[go: up one dir, main page]

CN105071959A - Plug-and-play management method and system based on unified registration of power network devices - Google Patents

Plug-and-play management method and system based on unified registration of power network devices Download PDF

Info

Publication number
CN105071959A
CN105071959A CN201510462814.1A CN201510462814A CN105071959A CN 105071959 A CN105071959 A CN 105071959A CN 201510462814 A CN201510462814 A CN 201510462814A CN 105071959 A CN105071959 A CN 105071959A
Authority
CN
China
Prior art keywords
equipment
grid
grid equipment
control
digital certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510462814.1A
Other languages
Chinese (zh)
Inventor
狄方春
李大鹏
黄运豪
李立新
张逸
陈金祥
刘文亮
熊军
郝阳春
谢涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd
State Grid Fujian Electric Power Co Ltd
Xiamen Power Supply Co of State Grid Fujian Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd
State Grid Fujian Electric Power Co Ltd
Xiamen Power Supply Co of State Grid Fujian Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, China Electric Power Research Institute Co Ltd CEPRI, Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd, State Grid Fujian Electric Power Co Ltd, Xiamen Power Supply Co of State Grid Fujian Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201510462814.1A priority Critical patent/CN105071959A/en
Publication of CN105071959A publication Critical patent/CN105071959A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • H04L41/0809Plug-and-play configuration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明提供一种基于电网设备统一注册的即插即用的管理方法和系统,所述方法包括如下步骤:(1)生成每个电网设备的数字证书,并将数字证书进行离线发放到电网设备;(2)对接入的电网设备根据其数字证书进行身份认证,通过后进行合法设备登记;(3)对已注册的电网设备进行实时动态监视;(4)设置已注册电网设备之间的发现和控制权限;(5)已注册电网设备A在所述发现和控制权限范围内,发现和控制所需功能的其他已注册的电网设备B。本发明对所有电网设备的注册、发现、描述、控制、事件和展示,实现了电网设备与系统的自动识别、自动接入的零配置联网。

The present invention provides a plug-and-play management method and system based on unified registration of grid equipment, the method includes the following steps: (1) generating a digital certificate for each grid equipment, and issuing the digital certificate to the grid equipment offline ; (2) Perform identity authentication on the connected grid equipment according to its digital certificate, and register the legal equipment after passing; (3) Real-time dynamic monitoring of the registered grid equipment; (4) Set up the registered grid equipment Discovery and control authority; (5) The registered grid equipment A discovers and controls other registered grid equipment B with required functions within the scope of the discovery and control authority. The invention realizes the zero-configuration networking of the automatic identification and automatic connection of the grid equipment and the system for the registration, discovery, description, control, event and display of all grid equipment.

Description

一种基于电网设备统一注册的即插即用的管理方法和系统A plug-and-play management method and system based on unified registration of grid equipment

技术领域technical field

本发明设计一种电网设备的管理方法和系统,具体设计一种基于电网设备统一注册的即插即用的管理方法和系统。The invention designs a management method and system for power grid equipment, specifically a plug-and-play management method and system based on unified registration of power grid equipment.

背景技术Background technique

电网能量管理系统(EMS)是一种计算机系统,通过分布在电力系统中的监控、采集信息单元,实现对电网中所有设备的管理,保证电能的正常生产和消费。为实现这一目的,电网能量管理系统必须清楚的知道电力系统中包含哪些设备,即需要在计算机系统中建立所有电网设备的模型,并清楚所有设备的连接关系。The grid energy management system (EMS) is a computer system that manages all equipment in the grid through the monitoring and information collection units distributed in the power system to ensure the normal production and consumption of electric energy. In order to achieve this goal, the grid energy management system must clearly know which equipment is included in the power system, that is, it is necessary to establish a model of all grid equipment in the computer system and know the connection relationship of all equipment.

调度控制系统作为电网的管理系统,需要建立电网的详细模型。传统方式是在电网中增加一个设备时,需要通过层层上报,由调度人员手动在系统中建立相应设备的模型,并接入已有系统中,需要花费大量的人力和时间成本,尤其是新增变电站设备时,由于变电站建模采用61850标准,调控主站建模采用61970标准,因此需要在变电站端和调控主站端分别依据采用的标准建立同一个设备的模型,存在大量重复性工作,而且会造成所建模型不一致的问题。这些问题限制了电网的快速发展,也不符合智能电网的要求。未来随着智能电网的发展,需要实现快速建模,即当一个电网设备(或设备组,如发电厂、变电站或用户)接入电网时,在不需要任何人员干涉的情况下即可被电网的其它部分以及控制中心所识别,并进行良好的协调运行,实现电网中所有能量与信息设备的即插即用。As the management system of the power grid, the dispatch control system needs to establish a detailed model of the power grid. The traditional method is that when adding a device to the power grid, it needs to be reported layer by layer, and the dispatcher manually builds the model of the corresponding device in the system and connects it to the existing system, which requires a lot of manpower and time. When adding substation equipment, since the substation modeling adopts the 61850 standard and the control master station adopts the 61970 standard, it is necessary to establish the same equipment model at the substation end and the control master station according to the adopted standards, and there is a lot of repetitive work. And it will cause the inconsistency of the built model. These problems limit the rapid development of the grid and do not meet the requirements of the smart grid. With the development of smart grid in the future, it is necessary to achieve rapid modeling, that is, when a grid device (or device group, such as a power plant, substation or user) is connected to the grid, it can be controlled by the grid without any human intervention. It is recognized by other parts of the system and the control center, and performs good coordinated operation to realize the plug and play of all energy and information equipment in the grid.

