。本领域技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。
比如,在采用各个功能划分各个功能模块的情况下,图8示出一种MEC平台部署装置的结构示意图。如图8所示,MEC平台部署装置包括:认证模块801、安装模块802以及使能模块803。其中,所述认证模块801用于执行图6中的步骤S201,以及图7中的步骤S301-S305、S307,和/或用于本文所描述的技术的其它过程。所述安装模块802用于执行图6中的步骤S202,和/或用于本文所描述的技术的其它过程。所述使能模块803用于执行图6中的步骤S203和S204,和/或用于本文所描述的技术的其它过程。其中,上述方法实施例涉及的各步骤的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。
作为一个示例,结合图2所示的服务器,图8中的认证模块801、安装模块802以及使能模块803可以由图2中服务器的处理器201来实现,或者,由图2中的服务器的处理器201控制通信接口203来实现,本申请实施例对此不作任何限制。
本申请实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机指令;当所述计算机可读存储介质在图2所示的服务器上运行时,使得该服务器执行本申请实施例图6和图7所示的方法。所述计算机可读存储介质可以是计算机能够存取的任何介质或者是包含一个或多个介质集成的服务器、数据中心等数据存储设备。所述介质可以是磁性介质(例如,软盘、硬盘、磁带),光介质(例如,光盘)、或者半导体介质(例如固态硬盘(solid state disk,SSD))等。另外,所述计算机指令不仅可以存储在计算机可读存储介质中,还可以从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或者数据中心通过有线(例如同轴电缆、光纤、双绞线)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。
本申请实施例还提供一种包含计算机指令的计算机程序产品,当其在计算机上运行时,使得计算机可以执行上述图6和图7所示的方法。
上述本申请实施例提供的服务器、计算机存储介质以及计算机程序产品均用于执行上文所提供的对应的方法,因此,其所能达到的有益效果可参考上文所提供的对应的方法中的有益效果,在此不再赘述。
尽管在此结合各实施例对本申请进行了描述,然而,在实施所要求保护的本申请过程中,本领域技术人员通过查看所述附图、公开内容、以及所附权利要求书,可理解并实现所述公开实施例的其他变化。单个处理器或其他单元可以实现权利要求中列举的若干项功能。相互不同的从属权利要求中记载了某些措施,但这并不表示这些措施不能组合起来产生良好的效果。

Claims (18)

