A communication method, cloud platform, edge device and client device

By configuring a WebSocket channel and using a connection identifier in cloud-edge collaborative communication, the problem of WebSocket channel bandwidth consumption is solved, enabling more efficient communication and more user login capabilities.

CN122160367APending Publication Date: 2026-06-05CHENGDU HUAWEI TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHENGDU HUAWEI TECH CO LTD
Filing Date
2024-11-28
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In cloud-edge collaborative communication, as the number of WebSocket connection requests increases, the WebSocket channel consumes a large amount of bandwidth resources, leading to the exhaustion of bandwidth resources of edge devices and making it impossible to support remote secure login of more client devices.

Method used

By pre-configuring WebSocket channels between the cloud platform and edge devices, reusing WebSocket channels to transmit messages, and using connection identifiers to uniquely identify the connection between the client device and the edge device, the number of WebSocket channels is reduced and channel utilization is improved.

Benefits of technology

It significantly reduces the consumption of network bandwidth resources, allows more client devices to log in remotely and securely, and improves communication efficiency and channel utilization.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160367A_ABST
    Figure CN122160367A_ABST
Patent Text Reader

Abstract

The embodiment of the application provides a communication method, a cloud platform, an edge device and a client device, which can multiplex websocket channels to transmit messages between the cloud platform and the edge device, thereby greatly reducing the number of websocket channels between the cloud platform and the edge device, reducing the network bandwidth resources occupied by the websocket channels, and allowing more client devices to remotely and safely log in on the edge device. The communication method comprises the following steps: after the cloud platform receives a websocket connection request sent by a client device, the cloud platform sends a first websocket message to an edge device through a preset websocket channel; after the edge device establishes a secure shell connection, the cloud platform receives a second websocket message sent by the edge device through the websocket channel; and then the cloud platform sends a websocket connection response to the client device according to a connection identifier in the second websocket message.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of communications, and more particularly to a communication method, cloud platform, edge device, and client device. Background Technology

[0002] Cloud-edge collaboration is a technology that uses cloud platforms and edge devices to work together to complete tasks, and it can provide efficient data processing capabilities.

[0003] One current cloud-edge collaborative communication method is roughly as follows: After the client device sends a WebSocket connection request to the cloud platform, the cloud platform establishes a WebSocket channel with the edge device based on the WebSocket connection request. Then, the cloud platform sends WebSocket messages to the edge device through the WebSocket channel. When the edge device establishes a secure shell (SSH) connection with the client device based on the WebSocket messages, remote secure login can be achieved.

[0004] After receiving n WebSocket connection requests, the cloud platform will establish n WebSocket channels. As the number of WebSocket connection requests increases, the WebSocket channels will consume a large amount of bandwidth resources. When the bandwidth resources of the edge device are exhausted, subsequent client devices will be unable to establish secure shell connections with the edge device. Summary of the Invention

[0005] This application provides a communication method that can reuse WebSocket channels to transmit messages between a cloud platform and an edge device. This significantly reduces the number of WebSocket channels and the network bandwidth resources occupied by the WebSocket channels, allowing more client devices to remotely and securely log in to the edge device.

[0006] A first aspect provides a communication method, comprising: after a cloud platform receives a WebSocket connection request sent by a client device, generating a first WebSocket message including secure shell connection information and a connection identifier, sending the first WebSocket message to an edge device through a preset WebSocket channel; after the edge device establishes a secure shell connection, the cloud platform receives a second WebSocket message sent by the edge device through the WebSocket channel, and then sends a WebSocket connection response to the client device according to the connection identifier in the second WebSocket message. The WebSocket connection request includes secure shell connection information. The secure shell connection information includes a username and password, and may also include, but is not limited to, an Internet Protocol (IP) address and a host key.

[0007] WebSocket channels can be pre-configured between the cloud platform and edge devices, allowing for the reuse of these channels to transmit messages. This significantly reduces the number of WebSocket channels between the cloud platform and edge devices, minimizing network bandwidth consumption and enabling more client devices to remotely and securely log in to the edge devices. Since a single WebSocket channel can transmit messages from multiple client devices, channel utilization is also improved. Furthermore, because the first WebSocket message includes a connection identifier that uniquely identifies the connection between the client device and the edge device, the cloud platform can communicate correctly with the client device based on this identifier.

[0008] In conjunction with the first aspect, in the first possible implementation, after the cloud platform receives the string sent by the client device, it sends a third WebSocket message containing the string and a connection identifier to the edge device via a WebSocket channel. Then, the cloud platform receives the string and connection identifier sent by the edge device via the WebSocket channel, and sends the string back to the client device based on the connection identifier. This allows for string transmission via a WebSocket channel, which, compared to single-character transmission methods based on secure shell connections, significantly reduces the number of message interactions between the client, cloud platform, and edge device, effectively improving communication efficiency.

[0009] In a second possible implementation, building upon the first possible implementation of the first aspect, the cloud platform receives substrings and connection identifiers sequentially sent by the edge device, and then sends the substrings sequentially to the client device according to the connection identifier. The substrings are strings, and their length is less than or equal to a length threshold. This implementation allows the client device to pre-configure a time threshold based on the transmission interval of a fixed-length string. When the client device receives a string, if the time threshold is exceeded, it determines that the secure shell connection is broken, thus promptly alerting the user to the status of the SSH service.

[0010] In a third possible implementation, combining the first or second possible implementation of the first aspect, the string includes a carriage return character. After the user enters a message and presses the Enter key, the client device can send a string including the carriage return character to the cloud platform.

[0011] The second aspect provides a communication method, which includes: after an edge device receives a first WebSocket message sent by a cloud platform through a preset WebSocket channel, it performs security authentication on the secure shell connection information in the first WebSocket message; when the secure shell connection information passes the security authentication, the edge device establishes a secure shell connection and then sends a second WebSocket message to the cloud platform. The first WebSocket message includes secure shell connection information, a connection request message identifier, and a connection identifier, and the second WebSocket message includes the connection identifier.