现有电力系统的调度一般以厂站或间隔为管理粒度,电网管理未进一步细化到电网设备,缺少统一的设备管理规范和管理中心,设备即插即用还停留在理论研究阶段。The dispatching of the existing power system generally takes the plant or interval as the management granularity, and the power grid management has not been further refined to the power grid equipment, lacking a unified equipment management specification and management center, and the plug and play of equipment is still in the theoretical research stage.

发明内容Contents of the invention

为了克服上述现有技术的不足,本发明提供一种基于电网设备统一注册的即插即用的管理方法和系统,本发明对所有电网设备的注册、发现、描述、控制、事件和展示,实现了电网设备与系统的自动识别、自动接入的零配置联网。In order to overcome the shortcomings of the above-mentioned prior art, the present invention provides a plug-and-play management method and system based on the unified registration of grid equipment. Zero-configuration networking for automatic identification and automatic connection of power grid equipment and systems.

为了实现上述发明目的,本发明采取如下技术方案:In order to realize the above-mentioned purpose of the invention, the present invention takes the following technical solutions:

一种基于电网设备统一注册的即插即用的管理方法,所述方法包括如下步骤:A plug-and-play management method based on unified registration of grid equipment, the method includes the following steps:

(1)生成每个电网设备的数字证书,并将数字证书进行离线发放到电网设备;(1) Generate a digital certificate for each grid device, and issue the digital certificate offline to the grid device;

(2)对接入的电网设备根据其数字证书进行身份认证,通过后进行合法设备登记;(2) Conduct identity authentication on the connected grid equipment according to its digital certificate, and register the legal equipment after passing;

(3)对已注册的电网设备进行实时动态监视;(3) Real-time dynamic monitoring of registered grid equipment;

(4)设置已注册电网设备之间的发现和控制权限;(4) Set the discovery and control authority between registered grid devices;

(5)已注册电网设备A在所述发现和控制权限范围内,发现和控制所需功能的其他已注册的电网设备B。(5) The registered grid device A discovers and controls other registered grid devices B with required functions within the scope of discovery and control authority.

优选的,所述步骤(1)中,所述数字证书中包括电网设备的名字、类型、区域、IP、端口、数字证书地址和权限。Preferably, in the step (1), the digital certificate includes the name, type, area, IP, port, digital certificate address and authority of the grid equipment.

优选的,所述步骤(3)中,所述动态监视利用即插即用管理机制,包括如下步骤:Preferably, in the step (3), the dynamic monitoring utilizes a plug-and-play management mechanism, including the following steps:

步骤3-1、对所有会发生的事件主题进行订阅;Step 3-1. Subscribe to all event topics that will occur;

步骤3-2、当已注册电网设备发生变更时,将变更信息存储到数据库中,同时显示实时消息并更改电网设备状态信息;Step 3-2. When the registered grid equipment changes, store the change information in the database, display real-time messages and change the status information of the grid equipment;

步骤3-3、对数据库中的消息进行整理,获知电网设备的生命轨迹。Step 3-3, sort out the messages in the database, and learn the life trajectory of the grid equipment.

优选的,所述步骤(4)中,设置所述发现和控制权限是通过查询设备权限表,根据查询结果决定是否具有电网设备的访问权限,继而允许或拒绝访问请求,所述设备权限表记录了各个电网设备的访问其他电网设备权限。Preferably, in the step (4), setting the discovery and control authority is by querying the device authority table, deciding whether to have the access authority of the power grid equipment according to the query result, and then allowing or denying the access request. The device authority table records Each power grid device has access to other power grid devices.

优选的,所述步骤(5)中,所述电网设备A作为控制设备,所述电网设备B作为被控设备,控制设备查询或控制被控设备,包括如下步骤:Preferably, in the step (5), the grid equipment A is used as the control equipment, and the grid equipment B is used as the controlled equipment, and the control equipment queries or controls the controlled equipment, including the following steps:

步骤5-1、控制设备获得被控制设备的详细信息之后,开始控制和查询被控制设备,具体控制功能取决于每个电网设备宣告的服务;Step 5-1. After the control device obtains the detailed information of the controlled device, it starts to control and query the controlled device. The specific control function depends on the service announced by each grid device;

步骤5-2、控制设备通过远程调用被控制设备的控制和查询指令,具体动作有被控制设备完成;Step 5-2. The control device calls the control and query instructions of the controlled device remotely, and the specific actions are completed by the controlled device;

步骤5-3、控制和查询结果返回到控制设备。Step 5-3, control and query results are returned to the control device.

优选的,所述步骤(2)之后还包括对权限范围内电网设备的运行控制,包括如下步骤:Preferably, after the step (2), the operation control of the power grid equipment within the scope of authority is also included, including the following steps:

a、获取管辖范围内的所有电网设备设备列表,并通过即插即用机制对所有可能发生的事件进行订阅;a. Obtain a list of all grid equipment within the jurisdiction, and subscribe to all possible events through the plug-and-play mechanism;

b、当电网设备发生变更时,对电网设备进行“允许注册”、“拒绝注册”、“拒绝更新”和“强制离线”的控制;b. When the grid equipment changes, control the grid equipment by "allowing registration", "refusal to register", "refusal to update" and "forced offline";

c、将电网设备在系统中的权限写入数据库,以备其他系统调用。c. Write the authority of the grid equipment in the system into the database for other system calls.