  1. 一种多接入边缘计算MEC平台部署方法,其特征在于,所述方法包括:
    服务器通过特征根装置向云端服务器发起认证流程,所述特征根装置预先存储有用户的数字证书以及第一认证信息;
    在认证通过后,所述服务器安装MEC平台组件,所述MEC平台组件包括本地用户面功能LUPF软件和/或应用程序代理APP agent软件;
    所述服务器使用所述LUPF软件执行边缘策略,所述边缘策略包括分流策略和/或计费策略;和/或,
    所述服务器使用所述APP agent软件实现对本地应用的服务治理。
  2. 根据权利要求1所述的MEC平台部署方法,其特征在于,所述服务器通过特征根装置向云端服务器发起认证流程,包括:
    所述服务器从所述特征根装置获取所述第一认证信息;
    所述服务器向所述云端服务器发送所述第一认证信息;
    所述服务器接收所述云端服务器发送的第二认证信息;
    所述服务器以用户的数字证书对所述第二认证信息进行加密;
    所述服务器向所述云端服务器发送加密后的第二认证信息;
    所述服务器接收所述云端服务器发送的认证结果,所述认证结果为认证通过或者认证未通过。
  3. 根据权利要求1或2所述的MEC平台部署方法,其特征在于,在所述服务器通过特征根装置向云端服务器发起认证流程之后,所述方法还包括:
    在认证通过后,所述服务器接收所述云端服务器发送的会话令牌,所述会话令牌用于标识所述云端服务器和所述服务器之间的会话。
  4. 根据权利要求1至3任一项所述的MEC平台部署方法,其特征在于,在所述服务器安装MEC平台组件之前,所述方法还包括:
    当所述特征根装置预先存储有MEC平台组件的镜像文件时,所述服务器从所述特征根装置获取MEC平台组件的镜像文件;或者,
    所述服务器从所述云端服务器获取MEC平台组件的镜像文件。
  5. 根据权利要求1至4任一项所述的MEC平台部署方法,其特征在于,在所述服务器使用所述LUPF软件执行边缘策略之前,所述方法还包括:
    当所述特征根装置预先存储有所述边缘策略时,所述服务器从所述特征根装置获取所述边缘策略;或者,
    所述服务器从所述云端服务器获取所述边缘策略。
  6. 根据权利要求5所述的MEC平台部署方法,其特征在于,所述服务器使用所述LUPF软件执行边缘策略,包括:
    当所述特征根装置预先存储有策略授权信息时,所述服务器使用所述LUPF软件执行边缘策略,所述策略授权信息用于指示LPUF软件具有执行边缘策略的权限。
  7. 根据权利要求5所述的MEC平台部署方法,其特征在于,所述服务器使用所述APP agent软件实现对本地应用的服务治理,包括:
    所述服务器使用所述APP agent软件向服务治理中心注册本地应用提供的服务。
  8. 根据权利要求5或7所述的MEC平台部署方法,其特征在于,所述服务器使用所述APP agent软件实现对本地应用的服务治理,包括:
    若所述APP agent软件监测到本地应用的进程出现异常,所述服务器使用所述APP agent软件向服务治理中心发送服务状态信息,所述服务状态信息用于通知所述服务治理中心所述本地应用提供的服务不可用。
  9. 一种多接入边缘计算MEC平台部署装置,其特征在于,包括:
    认证模块,用于通过特征根装置向云端服务器发起认证流程,所述特征根装置预先存储有用户的数字证书以及第一认证信息;
    安装模块,用于在认证通过后,安装MEC平台组件,所述MEC平台组件包括本地用户面功能LUPF软件和/或应用程序代理APP agent软件;
    使能模块,用于使用所述LUPF软件执行边缘策略,所述边缘策略包括分流策略和/或计费策略;和/或,使用所述APP agent软件实现对本地应用的服务治理。
  10. 根据权利要求9所述的MEC平台部署装置,其特征在于,所述认证模块,用于通过特征根装置向云端服务器发起认证流程,包括以下步骤:
    从所述特征根装置获取所述第一认证信息;
    向所述云端服务器发送所述第一认证信息;
    接收所述云端服务器发送的第二认证信息;
    以用户的数字证书对所述第二认证信息进行加密;
    向所述云端服务器发送加密后的第二认证信息;
    接收所述云端服务器发送的认证结果,所述认证结果为认证通过或者认证未通过。
  11. 根据权利要求9或10所述的MEC平台部署装置,其特征在于,所述认证模块,还用于在认证通过后,接收所述云端服务器发送的会话令牌,所述会话令牌用于标识所述云端服务器和所述服务器之间的会话。
  12. 根据权利要求9至11任一项所述的MEC平台部署装置,其特征在于,所述安装模块,还用于当所述特征根装置预先存储有MEC平台组件的镜像文件时,从所述特征根装置获取MEC平台组件的镜像文件;或者,从所述云端服务器获取MEC平台组件的镜像文件。
  13. 根据权利要求9至12任一项所述的MEC平台部署装置,其特征在于,所述使能模块,还用于当所述特征根装置预先存储有所述边缘策略时,从所述特征根装置获取所述边缘策略;或者,从所述云端服务器获取所述边缘策略。
  14. 根据权利要求13所述的MEC平台部署装置,其特征在于,所述使能模块,用于使用所述LUPF软件执行边缘策略,包括:当所述特征根装置预先存储有策略授权信息时,使用所述LUPF软件执行边缘策略,所述策略授权信息用于指示LPUF软件具有执行边缘策略的权限。
  15. 根据权利要求13所述的MEC平台部署装置,其特征在于,所述使能模块,用于使用所述APP agent软件实现对本地应用的服务治理,包括:使用所述APP agent软件向服务治理中心注册本地应用提供的服务。
  16. 根据权利要求13或15所述的MEC平台部署装置,其特征在于,所述使能模块,用于使用所述APP agent软件实现对本地应用的服务治理,包括:若所述APP agent软件监测到本地应用的进程出现异常,使用所述APP agent软件向服务治理中心发送服务状态信息,所述服务状态信息用于通知所述服务治理中心所述本地应用提供的服务不可用。
  17. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有指令,当所述计算机可读存储介质在计算机上运行时,使得计算机执行权利要求1至8任一项所述 的多接入边缘计算MEC平台部署方法。
  18. 一种包含指令的计算机程序产品,其特征在于,当所述计算机程序产品在计算机上运行时,使得计算机执行权利要求1至8任一项所述的多接入边缘计算MEC平台部署方法。
PCT/CN2019/087776 2018-09-21 2019-05-21 Mec平台部署方法及装置 WO2020057163A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP19861838.1A EP3846522A4 (en) 2018-09-21 2019-05-21 METHOD AND DEVICE FOR DEPLOYING AN MEC PLATFORM
US17/207,232 US12149519B2 (en) 2018-09-21 2021-03-19 MEC platform deployment method and apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811109750.7A CN110944330B (zh) 2018-09-21 2018-09-21 Mec平台部署方法及装置
CN201811109750.7 2018-09-21