[0012] A pre-configured WebSocket channel exists between the cloud platform and the edge device, allowing for the reuse of this channel to transmit messages. This significantly reduces the number of WebSocket channels between the cloud platform and the edge device, and consequently, the network bandwidth consumed by each channel. Since the first WebSocket message includes a connection identifier, which uniquely identifies the connection between the client device and the edge device, the cloud platform can use this identifier to identify messages transmitted based on this connection from messages originating from the edge device.

[0013] In conjunction with the second aspect, in the first possible implementation, the edge device includes a proxy module and a secure shell daemon. The edge device performs security authentication on the secure shell connection information by: after the proxy module sends a secure shell connection request to the secure shell daemon based on the request connection message identifier, the secure shell daemon performs security authentication on the secure shell connection information carried in the secure shell connection request.

[0014] In conjunction with the second aspect, in the second possible implementation, after the edge device sends a second WebSocket message to the cloud platform via a WebSocket channel, the edge device receives a string and connection identifier sent by the cloud platform, and then sends the string and connection identifier back to the cloud platform via the WebSocket channel. The string and connection identifier sent by the cloud platform are carried in a third WebSocket message. In this implementation, strings can be transmitted between the cloud platform and the edge device. Compared to single-character transmission, this reduces the number of message exchanges and improves communication efficiency.

[0015] In conjunction with the second possible implementation of the second aspect, in the third possible implementation, the edge device sends a string and connection identifier to the cloud platform via a WebSocket channel. This includes: the proxy module splits the string into multiple characters and sends them sequentially to the Secure Shell daemon; the proxy module then receives the characters sequentially sent by the Secure Shell daemon; when the string length is less than or equal to a length threshold and the proxy module receives the string, it sends the string and connection identifier to the cloud platform; when the string length is greater than the length threshold, the proxy module assembles the characters from the Secure Shell daemon into substrings of the string, and sends the substrings and connection identifier to the cloud platform. The length of the substring is less than or equal to the length threshold. Implemented in this way, the proxy module and the Secure Shell daemon can transmit single characters based on the Secure Shell protocol in the edge device, exhibiting good compatibility.

[0016] A third aspect provides a communication method, comprising: a client device sending a WebSocket connection request to a cloud platform, causing the cloud platform to generate a first WebSocket message based on the WebSocket connection request; the cloud platform sending the first WebSocket message to an edge device; and after the cloud platform receives a second WebSocket message sent by the edge device, the cloud platform sending a WebSocket connection response to the client device based on a connection identifier in the second WebSocket message. Secure Shell connection information is used to establish a Secure Shell connection. The WebSocket connection request includes Secure Shell connection information.

[0017] In conjunction with the third aspect, in the first possible implementation, after the client device sends a third WebSocket message to the cloud platform, it receives a string sent by the cloud platform. The third WebSocket message includes a string. According to this implementation, the client and the edge device can transmit strings, which reduces the number of message interactions between the client, the cloud platform, and the edge device compared to transmitting single characters, thus improving communication efficiency.

[0018] In conjunction with the third aspect or the first possible implementation of the third aspect, in the second possible implementation, when the length of the string exceeds a length threshold and the time interval between the client device receiving adjacent substrings exceeds a time threshold, the client device outputs a secure shell connection timeout signal. The time threshold can be, but is not limited to, the transmission duration of a fixed-length string. This allows for timely notification of the secure shell connection status to the user when the secure shell connection is lost.

[0019] The fourth aspect provides a cloud platform, which includes a receiving module, a processing module, and a sending module. The receiving module is used to receive a WebSocket connection request sent by a client device. The processing module is used to generate a first WebSocket message. The sending module is used to send the first WebSocket message to an edge device through a preset WebSocket channel. The receiving module is also used to receive a second WebSocket message sent by the edge device through the WebSocket channel. The sending module is also used to send a WebSocket connection response to the client device according to the connection identifier in the second WebSocket message.

[0020] In conjunction with the fourth aspect, in the first possible implementation, the receiving module is further configured to receive a string sent by the client device, and the sending module is further configured to send a third WebSocket message including a string and a connection identifier to the edge device through the WebSocket channel; the receiving module is further configured to receive a string and a connection identifier sent by the edge device through the WebSocket channel; and the sending module is further configured to send the string to the client device according to the connection identifier.

[0021] In conjunction with the first possible implementation of the fourth aspect, in the second possible implementation, when the length of the string is greater than the length threshold, the receiving module is specifically used to receive the substring and connection identifier sent sequentially by the edge device, and the sending module is specifically used to send the substring to the client device sequentially according to the connection identifier.

[0022] In combination with the first or second possible implementation of the fourth aspect, in the third possible implementation, the string includes a newline character.

[0023] For the explanation of terms, the steps for each module, and the beneficial effects in the fourth part, please refer to the corresponding description in the first part.

[0024] The fifth aspect provides an edge device, which includes a proxy module and a secure shell daemon. The proxy module is used to receive a first WebSocket message sent by a cloud platform through a preset WebSocket channel. The secure shell daemon is used to perform security authentication on the secure shell connection information. When the secure shell connection information passes the security authentication, a secure shell connection is established. The proxy module is used to send a second WebSocket message to the cloud platform through the WebSocket channel.

[0025] In conjunction with the fifth aspect, in the first possible implementation, the proxy module is specifically used to send a Secure Shell connection request to the Secure Shell daemon based on the connection request message identifier, and the Secure Shell daemon is specifically used to perform security authentication on the Secure Shell connection information in the Secure Shell connection request.

[0026] In conjunction with the fifth aspect, in the second possible implementation, the proxy module is also used to receive the third WebSocket message sent by the cloud platform, the secure shell daemon is also used to process the characters of the string, and the proxy module is also used to send the string and connection identifier to the cloud platform through the WebSocket channel.

