CN110611591A - Network topology establishing method and device - Google Patents
Network topology establishing method and device Download PDFInfo
- Publication number
- CN110611591A CN110611591A CN201910882796.0A CN201910882796A CN110611591A CN 110611591 A CN110611591 A CN 110611591A CN 201910882796 A CN201910882796 A CN 201910882796A CN 110611591 A CN110611591 A CN 110611591A
- Authority
- CN
- China
- Prior art keywords
- network
- sub
- server
- access control
- control list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for establishing network topology, wherein the method is applied to electronic equipment and comprises the following steps: acquiring sub-networks owned by the equipment from a cloud end, and determining server information included by each sub-network; and aiming at each sub-network, acquiring an access control list of each server in the sub-network from the cloud, and establishing a topological structure of the sub-network according to the acquired access control list and the server information included in the sub-network, wherein the cloud can monitor the service condition of each server in real time, so that the accuracy and timeliness of the data acquired from the cloud can be ensured. And because the data acquired from the cloud is not influenced by the operation condition of the server, the data can be acquired in a non-invasive manner, and the network topology structure can be established by the flow of 0. In addition, the network topology established according to the access control list of the server can provide the communication condition between the servers for the user, and further discover the vacancy condition of the server.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a network topology establishing method and device.
Background
At present, due to the portability and practicability of cloud (such as Ali cloud, Tencent cloud and the like), the cloud is widely applied to various businesses of companies. However, as company business expands, the number of used cloud servers is continuously increasing, and as the cloud servers increase too fast and the management process is not standardized, many vacant servers and ghost servers appear, and the cloud servers become targets of hacking, thereby causing great potential safety hazards and resource waste.
Disclosure of Invention
The present invention provides a method and an apparatus for establishing a network topology, which are directed to the above-mentioned deficiencies of the prior art, and the object is achieved by the following technical solutions.
The first aspect of the present invention provides a network topology establishing method, which is applied to an electronic device, and the method includes:
acquiring sub-networks owned by the equipment from a cloud end, and determining server information included by each sub-network;
and aiming at each sub-network, acquiring an access control list of each server in the sub-network from the cloud, and establishing a topological structure of the sub-network according to the acquired access control list and the server information included in the sub-network.
Preferably, the determining the server information included in each sub-network includes: acquiring server information owned by the equipment and server identifications included by each sub-network from the cloud, wherein the server information at least includes the server identifications; for each sub-network, the server information corresponding to the server identifier included in the sub-network is queried from the server information as the server information included in the sub-network.
Preferably, the establishing a topology of the sub-network according to the obtained access control list and the server information included in the sub-network includes: establishing an unlimited connection relation for any two servers in the sub-network; and aiming at the access control list of each server, inquiring other servers with rule limitation to the server according to the access control list, and modifying the unlimited connection relation between the other servers.
Preferably, the modifying the unrestricted connectivity relationship with the other servers includes: determining a limited communication relation with the other servers according to the access control list; and modifying the unlimited connectivity with the other servers by utilizing the limited connectivity.
A second aspect of the present invention provides a network topology establishing apparatus, which is applied to an electronic device, and includes:
the acquisition module is used for acquiring the sub-networks owned by the equipment from the cloud and determining the server information included by each sub-network;
and the establishing module is used for acquiring the access control list of each server in the sub-network from the cloud terminal aiming at each sub-network, and establishing the topological structure of the sub-network according to the acquired access control list and the server information included by the sub-network.
Preferably, the obtaining module is specifically configured to, in a process of determining server information included in each sub-network, obtain, from the cloud, server information owned by the device and a server identifier included in each sub-network, where the server information at least includes the server identifier; for each sub-network, the server information corresponding to the server identifier included in the sub-network is queried from the server information as the server information included in the sub-network.
Preferably, the establishing module is specifically configured to establish an unrestricted connectivity relationship for any two servers in the sub-network in a process of establishing a topology structure of the sub-network according to the obtained access control list and server information included in the sub-network; and aiming at the access control list of each server, inquiring other servers with rule limitation to the server according to the access control list, and modifying the unlimited connection relation between the other servers.
Preferably, the establishing module is specifically configured to determine, according to the access control list, a restricted connectivity relationship with the other server in a process of modifying the unrestricted connectivity relationship with the other server; and modifying the unlimited connectivity with the other servers by utilizing the limited connectivity.
