Along with the social and economic development, constant growth has been observed due to the number of motor vehicles and gas stations. Given that there are many geographically-dispersed chain gas stations, to easily grasp the real-time status of each station and improve their management quality and efficiency, petrochemical enterprises must put into place their own electronic retail trade system of refined oil products, while transforming the system through advanced electronic information technology, replacing cash, gasoline coupons, and other conventional settlement modes with information-based means, and automatically collecting electronic payment and transaction data. Meanwhile, retail management information systems shall be installed at petroleum companies and gas stations of all levels to increase the technological elements and service levels of gas station management and operations. According to gas station existing service and future service requirements, it is imperative to construct an integrated information network of gas stations that features high security, high reliability, and full-service.
Gas Station Service Demands
It is required to automatically collect basic marketing data of refined oil products, transmit service data information through the network, and assist management and decision making with technical expertise and tools.
Based on its in-depth understanding of the services and gas station user requirements on information technology, H3C has proposed the networking principles below:
- Interconnection: It shall cover PetroChina's entire marketing system, from terminal (particularly oil depots, oil stations and, sales room) outlets to the information network of administrative departments at all levels, capable of transmitting basic information;
- Security protection: By analyzing the entire oil product marketing system, relevant technical means are employed to patch security holes and prevent risks.
- Data concentration: Different sales module subsystems shall be centrally deployed to realize centralized headquarter control over data.
- Information integration: It shall be based on open, flexible, and standard technical architecture to accommodate application integration and future service reforms. After the completion of basic data transmission and protection, the system shall use existing line resources to meet more service demands, such as monitoring oil disbursement machines, oil depots, and other key locations, and voice communication between gas stations and the headquarters.
1. Solution Overview
Given the increasing integration of IP-based information technology, communication technology, and storage technology, and combining with the service demands and construction principles of gas stations, H3C has provided gas stations with integrated solutions and personalized services to help users build a unified and open platform, and finally meet custom user service demands.
H3C's integrated solution for gas stations is composed of five aspects, covering a basic network platform, integrated security platform, multi-media communication and monitoring platform, intelligent network management platform, and data storage platform. These platforms have been employed to realize different purposes, e.g., a basic network platform for "interconnection and open standards", integrated security platform and intelligent network management platform for "defense in depth and data security", centralized data storage for "integration of management and control, and centralized processing, "multi-media communication, and monitoring platform for "media services, unification and fusion".
2. Basic Network Platform
Through a dial-up networking connection, gas stations regularly report each day’s transaction data to provincial-level data centers or the headquarters data center via prefecture-level front-end system. There are two data bearers:
Implementation: A VPN channel can be established between PC and the central VPN gateway of prefecture-level companies via the Internet, by applying dial-in methods such as SSL VPN or IPsec VPN to PC or connecting the PC with an external ADSL Modem, to handle services. With the IPSec VPN method, it is also possible to use EAD (an endpoint admission software) to monitor the secure state of terminals in real time. With the SSL VPN method, no software needs to be installed at the client.
Solution features: The provincial-level network can provide two VPN access modes, i.e., IPSec and SSL. The IPsec VPN can better support network service and monitor the secure state of terminals in coordination with EAD, but requires the installation of software, leading to higher maintenance cost. The SSL VPN can provide access without any additional software installations and can better support B/S-mode service. Although it possesses a lower maintenance cost, it has limited capacity to support handling complicated services.
Implementation: Since several PCs or Win terminals are used in a gas station, switches shall be used first to create a small LAN environment in the gas station. With VPN gateway products installed at its exit, the LAN is connected to the Internet via dialing the ADSL Modem. A VPN channel is established between the VPN gateway products and VPN gateway of the gas station management center. Services can be handled at all terminals or PCs of the gas station, with traffic aggregated at the parent company. EAD is used to monitor the secure state of terminals inside the gas station.
Solution features: Besides enabling users to conduct high-performance networking via VPN hardware, H3C SecPathF100-C device itself can provide firewall, switch, router and other additional functions, being very high in cost performance. The equipment can serve multiple functions for local networking of a gas station. If SSL VPN access is required, terminals inside the gas station can also be connected to the superior gateway directly by SSL VPN through Internet exit gateway, to complete SSL VPN access.
3. Integrated Security Platform
From the perspective of security, the conventional gas station solutions have two aspects that need to be improved:
● Security of terminals in use: It mainly refers to the security and control of terminals for uploading data, to ensure that data are uploaded from correct and secure terminals.
● Security of data access: It mainly refers to the security of data flow during transmission, to ensure that up-link data are free of relevant viruses, network attacks, and other traffic, reducing network pressure and security risks.
For the existing problems, H3C has proposed solutions to reform and optimize the network. With a focus on network security and the simplicity of management in operations and maintenance, it is expected to help enterprises realize business objectives through the optimization and reform of the basic information network. There are two main methods to optimize the existing network architecture on the whole. Security devices such as firewalls and IPS shall be inserted into the network to address any security problems during the transmission of data flow. H3C Endpoint Admission Defense (EAD) shall be used to ensure secure and reliable terminal user access. Security devices such as firewalls and IPS shall mainly be deployed at network exits or the front ends of server farms, to protect key areas as isolated single-point defenses;
Endpoint Admission Defense (EAD) is designed to integrate isolated single-point defenses, implement enterprise security policies uniformly, and strengthen active network defense, reducing the hazards brought by viruses, illegal access, and other security threats to enterprises. To achieve the above objectives, H3C has proposed an overall solution including inspection, isolation, repair, and monitoring.