优选的,所述步骤(2)之后还包括从电网设备接收或订阅事件,在事件发生时,转发事件到订阅的电网设备。Preferably, after the step (2), it also includes receiving or subscribing events from the grid equipment, and forwarding the event to the subscribed grid equipment when the event occurs.

优选的,一种基于电网设备统一注册的即插即用的管理系统,所述系统包括:Preferably, a plug-and-play management system based on unified registration of grid equipment, the system includes:

数字证书管理模块,用于生成每个电网设备的数字证书,并将数字证书进行离线发放到电网设备,以及对数字证书的撤销、修改和导出;The digital certificate management module is used to generate the digital certificate of each grid equipment, issue the digital certificate to the grid equipment offline, and revoke, modify and export the digital certificate;

设备接入管理模块,用于对接入的电网设备根据其数字证书进行身份认证,通过后进行合法设备登记;The equipment access management module is used to authenticate the connected power grid equipment according to its digital certificate, and register the legal equipment after passing;

设备动态监视模块,用于对已注册的电网设备进行实时动态监视;The equipment dynamic monitoring module is used for real-time dynamic monitoring of registered grid equipment;

设备访问管控模块,用于设置已注册电网设备之间的发现和控制权限;The device access control module is used to set the discovery and control authority between registered grid devices;

设备查询服务模块,用于已注册电网设备A在所述发现和控制权限范围内,发现和控制所需功能的其他已注册的电网设备B。The device query service module is used for the registered grid device A to discover and control other registered grid devices B with required functions within the scope of the discovery and control authority.

优选的,所述系统还包括:Preferably, the system also includes:

设备运行控制模块,用于对权限范围内电网设备的运行控制;Equipment operation control module, used to control the operation of power grid equipment within the scope of authority;

事件服务模块,用于从电网设备接收或订阅事件,在事件发生时,转发事件到订阅的电网设备。The event service module is used for receiving or subscribing events from the grid equipment, and forwarding the event to the subscribed grid equipment when the event occurs.

与现有技术相比,本发明的有益效果在于:Compared with prior art, the beneficial effect of the present invention is:

本发明中电网设备作为电网最基本的管理对象,按实际物理属性组合为设备组,建立统一注册管理中心,借鉴即插即用技术,实现所有电网设备的注册、发现、描述、控制、事件和展示,实现了电网设备与系统的自动识别、自动接入的零配置联网,有效地解决了电网设备接入系统时调试工作费时、费力和容易出差错问题。本专利提供的统一注册管理方法可在智能电网的发、输、配、变、用所有领域进行推广应用,可提高这些环节的智能化水平,在智能电网中有着广泛的应用前景,具有极高的潜在经济效益和社会效益。In the present invention, as the most basic management object of the power grid, the grid equipment is combined into a device group according to the actual physical attributes, and a unified registration management center is established, and the plug-and-play technology is used for reference to realize the registration, discovery, description, control, event and registration of all grid equipment. It demonstrates that the zero-configuration networking of grid equipment and system automatic identification and automatic connection is realized, which effectively solves the problem of time-consuming, laborious and error-prone debugging work when grid equipment is connected to the system. The unified registration management method provided by this patent can be popularized and applied in all fields of smart grid transmission, transmission, distribution, transformation, and use, and can improve the intelligence level of these links. It has broad application prospects in smart grids and has extremely high potential economic and social benefits.

附图说明Description of drawings

图1是本发明提供的基于电网设备统一注册的即插即用的管理方法流程图Figure 1 is a flow chart of the plug-and-play management method based on the unified registration of grid equipment provided by the present invention

图2是本发明提供的基于电网设备统一注册的即插即用的管理系统结构图Figure 2 is a structural diagram of the plug-and-play management system based on the unified registration of grid equipment provided by the present invention

具体实施方式Detailed ways

下面结合附图对本发明作进一步详细说明。The present invention will be described in further detail below in conjunction with the accompanying drawings.

一种基于电网设备统一注册的即插即用的管理方法,该方法如下步骤:A plug-and-play management method based on unified registration of grid equipment, the method is as follows:

(1)生成每个电网设备的数字证书,并将数字证书进行离线发放到电网设备;(1) Generate a digital certificate for each grid device, and issue the digital certificate offline to the grid device;

(2)对接入的电网设备根据其数字证书进行身份认证,通过后进行合法设备登记;(2) Conduct identity authentication on the connected grid equipment according to its digital certificate, and register the legal equipment after passing;

(3)对已注册的电网设备进行实时动态监视;(3) Real-time dynamic monitoring of registered grid equipment;

(4)设置已注册电网设备之间的发现和控制权限;(4) Set the discovery and control authority between registered grid devices;

(5)已注册电网设备A在所述发现和控制权限范围内,发现和控制所需功能的其他已注册的电网设备B。(5) The registered grid device A discovers and controls other registered grid devices B with required functions within the scope of discovery and control authority.

所述数字证书中包括电网设备的名字、类型、区域、IP、端口、数字证书地址和权限。The digital certificate includes the name, type, area, IP, port, digital certificate address and authority of the grid equipment.