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/207,232 Continuation US12149519B2 (en) 2018-09-21 2021-03-19 MEC platform deployment method and apparatus

Publications (1)

Publication Number Publication Date
WO2020057163A1 true WO2020057163A1 (zh) 2020-03-26

Family

ID=69888221

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/087776 WO2020057163A1 (zh) 2018-09-21 2019-05-21 Mec平台部署方法及装置

Country Status (3)

Country Link
EP (1) EP3846522A4 (zh)
CN (1) CN110944330B (zh)
WO (1) WO2020057163A1 (zh)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740842A (zh) * 2020-06-10 2020-10-02 李彩云 基于云边端协同的通信信息处理方法及云端通信服务器
WO2022095734A1 (zh) * 2020-11-04 2022-05-12 中移(苏州)软件技术有限公司 一种信息处理方法、装置、设备、系统、介质及程序
US11340956B2 (en) 2020-09-11 2022-05-24 Toyota Motor Engineering & Manufacturing North America, Inc. Systems and methods for dynamic prediction and optimization of edge server scheduling

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111615128A (zh) * 2020-05-25 2020-09-01 浙江九州云信息科技有限公司 一种多接入边缘计算方法、平台及系统
CN111651240A (zh) * 2020-06-04 2020-09-11 浙江九州云信息科技有限公司 一种多接入边缘计算平台管理方法及装置
CN111835772B (zh) * 2020-07-15 2022-02-18 中国电子技术标准化研究院 一种基于边缘计算的用户身份认证方法、装置
CN114071799B (zh) * 2020-08-10 2024-09-17 华为技术有限公司 管理会话连接的方法和装置
CN114125838B (zh) * 2020-08-31 2024-09-24 中国电信股份有限公司 Mec应用接入认证授权方法、系统和mec业务管理平台
CN112130931B (zh) * 2020-09-27 2023-01-06 联想(北京)有限公司 一种应用部署方法、节点、系统及存储介质
CN112243224B (zh) * 2020-10-15 2022-08-02 中国联合网络通信集团有限公司 一种边缘计算网络实现方法及装置
CN115529144B (zh) * 2021-06-24 2024-06-18 中移(成都)信息通信科技有限公司 通信系统、方法、装置、第一设备、第二设备及存储介质
CN113891359B (zh) * 2021-10-11 2023-06-20 中国联合网络通信集团有限公司 一种数据处理方法、装置及存储介质
CN113986207B (zh) * 2021-11-16 2024-09-17 航天信息股份有限公司 一种软件架构生成、调用方法及装置
CN114268478B (zh) * 2021-12-14 2023-04-25 中国联合网络通信集团有限公司 边缘云平台的调用请求鉴权方法、装置、设备及介质
CN114666131A (zh) * 2022-03-22 2022-06-24 阿里巴巴(中国)有限公司 证书管理系统、证书管理方法及证书管理系统的构建方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104125251A (zh) * 2013-04-26 2014-10-29 华茂云天科技(北京)有限公司 一种基于虚拟化技术的云计算安全终端
US9942825B1 (en) * 2017-03-27 2018-04-10 Verizon Patent And Licensing Inc. System and method for lawful interception (LI) of Network traffic in a mobile edge computing environment
CN108292245A (zh) * 2015-11-24 2018-07-17 Nec实验室欧洲有限公司 用于管理和编排虚拟网络功能和网络应用的方法和网络