[0027] In conjunction with the second possible implementation of the fifth aspect, in the third possible implementation, the proxy module is specifically used to split the string into multiple characters; send characters sequentially to the Secure Shell daemon; receive characters sequentially sent by the Secure Shell daemon; when the string length is less than or equal to the length threshold and the proxy module receives the string, the proxy module is specifically used to send the string and connection identifier to the cloud platform; when the string length is greater than the length threshold, the proxy module is specifically used to sequentially assemble the characters from the Secure Shell daemon into substrings of the string, and then send the substrings and connection identifier to the cloud platform.

[0028] For explanations of terms, steps of module or process execution, and beneficial effects in the fifth aspect, please refer to the corresponding descriptions in the second aspect.

[0029] The sixth aspect provides a client device including a sending module and a receiving module, wherein the sending module is used to send a WebSocket connection request to a cloud platform, and the receiving module is used to receive a WebSocket connection response sent by the cloud platform.

[0030] In conjunction with the sixth aspect, in the first possible implementation, the sending module is also used to send a string to the cloud platform, and the receiving module is specifically used to receive the string sent by the cloud platform.

[0031] In conjunction with the sixth aspect or the first possible implementation, in the second possible implementation, the client device further includes a processing module.

[0032] When the length of the string is greater than the length threshold and the time interval between the receiving module receiving adjacent substrings exceeds the time threshold, the processing module outputs a security shell connection timeout signal.

[0033] For the explanation of terms, the steps for each module, and the beneficial effects in the sixth aspect, please refer to the corresponding description in the third aspect.

[0034] A seventh aspect provides a computing device cluster including at least one computing device, each computing device including a processor and a memory; the processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the computing device cluster to perform a method as described in the first aspect or any possible implementation thereof.

[0035] The eighth aspect provides a computing device including a processor and a memory; the processor is configured to execute instructions stored in the memory to cause the computing device to perform a method as described in the second aspect or any possible implementation thereof, or a method as described in the third aspect or any possible implementation thereof.

[0036] A ninth aspect provides a computer-readable storage medium including computer-readable instructions; the computer-readable instructions are used to implement the methods of the above aspects or any possible implementations of the above aspects.

[0037] The tenth aspect provides a computer program product comprising computer-readable instructions; the computer-readable instructions are used to implement the methods of the foregoing aspects or any possible implementations of the foregoing aspects. Attached Figure Description

[0038] Figure 1 This is a schematic diagram of a remote secure communication system in an embodiment of this application;

[0039] Figure 2 This is a signaling interaction diagram of the communication method in the embodiments of this application;

[0040] Figure 3 This is a schematic diagram of a communication method in an embodiment of this application;

[0041] Figure 4 This is a signaling interaction diagram of the communication method in the embodiments of this application;

[0042] Figure 5 This is another schematic diagram of the communication method in the embodiments of this application;

[0043] Figure 6 This is a structural diagram of a cloud platform in an embodiment of this application;

[0044] Figure 7This is a structural diagram of an edge device in an embodiment of this application;

[0045] Figure 8 This is a structural diagram of a client device in an embodiment of this application;

[0046] Figure 9 This is a structural diagram of a computing device in an embodiment of this application;

[0047] Figure 10 This is a schematic diagram of a computing device cluster in an embodiment of this application. Detailed Implementation

[0048] The communication method described in this application can be applied to a remote secure communication system. The remote secure communication system includes a client device, a cloud platform, and edge devices. The cloud platform provides central services, and the edge devices provide edge services.

[0049] Client devices can be terminal devices such as mobile phones, personal computers, tablets, wearable devices, or in-vehicle computers. A cloud platform is a platform that provides infrastructure, software, and services, offering various resources and services to users via a network. Cloud platform services include computing, storage, networking, development tools, databases, and monitoring. Cloud platforms are typically provided by cloud service providers and can be flexibly expanded and configured according to user needs. Edge devices can be, but are not limited to, edge servers. Edge devices include agent modules and the Secure Shell daemon (SSHD). The Secure Shell daemon is a program that can start a shell service on the host machine. It provides secure shell access services on the host machine over the network, allowing client devices to connect to the edge device via the SSH protocol and execute commands. The Secure Shell protocol is a network security protocol that uses encryption and authentication mechanisms to achieve secure access and file transfer. Compared to the remote login (telnet) protocol, the Secure Shell protocol is more secure because it uses encrypted data transmission, effectively preventing data interception or tampering.

[0050] See Figure 1 In one embodiment, the remote secure communication system includes client device 111, client device 112, cloud platform 130, edge device 141, and edge device 142. Client device 111 and client device 112 are connected to cloud platform 130 via Internet 120. Internet 120 may include, but is not limited to, the Internet.

[0051] Taking a desktop computer as an example, after the client device 111 sends a WebSocket connection request to the cloud platform 130, the node remote manage (NRM) module 131 of the cloud platform 130 generates a WebSocket message for initiating a secure shell connection based on the WebSocket connection request. Then, the node remote manage module 131 sends the WebSocket message to the edge device 141 through the WebSocket channel.

[0052] Edge device 141 includes a proxy module 1411 and a Secure Shell daemon 1412. After receiving a WebSocket message, the proxy module 1411 sends the username, password, IP address, and host key from the WebSocket message to the Secure Shell daemon 1412. The Secure Shell daemon 1412 performs secure authentication on the username, password, IP address, and host key. When the authentication is successful, the client device 111 successfully logs in securely and remotely to the edge device 141, and can then communicate securely with the edge device 141. It should be noted that the client device 111 can establish multiple connections with the edge device, and each connection corresponds one-to-one with the Secure Shell connection between the proxy module 1411 and the Secure Shell daemon 1412.

[0053] Taking a mobile phone as an example, client device 112 includes an agent module 1421 and a secure shell daemon process 1422. The communication process between client device 112 and agent module 1421 is similar to the communication process between client device 111 and agent module 1411, and the communication process between agent module 1421 and secure shell daemon process 1422 is similar to the communication process between agent module 1411 and secure shell daemon process 1412. During this process, cloud platform 130 and edge device 141 transmit messages between client 111 and client 112 through a WebSocket channel.

