The Research on Operation Automation Model for Information Equipment

Privilege control is an important problem to be solved in the operation of the intranet network of military industry. Solidifying the operation process and replacing the operation personnel with machines to complete configuration changes can reduce the frequency of manual operation by privileged personnel, thus limiting the operation privilege and improving the security of intranet network. Aiming at the high security and high efficiency requirements of operation of intranet information equipment, this paper designs an operation automation mode. Aiming at the problem that it is difficult for tools to adapt to heterogeneous equipment, this paper studies the commands adaptive technology for heterogeneous equipment based on abstract atomic operation. In addition, the model and technologies are verified by a specific scene of equipment location change. The results show that the above model and technologies achieve the goal of ensuring the security of operation and improving the efficiency of operation.


Introduction
Internal network operation requires privileged personnel to perform privileged operations, which is a key area of internal threat prevention. When manual operation is used to process equipment configuration changes, the operation authority of the change process is scattered in the hands of multiple privileged personnel, so the security of operation cannot be effectively controlled, and the efficiency of operation and user experience will be seriously affected. For example, the user equipment placement location change is part of the equipment life cycle, and the change process should be strictly controlled. A change of equipment placement location involves multiple privileged operations by multiple privileged personnel. On the one hand, too many privileged operations can easily lead to mis-operations, and security risks cannot be effectively controlled. On the other hand, too many participating roles lead to more than 90% of the time spent in coordination and waiting between roles, which often results in users not being able to get the desired service experience, and operation personnel are tired of doing a lot of repetitive and tedious work. Thus, how to provide highquality operation services and reduce operation costs under high security and confidentiality requirements is a challenging problem.

Related Work
The emergence of new technologies such as cloud computing, big data, containers and micro services and the improvement of the complexity of enterprise IT business systems have promoted the transformation of it operation technology and mode. Automatic operation is a very hot field at present, which has brought new ideas to intranet operation. On the one hand, by solidifying the operation process and replacing people with automatic operation tools to complete configuration changes, the 2 frequency of manual operation by privileged personnel can be reduced, thereby restricting the authority of privileged personnel and improve the internal network operation security. On the other hand, the use of automatic operation tools can not only quickly meet the services required by users and free the operation personnel from simple and repetitive work to focus on fault handling and their own ability improvement, but also make the enterprise get a qualitative leap in improving efficiency and optimizing cost. Many researchers have successively carried out related researches on automation operation in different fields [1][2][3][4][5]. The literature [1] proposed an ITIL-based power information automation operation system. By relying on the ITIL framework, an IT management system that satisfies the power system automation operation was established to achieve the goal of high efficiency and high performance in operation. In literature [2], the application of automated operation in power enterprise information system is studied, and an automated operation platform suitable for power enterprise information system is constructed. Literature [3] studies the operation service automation of commercial banks from the perspective of application, focusing on the analysis of system requirements, theoretical design, system implementation, and system testing from two aspects: automatic inspection and automatic switching, and develops and designs the operation service automation system of commercial banks. Based on the actual needs of small and medium-sized financial enterprises, literature [4] designed and implemented a financial automatic operation platform based on flash framework, which aims to improve the traditional operation mode and improve the operation efficiency. Lliterature [5] stands in the operation of the developer's perspective, through the theoretical research and practical application, trying to solve the problem of how to realize the continuous integration and the system monitoring during the operation process. Based on the actual demand of data center for it operation and maintenance services, literature [6] designs and develops a set of IT automatic operation and maintenance platform, which aims to change the manual operation and maintenance mode, provide operation and maintenance efficiency, and save operation and maintenance costs. Literature [7] proposes a data center construction framework in a virtual environment, which provides a solution for automatic operation and maintenance of large numbers of virtual machines in a cloud data center.Based on the above research, automatic operation has different specific connotations in different fields, and its theoretical system and platform construction ideas are also different. At present, there is very little research on operation automation of intranet of military industry. It is necessary to carry out relevant research based on the advanced concepts and common characteristics of industry automation operation technology, and in combination with the personalized security and confidentiality requirements under the intranet business scenario. In the DevOps (Development-Operations) and AIOps (Artificial Intelligence for Operations) concept, IT operation can be divided into three dimensions, namely resources, actions, and status. Resources refer to IT resources, including all objects, object connection relationships, etc., actions refer to resource changes, and status refers to the state of resources. Automated operation is essentially the use of automated means to manage IT resources [8][9][10], perform operations and control status [11]. Aiming at the high security requirements of information equipment operation, and the problem of operation efficiency, this paper designs the operation automation model from the perspective of IT resource management, change action execution and it resource state control; Aiming at the problem that tools are difficult to automatically adapt to heterogeneous equipment, research on heterogeneous equipment commands adaptation technology based on abstract atomic operations; Take the actual equipment placement change scenario as an example, apply the operation automation model and technology to verify its rationality.