In the embodiment of the application, the sub-networks owned by the device are obtained from the cloud, the server information included in each sub-network is determined, then, for each sub-network, the access control list of each server in the sub-network is obtained from the cloud, and the topology structure of the sub-network is established according to the obtained access control list and the server information included in the sub-network.
Based on the description, the cloud end can monitor the service condition of each server in real time, so that the accuracy and timeliness of the data acquired from the cloud end can be ensured. And because the data acquired from the cloud is not influenced by the operation condition of the server, the data can be acquired in a non-invasive manner, and the network topology structure can be established by the flow of 0. In addition, the network topology established according to the access control list of the server can provide the communication condition between the servers for the user, and further discover the vacancy condition of the server.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:
fig. 1A is a flowchart illustrating an embodiment of a network topology establishment method according to an exemplary embodiment of the present invention;
FIG. 1B is a schematic diagram of a cloud architecture according to the embodiment of FIG. 1A;
FIG. 1C is a schematic diagram illustrating a topology establishment process according to the embodiment shown in FIG. 1A;
FIG. 2 is a diagram of a hardware configuration of an electronic device according to an exemplary embodiment of the present application;
fig. 3 is a flowchart illustrating an embodiment of a network topology establishment apparatus according to an exemplary embodiment of the present invention.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present invention. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
At present, aiming at the problems of resource waste and potential safety hazard caused by an idle server and a ghost server, the following three processing methods are provided:
the first is asset inventory: server assets are inventoried periodically to understand the distribution and usage of servers within a company. But the business part, the operation and maintenance department and the safety department of the whole company need to recommend together, which consumes manpower and material resources.
The second is operation and maintenance monitoring: and each newly deployed server is added into the operation and maintenance monitoring service in real time, so that the operation and maintenance assets can be mastered in real time. But this approach does not understand the relationships between the various servers.
Based on this, the invention provides a network topology establishing method, which includes obtaining sub-networks owned by the device from a cloud, determining server information included by each sub-network, then obtaining an access control list of each server in the sub-network from the cloud for each sub-network, and establishing a topology structure of the sub-network according to the obtained access control list and the server information included by the sub-network.
Based on the description, the cloud end can monitor the service condition of each server in real time, so that the accuracy and timeliness of the data acquired from the cloud end can be ensured. And because the data acquired from the cloud is not influenced by the operation condition of the server, the data can be acquired in a non-invasive manner, and the network topology structure can be established by the flow of 0. In addition, the network topology established according to the access control list of the server can provide the communication condition between the servers for the user, and further discover the vacancy condition of the server.
The network topology establishment method proposed by the present invention is explained in detail with specific embodiments below.
Fig. 1A is a flowchart illustrating an embodiment of a network topology establishing method according to an exemplary embodiment of the present invention, where the network topology establishing method may be applied to an electronic device, and the electronic device may be any terminal device with a network function.
As shown in fig. 1A, the network topology establishing method includes the following steps:
step 101: and acquiring the sub-networks owned by the equipment from the cloud, and determining the server information included by each sub-network.
In an embodiment, the electronic device may obtain the sub-network owned by the electronic device by calling an Application Programming Interface (API) provided by the cloud.
The sub-network owned by the device is a sub-network that the electronic device has authority to operate.
As shown in fig. 1B, the cloud may be an ari cloud, an Tencent cloud, or the like, and the operation and maintenance work of the server and the network may be simplified by using the cloud; the API is an interface tool, and through the API, a user can acquire resources created on the cloud and perform operations such as adding, deleting, modifying, searching and the like on the resources, so that through calling the API, a sub-network owned by the equipment can be acquired; can include a plurality of servers under every sub-network in the high in the clouds framework, these servers form an intranet, and under the default, can visit each other between each server in the intranet, that is to say, when not setting up the access control list, all ports of each server in the intranet are all open to other servers in the intranet, if a server is attacked and sinks, then all servers in the intranet greatly probably sink.
In an embodiment, in the process of determining the server information included in each sub-network, the server information owned by the device and the server identifier included in each sub-network may be obtained from the cloud, and for each sub-network, the server information corresponding to the server identifier included in the sub-network is queried from the server information as the server information included in the sub-network.