[0054] It should be understood that the remote secure communication system includes client devices, cloud platforms, and edge devices, but is not limited to... Figure 1 As shown, communication between client devices, cloud platforms, and edge devices is not limited to... Figure 1 As shown, the specific settings can be adjusted according to the actual situation.

[0055] When multiple WebSocket channels are established between the cloud platform and the edge device, each WebSocket channel consumes a portion of network bandwidth. Since the edge device has limited bandwidth resources, when the number of WebSocket channels reaches a certain point, the edge device's bandwidth resources are exhausted, preventing subsequent users from remotely logging in. To address this, this application can transmit messages from multiple users through a single WebSocket channel, significantly reducing the number of WebSocket channels and the bandwidth resources consumed by each channel, thereby allowing more users to remotely log in to the edge device. A detailed description follows; please refer to [link / reference]. Figure 2 In one embodiment, the communication method of this application includes the following steps:

[0056] S201. The client device sends a WebSocket connection request to the cloud platform.

[0057] Optionally, when the client device connects to the cloud platform via the internet, the client device sends a WebSocket connection request to the cloud platform via the internet. The WebSocket connection request includes Secure Shell connection information. Secure Shell connection information can be considered as remote login information or identity information. Optionally, Secure Shell connection information includes username, password, IP address, and host key.

[0058] S202, The cloud platform generates the first WebSocket message.

[0059] The first WebSocket message includes Secure Shell connection information, a connection request message identifier, and a connection identifier. The connection request message identifier is used to request the edge device to establish a Secure Shell connection. The Secure Shell connection information is used to establish the Secure Shell connection. After the Secure Shell connection information passes security authentication, a connection is established between the client device and the edge device; this connection corresponds one-to-one with the Secure Shell connection. The connection identifier is used to identify the connection between the client device and the edge device; each connection has a unique connection identifier.

[0060] S203. The cloud platform sends the first WebSocket message to the edge device through a preset WebSocket channel.

[0061] Cloud platforms and edge devices can pre-configure one or more WebSocket channels and then use these channels to transmit WebSocket messages.

[0062] S204. The edge device performs security authentication on the security enclosure connection information.

[0063] S205. When the enclosure connection information passes security authentication, the edge device establishes an enclosure connection.

[0064] If the secure enclosure connection information fails security authentication, the edge device can send a secure enclosure connection failure message to the client device through the cloud platform.

[0065] S206. The edge device sends a second WebSocket message to the cloud platform.

[0066] S207. The cloud platform sends a WebSocket connection response to the client device.

[0067] The second WebSocket message includes a connection identifier. The cloud platform sends a WebSocket connection response to the client device based on this identifier, thus notifying the user of successful remote login. It's important to note that after receiving the WebSocket connection response, the client device can establish a WebSocket channel between itself and the cloud platform. The client device can initiate multiple WebSocket connection requests within a given timeframe. Upon receiving the corresponding WebSocket connection response for each request, the client device can establish multiple WebSocket channels with the cloud platform. The cloud platform can establish a mapping between WebSocket connection requests, connection identifiers, and WebSocket channels, and can select the appropriate channel based on this mapping for message transmission.

[0068] In this embodiment, a WebSocket channel can be pre-configured between the cloud platform and the edge device. This WebSocket channel can transmit messages from different client devices, or transmit messages based on different connections to the same client device. The cloud platform can distinguish different connections using connection identifiers and correctly send messages to the corresponding client devices based on these identifiers. This reduces the network bandwidth resources consumed by the WebSocket channel and allows more users to log in remotely and securely.

[0069] Secondly, when multiple WebSocket channels are established between the cloud platform and each edge device, each WebSocket channel transmits relatively little information, resulting in low channel utilization. The WebSocket channel in this application can transmit messages from different client devices or messages from different connections within the same client device, thus improving the utilization of the WebSocket channel. Tests show that channel utilization can be improved by more than 10 times.

[0070] Optionally, the edge device of this application includes an agent module and a secure shell daemon. The communication method of this application is described below in conjunction with this edge device. (See reference...) Figure 3In one embodiment, the communication method of this application includes the following steps:

[0071] S301. The client device sends a WebSocket connection request to the cloud platform.

[0072] S302, The cloud platform generates the first WebSocket message.

[0073] S303, the cloud platform sends the first WebSocket message to the edge device through a preset WebSocket channel.

[0074] S301 to S303 are similar to S201 to S203.

[0075] S304. The agent module sends a secure shell connection request to the secure shell daemon.

[0076] Specifically, the proxy module sends a Secure Shell connection request to the Secure Shell daemon based on the connection request message identifier.

[0077] S305, The enclosure daemon performs security authentication on enclosure connection information.

[0078] Specifically, the Secure Shell daemon performs security authentication on the Secure Shell connection request. If the Secure Shell connection passes authentication, step S306 is executed. If the Secure Shell connection fails authentication, the Secure Shell daemon can send a Secure Shell connection failure message to the agent module.

[0079] S306, the agent module and the secure shell daemon establish a secure shell connection.

[0080] After the agent module and the Secure Shell daemon establish a Secure Shell connection, they can communicate based on the Secure Shell protocol.

[0081] S307. The edge device sends a second WebSocket message to the cloud platform through a preset WebSocket channel.

[0082] S308, The cloud platform sends a WebSocket connection response to the client device.

[0083] S307-S308 are similar to S206-S207. After receiving the WebSocket connection response, the client device can indicate that the remote secure login was successful.

[0084] The secure shell-based method for transmitting information involves single-character transmission. When client devices, cloud platforms, and edge devices transmit single characters, communication efficiency is very low, requiring multiple interactions to complete message transmission. In this application, both the client device and the cloud platform can transmit strings, as can the cloud platform and the edge device, thus improving communication efficiency. A detailed description follows; please refer to the relevant documentation. Figure 4 In one optional embodiment, the communication method in this application includes the following steps:

[0085] S401, The client device sends a string to the cloud platform.

