| Along with the rapid growth of the size of China Mobile's communication network, the size of its operation maintaining and network management supporting system is also growing rapidly. Facing the increasingly larger network maintenance supporting system composed of components from different specialties, different manufacturers and different regions, traditional Single Sign-on and separated management of system accounts, passwords and logs make the centralized operation maintenance tasks across regions, specialties and systems become increasingly complicated, greatly reducing working efficiency and getting more and more difficult to adapt to the demand arising from the in-depth carrying out of the "Three-Centralization"(centralized monitoring, centralized maintenance and centralized management) of China Mobile's network operation maintenance. Consequently, building a unified and integrated centralized access platform becomes an urgent matter of and an important approach to advancing the "Three-Centralization" operation maintenance tasks in depth and improving production efficiency rapidly.As the centralized access control point of network operation maintenance terminals and network management supporting systems, the centralized access platform manages the login accounts and passwords centrally, as well as audits the operation logs centrally. Though the correspondence with their corresponding equipment usernames and passwords, users of the centralized accessing platform can realize operating the maintenance terminals and network management systems of equipments which are in their privilege scope immediately when they login the platform, which equipments are distributed in different regions and are from various specialties and various manufacturers.After completing the identity authentication of an accessing user, in accordance with authorization information which is determined beforehand, the system controls the scope of equipments which can be accessed by the accessing user as well as the applications and services which can be used by the accessing user, prevents unauthorized accesses and operations, and records operation behaviors of the accessing user through the centralized management and auditing of logs,so as to provide an efficient, safe and reliable management platform through controlling resource access and auditing the maintenance operation performed to the system, so that an enterprise improving the internal control and enhancing the standardization of the internal flow to meet related auditing requirements can be guaranteed in terms of technology.In this paper, first from the analysis of system functions and operational requirements,and the identity authentication, access policy management, business systems concentrate authority, business life cycle management, user role management, log management requirements analysis and integration, functional framework of the system are:single point landing, centralized authentication, centralized authorization, centralized user management, centralized auditing, unified user level process management 6.And six levels of each of the specific business objectives.Then this paper, system design, platform design, data modeling, interface design, public assembly design 5 are described in detail the principles of design, technology platform selection, data logic and construction of physical models, ER diagram design,encryption design, system interface design, and internal and external business functions the system point of realization. The paper highlights the difficulties described in this project:agreement, functional access control, database records control, security policy, the main functional components of responsibility, authority control design.Finally, functional testing and performance testing from the two test cases of the system was introduced, and the problems of the platform and the summary and future development prospects. |
PDF Full Text Request