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6507854B2 (ja) * 2015-05-28 2019-05-08 株式会社リコー 情報処理システム、情報処理装置、電子証明書の管理方法、及びプログラム
CN106936766A (zh) * 2015-12-29 2017-07-07 大唐高鸿信安(浙江)信息科技有限公司 基于可信芯片的可信云自动部署系统及方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104125251A (zh) * 2013-04-26 2014-10-29 华茂云天科技(北京)有限公司 一种基于虚拟化技术的云计算安全终端
CN108292245A (zh) * 2015-11-24 2018-07-17 Nec实验室欧洲有限公司 用于管理和编排虚拟网络功能和网络应用的方法和网络
US9942825B1 (en) * 2017-03-27 2018-04-10 Verizon Patent And Licensing Inc. System and method for lawful interception (LI) of Network traffic in a mobile edge computing environment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LÜ , HUAZHANG ET AL.: "Standardization Progress and Case Analysis of Edge Computing", JOURNAL OF COMPUTER RESEARCH AND DEVELOPMENT, vol. 55, no. 3, 15 March 2018 (2018-03-15), pages 491 - 501, XP055696775, DOI: 10.7544/issn1000-1239.2018.20170778 *
See also references of EP3846522A4

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740842A (zh) * 2020-06-10 2020-10-02 李彩云 基于云边端协同的通信信息处理方法及云端通信服务器
CN111740842B (zh) * 2020-06-10 2021-02-05 深圳宇翊技术股份有限公司 基于云边端协同的通信信息处理方法及云端通信服务器
US11340956B2 (en) 2020-09-11 2022-05-24 Toyota Motor Engineering & Manufacturing North America, Inc. Systems and methods for dynamic prediction and optimization of edge server scheduling
WO2022095734A1 (zh) * 2020-11-04 2022-05-12 中移(苏州)软件技术有限公司 一种信息处理方法、装置、设备、系统、介质及程序
CN114531467A (zh) * 2020-11-04 2022-05-24 中移(苏州)软件技术有限公司 一种信息处理方法、设备和系统
CN114531467B (zh) * 2020-11-04 2023-04-14 中移(苏州)软件技术有限公司 一种信息处理方法、设备和系统
US11928449B2 (en) 2020-11-04 2024-03-12 China Mobile (Suzhou) Software Technology Co., Ltd. Information processing method, device, apparatus and system, medium, andprogram

Also Published As

Publication number Publication date
CN110944330A (zh) 2020-03-31
US20210297410A1 (en) 2021-09-23
EP3846522A4 (en) 2021-10-13
EP3846522A1 (en) 2021-07-07
CN110944330B (zh) 2021-06-22

Similar Documents

Publication Publication Date Title
WO2020057163A1 (zh) Mec平台部署方法及装置
JP7457173B2 (ja) モノのインターネット(iot)デバイスの管理
US20230084344A1 (en) Private cloud control
WO2022095730A1 (zh) 业务通信方法、系统、装置及电子设备
EP3410759B1 (en) Method and access point for accessing network by internet-of-things device
US11777865B2 (en) Discovery and adjustment of path maximum transmission unit
CN107534557B (zh) 提供访问控制和单点登录的身份代理
JP5961638B2 (ja) アプリケーション証明のためのシステムおよび方法
CN109936529B (zh) 一种安全通信的方法、装置和系统
JP2015526776A (ja) 機器同士の間の通信セッション転送
US20230389091A1 (en) Communication method and apparatus, computer-readable medium, and electronic device
JP2016522509A (ja) 仮想ネットワーク機能マネージャによる仮想インフラストラクチャマネージャへのアクセスの自動化構成
US11989284B2 (en) Service API invoking method and related apparatus
US11010486B2 (en) Secure offline streaming of content
JP7535022B2 (ja) 機器をリモートで管理するための装置、方法及びそのためのプログラム
CN117278275A (zh) 访问权限调整方法、装置及存储介质
US11871236B2 (en) Method and a system for dynamic discovery of multi-access edge computing (MEC) applications
US12149519B2 (en) MEC platform deployment method and apparatus
CN114239010B (zh) 一种多节点分布式认证方法、系统、电子设备及介质
WO2024037215A1 (zh) 通信方法及装置
CN117319023A (zh) 建立安全连接的方法及装置
CN118827210A (zh) 设备的认证方法和装置、存储介质及电子设备
CN112073197A (zh) 一种控制方法及设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19861838

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2019861838

Country of ref document: EP

Effective date: 20210330