[0086] S402, The cloud platform sends a third WebSocket message to the edge device through a preset WebSocket channel.

[0087] The third WebSocket message includes a string and a connection identifier. Optionally, the third WebSocket message carries an interaction message identifier, which identifies the message type of the third WebSocket message as an interaction message. In addition to the connection request message identifier and the interaction message identifier, this application can also set other message type identifiers according to actual needs, such as a disconnection message identifier.

[0088] S403: The cloud platform receives the string and connection identifier sent by the edge device through a preset websocket channel.

[0089] Specifically, a string and a connection identifier can be carried through one or more WebSocket messages. For example, when the string is short, a single WebSocket message can carry both the string and the connection identifier. When the string is long, multiple WebSocket messages can be sent, each carrying a substring of the string and a connection identifier, thus transmitting the complete string.

[0090] Optionally, the string may include a carriage return character. After the user enters a message and presses the Enter key, the client device may send a string including a carriage return character to the cloud platform. The string may be, but is not limited to, a command or a message.

[0091] S404, the cloud platform sends the string to the client device.

[0092] After receiving the string, the client device can display it.

[0093] For example, when the string contains 5 characters, the client device, cloud platform, and edge device would require 5 interactions using the single-character transmission method. With the single-character transmission method, the client device, cloud platform, and edge device only need to transmit the string once, which is 5 times faster than single-character transmission, thus significantly improving communication speed.

[0094] In practical applications, the lengths of multiple transmitted strings often vary, and the transmission durations of each string differ. Relying solely on the transmission duration makes it difficult to promptly detect connection failures. This application allows setting a time threshold based on the transmission duration of fixed-length strings. If the transmission duration exceeds the time threshold, it indicates a connection failure between the client and the edge device or the secure shell, thus providing timely feedback on the connection status.

[0095] The following describes the process of transmitting strings between edge devices and the cloud platform. The proxy module in the edge device can be configured with a length threshold. When the string length is less than or equal to the length threshold, the string is considered a short string; when the string length is greater than the length threshold, the string is considered a long string. The length threshold can be set according to actual conditions. For example, the length threshold can be the arithmetic mean or weighted average of string lengths over a period of time, or it can be an empirical value.

[0096] When the string is short, the proxy module splits the string from the cloud platform into multiple characters and sends these characters sequentially to the Secure Shell daemon. The Secure Shell daemon processes the characters and sends them back to the proxy module. The proxy module then assembles the received characters into a string and sends the string along with a connection identifier to the cloud platform. The cloud platform then sends the string to the client device based on the connection identifier.

[0097] For example, after the client device sends "ls\n" to the cloud platform, the cloud platform sends "ls\n" to the proxy module via a WebSocket channel. The proxy module then sends "l", "s", and "\n" to the Secure Shell daemon in sequence, and the Secure Shell daemon returns "l", "s", and "\n" respectively. After receiving "ls\n", the proxy module sends "ls\n" and the connection identifier to the cloud platform via the WebSocket channel. The cloud platform then sends "ls\n" to the client device, and the client device displays "ls".

[0098] When the string is long, it needs to be transmitted via multiple WebSocket messages. The following section details the process of transmitting long strings between edge devices and cloud platforms. Figure 5 In one optional embodiment, the communication method in this application includes the following steps:

[0099] S501, The client device sends a string to the cloud platform.

[0100] S502, the cloud platform sends a third WebSocket message to the edge device through a preset WebSocket channel.

[0101] S503, the proxy module splits the string into multiple characters.

[0102] S504, The agent module sends characters to the secure shell daemon.

[0103] S505, The Secure Shell Daemon sends characters to the Agent Module.

[0104] S504 to S505 describe the process by which the agent module and the secure shell daemon transmit characters via a secure shell connection.

[0105] S506, the proxy module combines characters into substrings.

[0106] Specifically, the proxy module assembles the characters sent by the security shell daemon into substrings, where the substrings are strings and their length is less than or equal to a length threshold.

[0107] S507: The proxy module sends a substring and connection identifier to the cloud platform through a preset websocket channel.

[0108] S508, the cloud platform sends the substring to the client device.

[0109] For example, with a length threshold of 5 and a string length of 15, the proxy module can assemble the characters sent by the Secure Shell daemon into three substrings, each containing 5 characters. This allows the entire string to be transmitted via three WebSocket messages. The length threshold affects communication speed; generally, a longer length threshold results in faster communication.

[0110] In an optional embodiment, the communication method of this application further includes: when the length of the string is greater than a length threshold and the time interval between the client device receiving adjacent substrings exceeds a time threshold, the client device outputs a secure shell connection timeout signal.

[0111] In this embodiment, each time a string of fixed length is transmitted, the client device can pre-configure a time threshold based on the transmission time interval of the fixed-length string. When the client device receives the string, if the time threshold is exceeded, a connection failure is determined. The type of the output security shell connection timeout signal can be text, image, audio signal or visual signal, so as to promptly remind the user of the abnormal connection between the client device and the edge device or the security shell connection abnormality.

[0112] The hardware for implementing the communication method in this application is described below. (See attached document.) Figure 6 In one embodiment, the cloud platform 130 of this application includes a receiving module 601, a processing module 602, and a sending module 603. The receiving module 601 is used to receive a WebSocket connection request sent by a client device. The processing module 602 is used to generate a first WebSocket message. The sending module is used to send the first WebSocket message to an edge device through a preset WebSocket channel. The receiving module 601 is also used to receive a second WebSocket message sent by the edge device through the WebSocket channel. The sending module 603 is also used to send a WebSocket connection response to the client device according to the connection identifier in the second WebSocket message.

