【作者】 李晓娟；

【导师】 袁道华；

【作者基本信息】 四川大学 ， 计算机应用技术， 2003， 硕士

【摘要】 Internet的蓬勃发展促使全世界的数据通信业务爆炸性的增长，随着网络中数据业务量成为主导后，以IP交换为基础的通信网框架成为信息通信的主导技术。 当前，电信运营商、Internet服务商和企业有越来越多的关键应用和服务建立在数据网络上，因此，确保网络正常，高效的运转对于这些网络用户变得至关重要。而随着网络规模的扩大，网络复杂性的增加，网络管理已成为保障网络正常有效运行的关键，因此研究和开发高性能、可伸缩的分布式数据网络管理系统是当前通信领域中的一个热点。而设计和开发拥有我国自主知识产权的IP网络管理系统有着重要的理论意义和实用价值。 本文结合一个实际的IP网络管理系统的建设，对IP网络管理系统中性能管理子系统建设中面临的实际问题进行了分析，设计实现了这个子系统。本文还对IP网络管理系统本身存在的安全问题进行了分析，提出了实现安全IP网络管理系统相应的策略的实现方案。 随着IP网络用户对网络服务质量的要求逐渐提高，业界提出了“电信级的IP网络”的概念，因此，将TMN(Telecommunications Management Network)思想引入IP网络管理领域已成为当前IP网络管理研究的热点。本文所提出的IP网络管理系统遵循TMN框架，体现了分层、模块化的思路，确保了系统具有足够的开发性和伸缩性，能够适应今后的发展。 为了确保IP网络管理系统的高性能和可伸缩性，本文对当前主流的分布式计算技术与平台进行了分析与比较，从对跨平台的支持性，服务的可靠性和高效性的角度，选择J2EE作为系统的分布式框架。 在IP网络管理系统中，性能管理是核心功能之一。具体来说，性能管理的目的在于维护网络服务质量和网络运营效率。本文从数据采集、数据处理与数据呈现三方面分析与实现了性能管理子系统，在数据处理模块中针对网络监控的一些具体问题给出了相应算法分析及其实现，如分布式Timer算法、智能轮询算法、据ICMP流向对网络故障进行分析以及网络性能趋势分析等;在数据呈现模块中采用MVC设计模式，以松祸合的方式实现了数据层与表示层的分离，提高了系统的扩展性。 作为下一代网络应用业务的主要支撑平台，lP技术本身存在一些有待解决的问题，比较突出的是IP协议的安全问题，如网络数据的私有性、授权、访问控制等方面。由于IP网络的安全问题，而IP网络管理的手段是带内管理，网络管理系统也是一种特殊的被管对象，因此，基于伊的网络管理系统也存在安全问题。本文在分析了JZEE和JBOSS的安全框架的基础上，从数据与操作两个方面对IP网络管理系统存在的安全问题进行了剖析，并从数据安全和系统效率的角度提出了RMI+SSL的安全数据传输方案、基于WWwWWH(WHO，WHERE，WHEN，WHAT，WHICH，HOW)的访问控制策略，并以安全代理模式实现了上述解决方案，从而不仅保证了数据传输和访问的高安全性，也加强了系统的灵活性。更多还原

【Abstract】 The prosperity of Internet has impelled the explosive increase of data communication all over the world. As data service becomes the main part of network, IP based communication framework becomes the leading technology of information communication.At present, more and more key applications and services of telecom carriers, ISPs and enterprises are built on data network. How to assure the network works high efficiently is critical to these network users. However, with the growth of network size, complexity of network increases, network management has become essential to enable the network work efficiently. Building a distributed management system for data network with high scalability and high performance is one hotspot of communication world. Moreover, build such a system with intelligence property right of our own country is valuable both in theory and practice.Based on construction of a real IP network management system, the thesis analyzes the problems of building performance subsystem of IP network management system and finally implements the subsystem. The thesis also analyzes the security issues of the management system itself, and presents a solution for it.Since IP network users are requiring better quality of network services, the industry promotes concept of "Carrier Grade IP Network". As a result, introduction of TMN (Telecommunication Management Network) to IP network management has already become hotspot of current research of IP network. The system of the thesisfollows framework of TMN embodies concepts of layering and modularization, which ensures the system, has enough scalability.To ensure the high performance and scalability of IP network management system, the thesis analyzes and compares the mainstream distributed computing technologies and platforms. J2EE is finally chosen as system framework for its cross platform ability, service reliability and high performance.Performance management is kernel function of the IP network management system. More specific, performance management is to maintain the quality of service and network efficiency. The thesis analyzes and implements the performance management sub-system from data collection, data processing, data presentation three aspects, and gives algorithm and algorithm implementation for concrete problems in data processing modules, such as distributed Timer, Intelligent Polling, Network fault detection based on ICMP stream analysis, network performance tendency analysis. As for data presentation modules, MVC design pattern is used to decouple the data and data’s presentation, improve the scalability of the system.As the main supporting platform for network service of next generation, IP technique itself has some problems to be solved. One outstanding is security of IP protocol, such as privacy, authorization, and access control of network data. Because of the security problem of IP network and in-bind mode of IP network management, network management system has security problem too. Based on detailed analysis of security framework of J2EE and JBOSS, the thesis gives description of security problem from data and data operation aspects, and provides a data transmission solution based on RMI plus SSL, a data access control solution based on WWWWWH(WHO,WHERE,WHEN,WHAT,WHICH,HOW) security policy. The real system provides the security solution through proxy, which not only assures the high security of the system, but also improves the flexibility of the system.更多还原