所述动态监视利用即插即用管理机制,包括如下步骤:The dynamic monitoring utilizes a plug-and-play management mechanism, comprising the steps of:

步骤3-1、对所有会发生的事件主题进行订阅;Step 3-1. Subscribe to all event topics that will occur;

步骤3-2、当已注册电网设备发生变更时,将变更信息存储到数据库中,同时显示实时消息并更改电网设备状态信息;Step 3-2. When the registered grid equipment changes, store the change information in the database, display real-time messages and change the status information of the grid equipment;

步骤3-3、对数据库中的消息进行整理,获知电网设备的生命轨迹。Step 3-3, sort out the messages in the database, and learn the life trajectory of the grid equipment.

设置所述发现和控制权限是通过查询设备权限表,根据查询结果决定是否具有电网设备的访问权限,继而允许或拒绝访问请求,所述设备权限表记录了各个电网设备的访问其他电网设备权限。The discovery and control permission is set by querying the device permission table, and deciding whether to have the access permission of the grid equipment according to the query result, and then allowing or denying the access request. The device permission table records the access permission of each grid equipment to other grid equipment.

所述电网设备A作为控制设备,所述电网设备B作为被控设备,控制设备查询或控制被控设备,包括如下步骤:The grid equipment A is used as the control equipment, and the grid equipment B is used as the controlled equipment, and the control equipment queries or controls the controlled equipment, including the following steps:

步骤5-1、控制设备获得被控制设备的详细信息之后,开始控制和查询被控制设备,具体控制功能取决于每个电网设备宣告的服务;Step 5-1. After the control device obtains the detailed information of the controlled device, it starts to control and query the controlled device. The specific control function depends on the service announced by each grid device;

步骤5-2、控制设备通过远程调用被控制设备的控制和查询指令,具体动作有被控制设备完成;Step 5-2. The control device calls the control and query instructions of the controlled device remotely, and the specific actions are completed by the controlled device;

步骤5-3、控制和查询结果返回到控制设备。Step 5-3, control and query results are returned to the control device.

注册管理系统对权限范围内电网设备的运行控制,包括如下步骤:The registration management system controls the operation of power grid equipment within the scope of authority, including the following steps:

步骤6-1、获取管辖范围内的所有电网设备设备列表,并通过即插即用机制对所有可能发生的事件进行订阅;Step 6-1. Obtain a list of all grid equipment within the jurisdiction, and subscribe to all possible events through the plug-and-play mechanism;

步骤6-2、当电网设备发生变更时,对电网设备进行“允许注册”、“拒绝注册”、“拒绝更新”和“强制离线”的控制;Step 6-2. When the grid equipment changes, control the grid equipment to "allow registration", "deny registration", "refuse update" and "forced offline";

步骤6-3、将电网设备在系统中的权限写入数据库,以备其他系统调用。Step 6-3. Write the authority of the grid equipment in the system into the database for other system calls.

优选的,所述步骤(2)之后还包括从电网设备接收或订阅事件,在事件发生时,转发事件到订阅的电网设备。Preferably, after the step (2), it also includes receiving or subscribing events from the grid equipment, and forwarding the event to the subscribed grid equipment when the event occurs.

注册管理系统包括如下功能模块:The registration management system includes the following functional modules:

1)数字证书管理模块1) Digital certificate management module

数字证书管理模块是注册管理系统中安全防护的第一道关口,实现了电网设备的授权管理。数字证书管理功能设计上与调度数字证书相兼容,证书信息加密存储。可由国家电力调度控制中心统一颁发调度数字证书,以实现统一的安全防护。The digital certificate management module is the first gate of security protection in the registration management system, which realizes the authorization management of power grid equipment. The digital certificate management function is designed to be compatible with the scheduling digital certificate, and the certificate information is encrypted and stored. The dispatching digital certificate can be uniformly issued by the National Power Dispatching Control Center to achieve unified security protection.

数字证书管理实现了“生成数字证书”、“撤消数字证书”、“修改数字证书”、“导出数字证书”等数字证书操控功能,并且可以浏览展示所有电网设备对象的数字证书,通过消息总线和服务总线与整个电网系统进行信息交互。Digital certificate management realizes digital certificate manipulation functions such as "generate digital certificate", "revoke digital certificate", "modify digital certificate" and "export digital certificate", and can browse and display digital certificates of all power grid equipment objects, through message bus and The service bus exchanges information with the entire power grid system.

数字证书管理Digital Certificate Management

注册管理中心对新申请注册的电网设备进行离线数字证书发放。数字证书管理包含“生成数字证书”、“撤消数字证书”、“修改数字证书”、“导出数字证书”等功能。数字证书中记录了名字、类型、区域、IP、端口、数字证书地址、可用性等即插即用的电网设备对象基本属性,根据调控系统加密标准加密后存入数字证书文件,同时将相关属性存储到数字证书数据库里。当需要时,可以离线导出数字证书到电网设备,用于设备即插即用的识别和配置。当电网设备信息发生变更时,可以修改数字证书,同时更新数字证书数据库。当电网设备不再使用时,可以撤销其数字证书。The registration management center issues offline digital certificates to newly registered grid equipment. Digital certificate management includes functions such as "generate digital certificate", "revoke digital certificate", "modify digital certificate" and "export digital certificate". The digital certificate records the basic properties of plug-and-play power grid equipment objects such as name, type, area, IP, port, digital certificate address, availability, etc., and stores them in the digital certificate file after being encrypted according to the encryption standard of the control system, and at the same time stores the relevant properties into the digital certificate database. When needed, digital certificates can be exported offline to grid equipment for plug-and-play identification and configuration. When the grid equipment information changes, the digital certificate can be modified and the digital certificate database can be updated at the same time. When grid equipment is no longer in use, its digital certificate can be revoked.