[0113] As an example of a software functional unit, processing module 602 may include code running on a computing instance. The computing instance may include at least one of a physical host (computing device), a virtual machine, or a container. Further, the aforementioned computing instance may be one or more. For example, processing module 602 may include code running on multiple hosts / virtual machines / containers. It should be noted that the multiple hosts / virtual machines / containers used to run the code may be distributed within the same region or in different regions. Further, the multiple hosts / virtual machines / containers used to run the code may be distributed within the same availability zone (AZ) or in different AZs, each AZ including one or more geographically proximate data centers. Typically, a region may include multiple AZs.

[0114] Similarly, multiple hosts / virtual machines / containers used to run this code can be distributed within the same Virtual Private Cloud (VPC) or across multiple VPCs. Typically, a VPC is set up within a region. Communication between two VPCs within the same region, as well as between VPCs in different regions, requires a communication gateway to be set up within each VPC to enable interconnection between VPCs.

[0115] As an example of a hardware functional unit, the processing module 602 may include at least one computing device, such as a server. Alternatively, the processing module 602 may also be a device implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD). The PLD may be implemented using a complex programmable logical device (CPLD), a field-programmable gate array (FPGA), generic array logic (GAL), or any combination thereof.

[0116] The processing module 602 includes multiple computing devices that can be distributed within the same region or in different regions. Similarly, the processing module 602 can be distributed within the same Availability Zone (AZ) or in different AZs. Likewise, the processing module 602 can be distributed within the same Virtual Private Cloud (VPC) or in multiple VPCs. These multiple computing devices can be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.

[0117] In other embodiments, the processing module 602 may be used to perform Figures 2-5 In the communication method shown, the receiving module 601 can be used to execute any step performed by the cloud platform. Figures 2-5 In the communication method shown, the sending module 603 can be used to execute any step performed by the cloud platform. Figures 2-5 In the communication method shown, any step executed by the cloud platform, and the steps implemented by the receiving module 601, processing module 602, and sending module 603, can be specified as needed and implemented by the receiving module 601, processing module 602, and sending module 603 respectively. Figures 2-5 The different steps in the communication method shown enable the full functionality of the cloud platform. The steps performed by the receiving module 601, processing module 602, and sending module 603 can be implemented by the node remote management module 131.

[0118] See Figure 7In one embodiment, the edge device 141 of this application includes a proxy module 701 and a secure shell daemon process 702. The proxy module 701 is used to receive a first WebSocket message sent by the cloud platform through a preset WebSocket channel. The secure shell daemon process 702 is used to perform security authentication on the secure shell connection information. When the secure shell connection information passes the security authentication, the proxy module 701 establishes a secure shell connection with the secure shell daemon process 702. The proxy module 701 is also used to send a second WebSocket message to the cloud platform through the WebSocket channel.

[0119] As an example of a software functional unit, the agent module 701 may include code running on a computing instance. The computing instance may include at least one of a physical host (computing device), a virtual machine, or a container. Further, the aforementioned computing instance may be one or more. For example, the agent module 701 may include code running on multiple hosts / virtual machines / containers. It should be noted that the multiple hosts / virtual machines / containers used to run the code may be distributed within the same region or in different regions. Further, the multiple hosts / virtual machines / containers used to run the code may be distributed within the same availability zone (AZ) or in different AZs, each AZ including one or more geographically proximate data centers. Typically, a region may include multiple AZs.

[0120] Similarly, multiple hosts / virtual machines / containers used to run this code can be distributed within the same Virtual Private Cloud (VPC) or across multiple VPCs. Typically, a VPC is set up within a region. Communication between two VPCs within the same region, as well as between VPCs in different regions, requires a communication gateway to be set up within each VPC to enable interconnection between VPCs.

[0121] As an example of a hardware functional unit, the processing module 602 may include at least one computing device, such as a server. Alternatively, the proxy module 701 may also be a device implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD). The PLD may be implemented using a complex programmable logical device (CPLD), a field-programmable gate array (FPGA), generic array logic (GAL), or any combination thereof.

[0122] The multiple computing devices included in the proxy module 701 can be distributed within the same region or in different regions. Similarly, the multiple computing devices included in the proxy module 701 can be distributed within the same Availability Zone (AZ) or in different AZs. Likewise, the multiple computing devices included in the proxy module 701 can be distributed within the same Virtual Private Cloud (VPC) or multiple VPCs. These multiple computing devices can be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.

[0123] In other embodiments, the proxy module 701 can be used to perform... Figures 2-5 In the communication method shown, any step executed by the edge device can be performed by the secure shell daemon 702. Figures 2-5 In the communication method shown, any step executed by the edge device, and the steps implemented by the proxy module 701 and the secure shell daemon process 702, can be specified as needed and implemented by the proxy module 701 and the secure shell daemon process 702 respectively. Figures 2-5 The different steps in the communication method shown enable the full functionality of the edge device.

[0124] See Figure 8 In one optional embodiment, the client device 111 of this application includes a receiving module 801, a processing module 802, and a sending module 803. The sending module 803 is used to send a WebSocket connection request to the cloud platform, and the receiving module 801 is used to receive the WebSocket connection response sent by the cloud platform.

[0125] In other embodiments, the processing module 802 may be used to perform Figures 2-5 In the communication method shown, the receiving module 801 can perform any step executed by the client device. Figures 2-5In the communication method shown, the sending module 803 can perform any step executed by the client device. Figures 2-5 In the communication method shown, any step executed by the client device, and the steps implemented by the receiving module 801, processing module 802, and sending module 803, can be specified as needed and implemented by the receiving module 801, processing module 802, and sending module 803 respectively. Figures 2-5 The different steps in the communication method shown enable the client device to perform all its functions.

[0126] In an optional embodiment, when the length of the string is greater than the length threshold and the time interval between the receiving module 801 receiving adjacent substrings exceeds the time threshold, the processing module 802 is used to output a security enclosure connection timeout signal.

[0127] This application also provides a computing device 900. For example... Figure 9 As shown, in one embodiment, the computing device 900 includes a bus 902, a processor 904, a memory 906, and a communication interface 908. The processor 904, the memory 906, and the communication interface 908 communicate with each other via the bus 902. It should be understood that this application does not limit the number of processors and memory in the computing device 900.