The Operation Automation Model
This section describes the operation automation model. The model is applicable to the scenario where the configuration change of internal information equipment needs to be realized by automatic means.

The Operation Automation Model
The operation automation model includes four parts: controller, actuator, cmdb (configuration management database) and sensor. The controller is responsible for controlling status and ensuring 3 that each state meets the requirements of security policy. The actuator is responsible for performing operations on IT resources. The cmdb is responsible for managing IT resources and providing context data for the controller and actuator. And the sensor is responsible for collecting data of IT resources. The relationship between the four is shown in Figure 1. For example, in order to meet business needs, the resource R needs to reach the security state S1. If the controller judges that the current state of the resource R is the safe state S0, and a series of operation instructions {C1, C2...CM} must be executed to change the state of the resource R from S0 to S1, the controller will issue the operating instructions to the actuator, and then the actuator will perform operations on the resource R according to the instructions {C1, C2...CM}. And finally, the state of the resource R will change to S1 after the execution is complete. The data of IT resources required by the controller for status control and the actuator for operation perform are automatically collected by the sensor and reported to the cmdb for management. Figure 1. The operation automation model.

The Actuator
The actuator needs to perform different operations on different IT resources(for example, different switches) according to the scheduling of the controller, but the heterogeneous equipment will make the actuator strongly depend on the equipment type, resulting in the limited scope of application of the actuator, and a lot of adaptation work when expanding to a new scene. Therefore, this paper studies the commands adaptation technology of heterogeneous equipment based on abstract atomic operation to realize the decoupling of operation knowledge and business logic. Specifically, firstly, a unified description model of equipment configuration change commands is abstracted from expert knowledge. And then the formal representation of commands is instantiated based on the model to form formal knowledge. The abstract atomic tool is developed to automatically adapt the commands sequence from formal knowledge, and finally the final commands sequence is formed according to the user parameters when the atomic tool is running. As shown in Figure 2. This technology realizes the decoupling of operation knowledge and business logic, that is, first realizes knowledge precipitation through unified description model, and then realizes knowledge reuse through abstract atomic tools. So that operation developers can quickly reuse operation service expert knowledge and maximize the value of knowledge.

Application of the Commands Adaptation Technology of Heterogeneous Equipment
During the operation of information equipment in the enterprise intranet, the operation automation model needs to be applied in practice according to specific business scenarios. This section takes the typical equipment placement location change as an example to illustrate the application effect of heterogeneous equipment commands adaptation technology. There are many switch-related operations involved in the scene of changing the equipment placement location, and there are different commands sequences for different types of switch models. According to the commands adaptation technology of heterogeneous equipment, a unified description model of network equipment operating commands and a unified switch commands issuing tool are designed to shield the differences of operating commands of different types of switches. The unified description model of network equipment operating commands is abstracted from the expert knowledge of switches, and instantiated into different commands sequences for formal description according to different types of switches involved in application scenarios. This description only involves the fixed mode in the commands, and the variable parts, such as end slogans, are represented by parameters. The unified commands issuing tool of switch is the abstract design and coding implementation of the atomic operation of switch, which only involves the establishment of connection, the issuance of commands and the closing of connection. When the tool is running, it automatically adapts the specific switch commands to be executed from the formal commands according to the scene requirements, and then merges and translates the commands with the parameters entered by the user to finally form the final state operating commands, as shown in Figure 3.

Conclusion
In order to solve the problems of difficult privilege control, low operation efficiency and high investment cost in the manual operation of information equipment in the enterprise intranet, this paper designs the operation automation model and studies the adaptive technology of heterogeneous equipment based on abstract atomic operation, and completes the application of the model and technology based on high security and confidentiality requirements in the specific operation scene. At present, the above models and technologies have been verified in practical application, which greatly reduces the frequency of manual operation by privileged personnel and realizes the minimization control of operation authority. At the same time, it reduces the operation efficiency from day level to minute level, improves the user experience, liberates the operation manpower, and plays a powerful role in promoting the improvement of enterprise operation service quality. In the next step, with the continuous enrichment of scenarios and the increasing number of configuration data, we will continue to optimize the model, focus on the quality management of configuration data, and make the operation automation model more valuable.