2)设备接入管理模块2) Device access management module

注册管理中心通过发放数字证书和注册过程来控制设备的接入。注册服务根据发放的证书情况,对申请注册的设备身份信息进行认证,判断其是否为合法设备,对合法设备进行登记。当设备注销后,注册管理中心对设备状态进行相应改动。注册服务的具体交互设计:在注册管理中心运行注册服务的server端,在电网设备准备接入注册管理系统时,其调用注册服务的API接口向注册管理中心发起连接请求,注册服务server端收到请求后,会向权限服务发起请求,获取此电网设备的接入权限,然后允许或拒绝设备的接入请求。The registration management center controls the access of devices through the issuance of digital certificates and the registration process. The registration service authenticates the identity information of the device applying for registration according to the issued certificate, judges whether it is a legal device, and registers the legal device. When the device is deregistered, the registration management center will make corresponding changes to the device status. The specific interaction design of the registration service: the server side of the registration service runs in the registration management center. When the power grid equipment is ready to connect to the registration management system, it calls the API interface of the registration service to initiate a connection request to the registration management center, and the registration service server receives the After the request, it will initiate a request to the permission service to obtain the access permission of the grid device, and then allow or deny the access request of the device.

3)设备查询服务模块3) Device query service module

注册管理中心维护已注册的设备清单服务,使接入系统的设备能够通过它发现所有电网设备。The registration management center maintains the registered device list service, so that the devices connected to the system can discover all grid devices through it.

在发现过程中,设备可以通过发现服务向注册管理中心宣告自身的存在及其服务,也可以通过发现服务在注册管理中心中查询感兴趣的设备。根据数字证书中的设备权限属性,对设备可以发现和被发现的设备范围、可以使用的服务范围、可以控制和被控制的设备范围、可以发送和订阅的事件范围等进行管理。During the discovery process, the device can announce its existence and services to the registration management center through the discovery service, and can also query the interested device in the registration management center through the discovery service. According to the device authority attribute in the digital certificate, manage the range of devices that can be discovered and discovered, the range of services that can be used, the range of devices that can be controlled and controlled, the range of events that can be sent and subscribed, etc.

4)设备访问管控模块4) Device access control module

访问管控模块用于设置电网设备之间的发现和控制权限,允许或者拒绝电网设备的发现和控制行为。注册管理中心维护着设备权限表,设备权限表存储设备与设备之间的发现和控制权限。电网设备发起发现请求时,需要调用注册管理中心的发现服务,此时注册管理中心会查询设备权限表,根据查询结果决定是否具备访问权限,继而允许或者拒绝访问请求。The access management and control module is used to set the discovery and control authority between grid devices, allowing or denying the discovery and control behavior of grid devices. The registration management center maintains a device permission table, and the device permission table stores discovery and control permissions between devices. When a power grid device initiates a discovery request, it needs to call the discovery service of the registration management center. At this time, the registration management center will query the device permission table, determine whether it has access rights according to the query results, and then allow or deny the access request.

5)设备动态监视模块5) Equipment dynamic monitoring module

电网设备动态监视模块主要由实时消息监视、对象状态信息、对象生命轨迹三个部分组成。当系统中已注册的电网设备状态发生变更时,实时消息监视会即时获取变更消息,存储到数据库,并通过界面实时显示出来;根据实时消息变更电网设备的状态信息,比如运行状态、注册状态、发现状态、更新状态等;通过对实时消息整理归类,还可以查看电网设备对象的生命轨迹。The power grid equipment dynamic monitoring module is mainly composed of three parts: real-time message monitoring, object status information, and object life trajectory. When the status of the registered grid equipment in the system changes, the real-time message monitoring will obtain the change information in real time, store it in the database, and display it in real time through the interface; change the status information of the grid equipment according to the real-time message, such as operating status, registration status, Discover status, update status, etc.; by sorting and categorizing real-time messages, you can also view the life trajectory of power grid equipment objects.

对象动态监视object dynamic monitoring

动态监视主要利用即插即用管理机制,首先对新建、更新、完成等所有可能会发生的事件主题进行订阅;当系统中已注册设备发生变更时,消息总线会通知动态监视模块;动态监视模块获取并解析消息,将消息内容存储到数据库里,同时显示实时消息并更改设备状态信息。最后,对数据库里的消息进行整理,可以获知设备生命轨迹。Dynamic monitoring mainly utilizes the plug-and-play management mechanism, and first subscribes to all possible event topics such as new creation, update, and completion; when the registered device in the system changes, the message bus will notify the dynamic monitoring module; the dynamic monitoring module Get and parse the message, store the message content in the database, display real-time messages and change the device status information at the same time. Finally, sort out the messages in the database to know the life trajectory of the equipment.

6)设备运行控制模块6) Equipment operation control module

通过设备运行控制,实现对电网设备的控制,可以对权限范围内的所有电网设备,实施“允许注册”、“拒绝注册”、“强制更新”、“重新发现”、“拒绝更新”、“强制离线”等功能动作。Through equipment operation control, the control of grid equipment can be realized, and all grid equipment within the scope of authority can be implemented to "allow registration", "deny registration", "force update", "rediscover", "refuse update", "force Offline" and other functional actions.