[0128] The 902 bus can be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus, etc. Buses can be categorized as address buses, data buses, control buses, etc. For ease of representation, Figure 9 The bus 904 is represented by a single line, but this does not mean that there is only one bus or one type of bus. The bus 904 may include a path for transmitting information between various components of the computing device 900 (e.g., memory 906, processor 904, communication interface 908).

[0129] Processor 904 may include any one or more processors such as a central processing unit (CPU), graphics processing unit (GPU), microprocessor (MP), or digital signal processor (DSP). The processor includes multiple processing cores.

[0130] The memory 906 may include volatile memory, such as random access memory (RAM). The memory 906 may also include non-volatile memory, such as read-only memory (ROM), flash memory, hard disk drive (HDD), or solid-state drive (SSD). In some embodiments, the memory 906 stores executable program code, which the processor 904 executes to implement the functions of the aforementioned proxy module 701 and secure shell daemon 702, thereby implementing the aforementioned communication method. In other embodiments, the memory 906 stores executable program code, which the processor 904 executes to implement the functions of the aforementioned receiving module 801, processing module 802, and sending module 803, thereby implementing the aforementioned communication method.

[0131] The communication interface 908 uses transceiver modules, such as, but not limited to, network interface cards and transceivers, to enable communication between the computing device 900 and other devices or communication networks.

[0132] This application also provides a computing device cluster. The computing device cluster includes at least one computing device. The computing device can be a server, such as a central server, an edge server, or a local server in a local data center. In some embodiments, the computing device can also be a terminal device such as a desktop computer, a laptop computer, or a smartphone.

[0133] like Figure 10 As shown, the computing device cluster includes at least one computing device 900. The memory 906 in one or more computing devices 900 in the computing device cluster may store the same instructions for executing communication methods.

[0134] In some possible implementations, the memory 906 of one or more computing devices 900 in the computing device cluster may also store partial instructions for executing the communication method. In other words, a combination of one or more computing devices 900 can jointly execute the instructions for executing the communication method.

[0135] It should be noted that the memory 906 in different computing devices 900 within the computing device cluster can store different instructions, each used to execute a portion of the cloud platform's functions. That is, the instructions stored in the memory 906 of different computing devices 900 can implement the functions of the receiving module 701, the processing module 702, or the sending module 703.

[0136] This application also provides a computer program product containing instructions. The computer program product may be a software or program product containing instructions, capable of running on a computing device or stored on any usable medium. When the computer program product is run on at least one computing device, it causes the at least one computing device to execute the communication method of this application.

[0137] This application also provides a computer-readable storage medium. The computer-readable storage medium can be any available medium capable of being stored by a computing device, or a data storage device such as a data center containing one or more available media. The available medium can be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid-state drive). The computer-readable storage medium includes instructions that instruct the computing device to execute the communication method of this application.

[0138] The terms "first," "second," etc., used in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments described herein can be implemented in a sequence other than that illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0139] The above embodiments are only used to illustrate the technical solutions of the present invention, and are not intended to limit it. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the protection scope of the technical solutions of the embodiments of the present invention.

Claims

1. A communication method, characterized in that, include: The cloud platform receives a WebSocket connection request sent by a client device. The WebSocket connection request includes Secure Shell connection information, which is used to establish a Secure Shell connection. The cloud platform generates a first WebSocket message, which includes the secure shell connection information, a connection request message identifier, and the connection identifier. The cloud platform sends the first WebSocket message to the edge device through a preset WebSocket channel; The cloud platform receives a second WebSocket message sent by the edge device through the WebSocket channel. The second WebSocket message is sent by the edge device after establishing the secure shell connection. The cloud platform sends a WebSocket connection response to the client device based on the connection identifier in the second WebSocket message.

2. The method according to claim 1, characterized in that, The method further includes: The cloud platform receives the string sent by the client device; The cloud platform sends a third WebSocket message to the edge device through the WebSocket channel. The third WebSocket message includes a string and the connection identifier. The cloud platform receives the string and connection identifier sent by the edge device through the websocket channel; The cloud platform sends the string to the client device based on the connection identifier.

3. The method according to claim 2, characterized in that, The length of the string is greater than the length threshold; The cloud platform receives the string and connection identifier sent by the edge device through the websocket channel, including: the cloud platform receives a substring and the connection identifier sent sequentially by the edge device, wherein the substring belongs to the string and the length of the substring is less than or equal to the length threshold; The cloud platform sending the string to the client device according to the connection identifier includes: the cloud platform sequentially sending the substring to the client device according to the connection identifier.

4. The method according to any one of claims 2 to 3, characterized in that, The string includes a newline character.

5. A communication method, characterized in that, include: The edge device receives a first WebSocket message sent by the cloud platform through a preset WebSocket channel. The first WebSocket message includes secure shell connection information, a connection request message identifier, and a connection identifier. The edge device performs security authentication on the security enclosure connection information; When the security enclosure connection information passes security authentication, the edge device establishes a security enclosure connection; The edge device sends a second WebSocket message to the cloud platform through the WebSocket channel, the second WebSocket message including the connection identifier.

6. The method according to claim 5, characterized in that, The edge device performs security authentication on the security enclosure connection information, including: The agent module of the edge device sends a secure shell connection request to the secure shell daemon of the edge device according to the request connection message identifier, and the secure shell connection request includes the secure shell connection information; The edge device's security enclosure daemon performs security authentication on the security enclosure connection information.

7. The method according to claim 5, characterized in that, The method further includes: The edge device receives a third WebSocket message sent by the cloud platform, the third WebSocket message including a string and the connection identifier; The edge device sends the string and the connection identifier to the cloud platform through the websocket channel.