4. Multi-media Communication and Monitoring Platform
Due to gasoline theft and other long-standing management problems inherent of gas stations, to bolster management, all major petroleum companies have continued to improve technical equipment for gas stations, e.g., installation of radar level gauges, oil tank truck positioning systems, and gas station monitoring systems. For common gas stations, 3-4 monitoring points shall be deployed to monitor fuel tankers (oil discharge process), sales rooms (primarily referring to cashiers), work zone (refueling area), and other key areas.
The network monitoring system of a gas station comprises front-end monitoring equipment for the gas station and the monitoring center for the provincial-level company. The images of all cameras are input from all gas stations into ECR series of video encoders. With a bandwidth of only about 2M or 4M, video images of station terminals can be stored locally, while the images of key events when an alarm is raised or that the parent company is concerned can be uploaded to the storage devices at the municipal-level or provincial-level company. A VM video management server is deployed in the municipal-level or provincial-level company to take charge of device access, user registration, authority management of subordinate gas stations, and other services. A DM data management server and IP-SAN are deployed to monitor the storage of station-level monitoring images and backup storage of key event images. The VC clients of some software and hardware decoders shall be provided for real-time monitoring and subsequent checks.
To prevent falsification from gas stations, it is crucial to monitor the oil discharge process. This process generally takes place at a fixed time each day. The video monitoring data need to be uploaded to the monitoring center. According to actual conditions, the data recorded in other time slots need not or need to be partially uploaded to the monitoring center. In this way, the space for centralized storage can be saved to the minimum extent. The transmission lines now used in most gas stations are ADSL (1M or 2M). A majority of gas stations have been networked on the basis of VPNs.
It is suggested to use ECR3316 or ECR3308 to locally store gas station monitoring images. They support scheduled picture recording, recording triggered by external alarms, recording triggered by motion detection, manual recording, and other modes. The videos can be viewed via TV screen and PCs in the monitoring center. For important areas, it is suggested to conduct remote backup storage in the monitoring center for future checks.
● Massive and highly-reliable storage
With a built-in hard disk position, an enterprise-level SATA hard disk is used to support professional data protection and storage techniques such as RAID5 and JBOD. Any hard disk failure will not lead to data loss or service interruption. It also supports hard disk hot backup and online replacement. When 750G SATA disk is used, massive local-storage as large as 6TB can be provided. It can also reduce the occupation of WAN bandwidth.
● HD image quality
The compression algorithm completely conforms to the international standard H.264 Baseline Profile, with the maximum code stream of 4 Mbps, supporting the real FULL D1 HD image format and providing higher image quality under dynamic conditions.
● Flexible dual-stream
It supports H.264 and MJPEG compressed formats. Real-time streams and storage streams can be encoded in the same or in different manners as needed. For instance, H.264 code stream with D1 full-frame rate and up to 4 Mbps is adopted for real-time streams to provide HD real-time image quality, while MJPEG code stream with D1 low frame rate is used for the storage stream to facilitate obtaining HD evidence and lowering storage capacity requirements. According to gas station demands, it supports adopting fast-streaming storage at some important areas while using MJPEG code streams with D1 low frame rate at some non-key areas to facilitate obtaining HD evidence and lowering storage capacity requirements.
● Integrated network management
It supports heartbeat detection and can easily achieve centralized configuration and unified network management of ECR by the central management platform. The internal storage resource is subject to the complete management and unified configuration of the central management platform. A virtual storage pool is created under the unified management of the network monitoring management platform.
5. Advantages of H3C Gas Station Solutions:
Interconnected: Flexible network access modes, supporting multiple access modes such as IPSec VPN, SSL VPN and SDH, and satisfying the needs of various gas station sizes for access. Headquarters uses Data Center Fabric with data service as the core to support the structurally centralized distributed data.
Security management: Comprehensive security management platform is established for the management analysis of global security events, and oriented to the security risks and relevant security flaws. A full identity verification is performed on access users. For exit, core and other key devices, comprehensive protection, and business management with Layer 2 to Layer 7 wire speed have come into being.
Application integration: IP-based multi-service integration of voice, video and monitoring IP voice, IP video and IP monitoring are no longer closed systems but can better support the expansion of media services. OAP-based service customization can satisfy future-oriented service demands.
Order information for solutions:
Basic network platform
Network bearing platform
SecPath Series VPN
H3C MSR 20-1X Router
Integrated security platform
Network exit defense
EAD security service modules IMC Basic access management IPS and SecPath series products
Data storage platform
Multi-server centralized storage solution
H3C IX3040 H3C/EX800/EX1540 IP base Replication TIMEMARK/TIMEVIEW software Disksafe software
D2D backup solution
Remote disaster backup/recovery solution
WINDWOS protection/recovery solution
Media communication and monitoring platform
intelligent management platform
H3C IVS3000 management platform H3C EC1000/ECR3300 series
SNMP network management (Quidview)
H3C iMC basic platform
Traffic flow analysis and management (NTA)
Operation and access control
User BehaviorAnalytics Solution (UBAS)
Centralized Security Policy Management Center
Neocean storage system management software