首先,从注册管理中心获取管辖范围内的所有电网设备列表,并通过即插即用机制对所有可能发生的事件进行订阅;然后,当时电网设备描述发生变更时,消息总线会通知运行控制单元;接着,就可以根据实际情况对电网设备进行“允许注册”、“拒绝注册”、“拒绝更新”、“强制离线”等控制,并将电网设备在系统中的权限写入数据库,以备其他系统调用。First, obtain a list of all grid equipment within the jurisdiction from the registration management center, and subscribe to all possible events through the plug-and-play mechanism; then, when the description of the current grid equipment changes, the message bus will notify the operation control unit; Then, the power grid equipment can be controlled according to the actual situation, such as "allow registration", "deny registration", "refuse update", "forced offline", and write the authority of the power grid equipment in the system to the database for other systems transfer.

7)事件服务模块7) Event service module

事件服务为整个系统提供了良好的消息通知机制,使系统中的设备能及时感知电网中所发生的变化并及时做出反应。事件过程分为两部分:设备通过事件服务向注册管理中心发送事件;设备向注册管理中心订阅事件,在事件发生时,注册管理中心转发事件到订阅者。The event service provides a good message notification mechanism for the whole system, so that the equipment in the system can sense the changes in the power grid in time and respond in time. The event process is divided into two parts: the device sends an event to the registration management center through the event service; the device subscribes the event to the registration management center, and when the event occurs, the registration management center forwards the event to the subscriber.

事件服务的实现基础就是消息总线和服务总线。电网设备通过消息总线的接口向管注册理中心发布/订阅事件,注册管理中心维护发布/订阅信息,从发布事件的电网设备处接收消息,并将其转发给相应的订阅者。事件服务为整个系统提供了良好的消息通知服务,使系统中的设备能及时感知电网中所发生的变化并及时做出反应。The implementation basis of the event service is the message bus and the service bus. The grid equipment publishes/subscribes events to the management registration management center through the interface of the message bus. The registration management center maintains the publication/subscription information, receives messages from the grid equipment that publishes the event, and forwards them to the corresponding subscribers. The event service provides a good message notification service for the whole system, so that the equipment in the system can sense the changes in the power grid in time and respond in time.

本发明遵循《电力二次系统安全防护总体方案》中“安全分区、网络专用、横向隔离、纵向认证”的要求,并针对系统的新功能、新架构应用采用相应的安全保证措施。The present invention complies with the requirements of "security partition, dedicated network, horizontal isolation, and vertical authentication" in the "Overall Plan for Safety Protection of Electric Power Secondary System", and adopts corresponding security assurance measures for the application of new functions and new architectures of the system.

1)身份认证1) Identity authentication

依照即插即用管理机制,对系统内的电网设备进行数字证书管理,并发放给所有设备组。在电网设备注册时,根据其数字证书进行身份认证。用户登录注册管理系统的用户密码、数字证书生成和认证过程,都是基于专用加密算法进行信息加密。According to the plug-and-play management mechanism, digital certificates are managed for the grid equipment in the system and issued to all equipment groups. When the grid equipment is registered, identity authentication is performed based on its digital certificate. The user password, digital certificate generation and authentication process for the user to log in to the registration management system are all based on a special encryption algorithm for information encryption.

2)访问授权2) Access Authorization

在注册管理系统里,不同级别或类型的电网设备具备不同的访问权限,在数字证书生成过程中将权限写入数字证书。在电网设备进行访问操作时,根据其级别类型进行访问权限控制。在注册管理中心,可以查看电网设备的权限范围,同时可以管理电网设备的注册、更新等权限。In the registration management system, different levels or types of power grid equipment have different access rights, and the rights are written into the digital certificate during the generation of the digital certificate. When the grid equipment performs access operations, the access authority is controlled according to its level type. In the registration management center, you can view the authority scope of the grid equipment, and manage the registration and update permissions of the grid equipment at the same time.

3)安全审计3) Security Audit

在注册管理系统中,对电网设备注册、更新、撤销等活动消息进行全生命周期的日志记录,形成生命轨迹。对电网模型的不同版本进行存储记录,形成电网模型版本库。In the registration management system, log records for the whole life cycle of grid equipment registration, update, cancellation and other activity messages form a life track. Store and record different versions of the grid model to form a grid model version library.

最后应当说明的是:以上实施例仅用以说明本发明的技术方案而非对其限制,尽管参照上述实施例对本发明进行了详细的说明,所属领域的普通技术人员应当理解:依然可以对本发明的具体实施方式进行修改或者等同替换,而未脱离本发明精神和范围的任何修改或者等同替换,其均应涵盖在本发明的权利要求范围当中。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit them. Although the present invention has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: the present invention can still be Any modification or equivalent replacement that does not depart from the spirit and scope of the present invention shall be covered by the scope of the claims of the present invention.