8. The method according to claim 7, characterized in that, The edge device sends the string and the connection identifier to the cloud platform through the websocket channel, including: The proxy module of the edge device splits the string into multiple characters; The proxy module of the edge device sends the characters sequentially to the security shell daemon process of the edge device; The proxy module of the edge device receives characters sequentially sent by the security shell daemon of the edge device; When the length of the string is less than or equal to the length threshold and the proxy module of the edge device receives the string, the proxy module of the edge device sends the string and the connection identifier to the cloud platform; When the length of the string is greater than the length threshold, the proxy module of the edge device will sequentially assemble the characters from the security shell daemon of the edge device into a substring of the string, and the proxy module of the edge device will send the substring and the connection identifier to the cloud platform. The length of the substring is less than or equal to the length threshold.

9. A communication method, characterized in that, include: The client device sends a WebSocket connection request to the cloud platform. The WebSocket connection request includes Secure Shell connection information. The WebSocket connection request is used by the cloud platform to generate a first WebSocket message. The client device receives a WebSocket connection response sent by the cloud platform, which is sent by the cloud platform based on the connection identifier in the second WebSocket message.

10. The method according to claim 9, characterized in that, The method further includes: The client device sends a string to the cloud platform; The client device receives the string sent by the cloud platform.

11. The method according to claim 9 or 10, characterized in that, The length of the string is greater than the length threshold, and the method further includes: When the time interval between the client device receiving adjacent substrings exceeds a time threshold, the client device outputs a secure shell connection timeout signal.

12. A cloud platform, characterized in that, include: The receiving module is used to receive a WebSocket connection request sent by a client device. The WebSocket connection request includes Secure Shell connection information, which is used to establish a Secure Shell connection. The processing module is used to generate a first WebSocket message, the first WebSocket message including the Secure Shell connection information, a connection request message identifier, and the connection identifier; The sending module is used to send the first WebSocket message to the edge device through a preset WebSocket channel; The receiving module is also configured to receive a second WebSocket message sent by the edge device through the WebSocket channel, the second WebSocket message being sent by the edge device after establishing the secure shell connection; The sending module is further configured to send a WebSocket connection response to the client device based on the connection identifier in the second WebSocket message.

13. The cloud platform according to claim 12, characterized in that, The receiving module is also used to receive a string sent by the client device; The sending module is further configured to send the third WebSocket message to the edge device through the WebSocket channel, the third WebSocket message including the string and the connection identifier; The receiving module is also configured to receive the string and the connection identifier sent by the edge device through the websocket channel; The sending module is further configured to send the string to the client device according to the connection identifier.

14. The cloud platform according to claim 13, characterized in that, The length of the string is greater than the length threshold; The receiving module is further configured to receive a substring and the connection identifier sequentially sent by the edge device, wherein the substring belongs to the string and the length of the substring is less than or equal to the length threshold; The sending module is also used to send the substring to the client device in sequence.

15. The cloud platform according to any one of claims 13 to 14, characterized in that, The string includes a newline character.

16. An edge device, characterized in that, include: The proxy module is used to receive the first WebSocket message sent by the cloud platform through a preset WebSocket channel. The first WebSocket message includes secure shell connection information, a connection request message identifier, and a connection identifier. A secure enclosure daemon is used to perform security authentication on the secure enclosure connection information; when the secure enclosure connection information passes the security authentication, a secure enclosure connection is established. The proxy module is further configured to send a second WebSocket message to the cloud platform through the WebSocket channel, the second WebSocket message including the connection identifier.

17. The apparatus according to claim 16, characterized in that, The proxy module is specifically used to send a Secure Shell connection request to the Secure Shell daemon based on the connection request message identifier, and the Secure Shell connection request includes the Secure Shell connection information. The secure enclosure daemon is specifically used to perform security authentication on the secure enclosure connection information.

18. The apparatus according to claim 16, characterized in that, The proxy module is also used to receive a third WebSocket message sent by the cloud platform, the third WebSocket message including a string and the connection identifier; The proxy module is also used to send the string and the connection identifier to the cloud platform through the websocket channel.

19. The apparatus according to claim 18, characterized in that, The proxy module is specifically used to split the string into multiple characters; send the characters sequentially to the security shell daemon process of the edge device; and receive the characters sequentially sent by the security shell daemon process. When the length of the string is less than or equal to the length threshold and the proxy module receives the string, the proxy module is specifically used to send the string and the connection identifier to the cloud platform; When the length of the string is greater than the length threshold, the proxy module is specifically used to assemble the characters from the security shell daemon into substrings of the string, and send the substrings and the connection identifier to the cloud platform. The length of the substring is less than or equal to the length threshold.

20. A client device, characterized in that, include: The sending module is used to send a WebSocket connection request to the cloud platform. The WebSocket connection request includes Secure Shell connection information. The WebSocket connection request is used by the cloud platform to generate a first WebSocket message. The receiving module is used to receive the WebSocket connection response sent by the cloud platform, which is sent by the cloud platform based on the connection identifier in the second WebSocket message.

21. The apparatus according to claim 20, characterized in that, The sending module is also used to send strings to the cloud platform; The receiving module is also used to receive the string sent by the cloud platform.

22. The apparatus according to claim 20 or 21, characterized in that, The device further includes a processing module, which outputs a security enclosure connection timeout signal when the length of the string is greater than a length threshold and the time interval between the receiving module receiving adjacent substrings exceeds a time threshold.

23. A computing device cluster, characterized in that, The system includes at least one computing device, each computing device including a processor and a memory; the processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the cluster of computing devices to perform the method as described in any one of claims 1 to 4.

24. A computing device, comprising a processor and a memory, characterized in that, The processor is configured to execute instructions stored in the memory to cause the computing device to perform the method as described in any one of claims 5 to 11.

25. A computer-readable storage medium, characterized in that, Includes computer program instructions, which, when executed by a cluster of computing devices, perform the method as described in any one of claims 1 to 11.

26. A computer program product containing instructions, characterized in that, When the instruction is executed by the computing device cluster, the computing device cluster causes the computing device cluster to perform the method as described in any one of claims 1 to 11.