Claims (9)

1.一种基于电网设备统一注册的即插即用的管理方法,其特征在于,所述方法包括如下步骤:1. A plug-and-play management method based on grid equipment unified registration, characterized in that, the method comprises the steps: (1)生成每个电网设备的数字证书,并将数字证书进行离线发放到电网设备;(1) Generate a digital certificate for each grid device, and issue the digital certificate to the grid device offline; (2)对接入的电网设备根据其数字证书进行身份认证,通过后进行合法设备登记;(2) Conduct identity authentication on the connected grid equipment according to its digital certificate, and register legal equipment after passing; (3)对已注册的电网设备进行实时动态监视;(3) Real-time dynamic monitoring of registered grid equipment; (4)设置已注册电网设备之间的发现和控制权限;(4) Set up discovery and control permissions between registered grid devices; (5)已注册电网设备A在所述发现和控制权限范围内,发现和控制所需功能的其他已注册的电网设备B。(5) The registered grid device A discovers and controls other registered grid devices B with required functions within the scope of the discovery and control authority. 2.根据权利要求1所述管理方法,其特征在于,所述步骤(1)中,所述数字证书中包括电网设备的名字、类型、区域、IP、端口、数字证书地址和权限。2. The management method according to claim 1, wherein in the step (1), the digital certificate includes the name, type, area, IP, port, digital certificate address and authority of the grid equipment. 3.根据权利要求1所述管理方法,其特征在于,所述步骤(3)中,所述动态监视利用即插即用管理机制,包括如下步骤:3. The management method according to claim 1, wherein in the step (3), the dynamic monitoring utilizes a plug-and-play management mechanism, comprising the following steps: 步骤3-1、对所有会发生的事件主题进行订阅;Step 3-1. Subscribe to all event topics that will occur; 步骤3-2、当已注册电网设备发生变更时,将变更信息存储到数据库中,同时显示实时消息并更改电网设备状态信息;Step 3-2. When the registered grid equipment changes, store the change information in the database, display real-time messages and change the status information of the grid equipment; 步骤3-3、对数据库中的消息进行整理,获知电网设备的生命轨迹。Step 3-3, sort out the messages in the database, and learn the life trajectory of the grid equipment. 4.根据权利要求1所述管理方法,其特征在于,所述步骤(4)中,设置所述发现和控制权限是通过查询设备权限表,根据查询结果决定是否具有电网设备的访问权限,继而允许或拒绝访问请求,所述设备权限表记录了各个电网设备的访问其他电网设备权限。4. The management method according to claim 1, characterized in that, in the step (4), setting the discovery and control authority is by querying the device authority table, and deciding whether to have the access authority of the grid equipment according to the query result, and then To allow or deny the access request, the device permission table records the permission of each grid device to access other grid devices. 5.根据权利要1所述管理方法,其特征在于,所述步骤(5)中,所述电网设备A作为控制设备,所述电网设备B作为被控设备,控制设备查询或控制被控设备,包括如下步骤:5. The management method according to claim 1, characterized in that in the step (5), the grid equipment A is used as the control equipment, the grid equipment B is used as the controlled equipment, and the control equipment queries or controls the controlled equipment , including the following steps: 步骤5-1、控制设备获得被控制设备的详细信息之后,开始控制和查询被控制设备,具体控制功能取决于每个电网设备宣告的服务;Step 5-1. After the control device obtains the detailed information of the controlled device, it starts to control and query the controlled device. The specific control function depends on the service announced by each grid device; 步骤5-2、控制设备通过远程调用被控制设备的控制和查询指令,具体动作有被控制设备完成;Step 5-2. The control device calls the control and query instructions of the controlled device remotely, and the specific actions are completed by the controlled device; 步骤5-3、控制和查询结果返回到控制设备。Step 5-3, control and query results are returned to the control device. 6.根据权利要求1所述管理方法,其特征在于,所述步骤(2)之后还包括对权限范围内电网设备的运行控制,包括如下步骤:6. The management method according to claim 1, characterized in that after the step (2), it also includes the operation control of the power grid equipment within the scope of authority, including the following steps: a、获取管辖范围内的所有电网设备设备列表,并通过即插即用机制对所有可能发生的事件进行订阅;a. Obtain a list of all grid equipment within the jurisdiction, and subscribe to all possible events through the plug-and-play mechanism; b、当电网设备发生变更时,对电网设备进行“允许注册”、“拒绝注册”、“拒绝更新”和“强制离线”的控制;b. When the grid equipment changes, control the grid equipment by "allowing registration", "refusal to register", "refusal to update" and "forced offline"; c、将电网设备在系统中的权限写入数据库,以备其他系统调用。c. Write the authority of the grid equipment in the system into the database for other system calls. 7.根据权利要求1所述管理方法,其特征在于,所述步骤(2)之后还包括从电网设备接收或订阅事件,在事件发生时,转发事件到订阅的电网设备。7. The management method according to claim 1, further comprising receiving or subscribing events from the grid equipment after the step (2), and forwarding the event to the subscribed grid equipment when the event occurs. 8.一种基于电网设备统一注册的即插即用的管理系统,其特征在于,所述系统包括:8. A plug-and-play management system based on unified registration of grid equipment, characterized in that the system includes: 数字证书管理模块,用于生成每个电网设备的数字证书,并将数字证书进行离线发放到电网设备,以及对数字证书的撤销、修改和导出;The digital certificate management module is used to generate the digital certificate of each grid equipment, issue the digital certificate to the grid equipment offline, and revoke, modify and export the digital certificate; 设备接入管理模块,用于对接入的电网设备根据其数字证书进行身份认证,通过后进行合法设备登记;The equipment access management module is used to authenticate the connected power grid equipment according to its digital certificate, and register the legal equipment after passing; 设备动态监视模块,用于对已注册的电网设备进行实时动态监视;The equipment dynamic monitoring module is used for real-time dynamic monitoring of registered grid equipment; 设备访问管控模块,用于设置已注册电网设备之间的发现和控制权限;The device access control module is used to set the discovery and control authority between registered grid devices; 设备查询服务模块,用于已注册电网设备A在所述发现和控制权限范围内,发现和控制所需功能的其他已注册的电网设备B。The device query service module is used for the registered grid device A to discover and control other registered grid devices B with required functions within the scope of the discovery and control authority. 9.根据权要求8所管理系统,其特征在于,所述系统还包括:9. The management system according to claim 8, wherein the system further comprises: 设备运行控制模块,用于对权限范围内电网设备的运行控制;Equipment operation control module, used to control the operation of power grid equipment within the scope of authority; 事件服务模块,用于从电网设备接收或订阅事件,在事件发生时,转发事件到订阅的电网设备。The event service module is used for receiving or subscribing events from the grid equipment, and forwarding the event to the subscribed grid equipment when the event occurs.
CN201510462814.1A 2015-07-31 2015-07-31 Plug-and-play management method and system based on unified registration of power network devices Pending CN105071959A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510462814.1A CN105071959A (en) 2015-07-31 2015-07-31 Plug-and-play management method and system based on unified registration of power network devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510462814.1A CN105071959A (en) 2015-07-31 2015-07-31 Plug-and-play management method and system based on unified registration of power network devices

Publications (1)

Publication Number Publication Date
CN105071959A true CN105071959A (en) 2015-11-18

Family

ID=54501246

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510462814.1A Pending CN105071959A (en) 2015-07-31 2015-07-31 Plug-and-play management method and system based on unified registration of power network devices

Country Status (1)

Country Link
CN (1) CN105071959A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10855829B2 (en) 2012-10-31 2020-12-01 Hewlett Packard Enterprise Development Lp Zero touch provisioning
EP4004842A1 (en) * 2019-07-31 2022-06-01 Hitachi Energy Switzerland AG Autonomous semantic data discovery for distributed networked systems
US11394789B2 (en) 2019-05-08 2022-07-19 Hewlett Packard Enterprise Development Lp Seamless migration of a network management system deployment to cloud-based deployment
US11490256B2 (en) 2019-03-11 2022-11-01 Hewlett Packard Enterprise Development Lp Secure zero-touch provisioning of network devices in an offline deployment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110106321A1 (en) * 2009-11-03 2011-05-05 Spirae, Inc. Dynamic distributed power grid control system
CN103679567A (en) * 2013-12-31 2014-03-26 国家电网公司 Plug and play system of smart power grids and implementation method thereof
CN104701984A (en) * 2015-03-13 2015-06-10 国家电网公司 Intelligent electricity terminal plug and play method based on self recognition

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110106321A1 (en) * 2009-11-03 2011-05-05 Spirae, Inc. Dynamic distributed power grid control system
CN103679567A (en) * 2013-12-31 2014-03-26 国家电网公司 Plug and play system of smart power grids and implementation method thereof
CN104701984A (en) * 2015-03-13 2015-06-10 国家电网公司 Intelligent electricity terminal plug and play method based on self recognition

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10855829B2 (en) 2012-10-31 2020-12-01 Hewlett Packard Enterprise Development Lp Zero touch provisioning
US11070658B2 (en) 2012-10-31 2021-07-20 Hewlett Packard Enterprise Development Lp Zero touch provisioning
US11490256B2 (en) 2019-03-11 2022-11-01 Hewlett Packard Enterprise Development Lp Secure zero-touch provisioning of network devices in an offline deployment
US11394789B2 (en) 2019-05-08 2022-07-19 Hewlett Packard Enterprise Development Lp Seamless migration of a network management system deployment to cloud-based deployment
EP4004842A1 (en) * 2019-07-31 2022-06-01 Hitachi Energy Switzerland AG Autonomous semantic data discovery for distributed networked systems

Similar Documents

Publication Publication Date Title
CN111914269A (en) Data security sharing method and system under block chain and cloud storage environment
WO2016070691A1 (en) Service-oriented substation monitoring system architecture
CN104168268B (en) A kind of power network object access control apparatus that can realize grid model data security configuration and access
CN105071959A (en) Plug-and-play management method and system based on unified registration of power network devices
CN110324180A (en) Automation of transformation substations equipment wide area O&M Security Design Methods
CN103326465A (en) Power distribution network terminal access method based on IEC61850 standard
CN113079215B (en) Block chain-based wireless security access method for power distribution Internet of things
CN104578422B (en) Remote maintenance method for transformer substation telecontrol forwarding table
CN107330580A (en) Power marketing Base data platform construction method
CN114281790A (en) Multi-type load resource aggregator access system and method
CN103812672A (en) Method for discovering newly-added network element device, correlative device, and system
CN113129162B (en) A smart energy service platform information interaction method and device
CN103679567B (en) A kind of intelligent grid plug and play system and its implementation
CN105335669A (en) Permission configuration method and system used for photovoltaic monitoring system
CN109903046A (en) User data management and device based on block chain
CN109547408B (en) A method for monitoring base station dynamic loop information based on blockchain management
CN113037865A (en) Processing method, device and system of Internet of things equipment
CN105636031A (en) Packet communication management method, apparatus and system
CN105447264A (en) Modeling method of information model of intelligent electronic device
CN111221786A (en) Method for constructing equality data operation and storage architecture
CN116228195A (en) Data processing method, device, equipment and storage medium applicable to work orders
CN203520107U (en) Residential Intelligent Service Management System Based on LAN and RFID
CN201904808U (en) Large consumer intelligent electricity consumption information interaction application framework system
CN202143087U (en) A digital laboratory system based on triple play technology
CN111798200A (en) A blockchain-based experimental process management method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20151118

RJ01 Rejection of invention patent application after publication