In order to obtain the detailed information of the server under each sub-network, the server identifier under the sub-network needs to be used for screening the corresponding server information from all the server information, so that the network topology established by the server information included in the sub-network is reused subsequently, and a user can know the detailed information of each server through the topology structure without further query.
For example, the electronic device may store the acquired server information in the relational database, so as to facilitate a subsequent quick search for the server information through a relational expression. In addition, the electronic device can also obtain the server identifier included in each sub-network by calling the API provided by the cloud and store the server identifier in the relational database.
The server information includes a server identifier and server detailed description information, where the server detailed description information may include information such as an intranet IP (Internet Protocol), an extranet IP, and a machine name of the server.
In one embodiment, after determining the server information included in each sub-network, a sub-network-based tree structure may be established for each sub-network and stored in a graphic database for easy viewing by a user.
Step 102: and aiming at each sub-network, acquiring an access control list of each server in the sub-network from the cloud, and establishing a topological structure of the sub-network according to the acquired access control list and the server information included in the sub-network.
As shown in fig. 1B, each server in the cloud architecture may be provided with an access control list, and the access control list may be used to control the network traffic of the cloud to enter and exit, and similar to a firewall, the connection status of the network ports of the cloud may be known through rules in the access control list, so that the access control list of each server in the sub-network may be obtained by calling an API provided by the cloud.
In an embodiment, since each sub-network belongs to an intranet and there is no connectivity between servers in different intranets, the electronic device may establish a network topology for each sub-network in a traversal manner.
In one embodiment, for the process of establishing the topology structure of the sub-network according to the obtained access control list and the server information included in the sub-network, an unrestricted connectivity relationship is established for any two servers in the sub-network, and then for the access control list of each server, other servers with rule restrictions of the server are queried according to the access control list, and the unrestricted connectivity relationship with other servers is modified.
The unrestricted connection relation means that mutual access is realized between two servers, and no restriction condition exists. If some servers are provided with access control lists, the communication relation between the servers and other servers with rule limitation of the servers needs to be modified according to the access control lists on the servers.
In an embodiment, for the process of modifying the unrestricted connectivity with other servers, the restricted connectivity with other servers may be determined according to the access control list, and the unrestricted connectivity with other servers may be modified by using the restricted connectivity.
Wherein, the connection relation with limitation means that the access to other servers or the access by other servers can be realized only in the mode specified by the access control list.
It should be noted that after the topology establishment of each sub-network is completed, the topology of each sub-network may be stored in a graph database for easy viewing by a user.
In an exemplary scenario, as shown in FIG. 1C, a sub-network includes three servers A, B, C, initially establishing an unrestricted connectivity relationship for any two servers, with an initial network topology as shown in (a); assuming that no access control list is set on the server a and the server C, an access control list is set on the server B, the rules in the access control list are that a can only access 22 ports of B, and B can only access 23 ports of a, the access control list can determine that other servers with rule limitation with the server B are server a, and both directions between the server B and the server B are both limited connectivity relations, it is necessary to delete the unlimited connectivity relation between the server a and the server B, and establish a limited connectivity relation, that is, a → B is a 22 port where a can only access B, and a ← B is a 23 port where B can only access a, and the modified network topology is shown in (B).
In the embodiment of the application, the sub-networks owned by the device are obtained from the cloud, the server information included in each sub-network is determined, then, for each sub-network, the access control list of each server in the sub-network is obtained from the cloud, and the topology structure of the sub-network is established according to the obtained access control list and the server information included in the sub-network.
Based on the description, the cloud end can monitor the service condition of each server in real time, so that the accuracy and timeliness of the data acquired from the cloud end can be ensured. And because the data acquired from the cloud is not influenced by the operation condition of the server, the data can be acquired in a non-invasive manner, and the network topology structure can be established by the flow of 0. In addition, the network topology established according to the access control list of the server can provide the communication condition between the servers for the user, and further discover the vacancy condition of the server.
Fig. 2 is a hardware block diagram of an electronic device according to an exemplary embodiment of the present application, where the electronic device includes: a communication interface 201, a processor 202, a machine-readable storage medium 203, and a bus 204; wherein the communication interface 201, the processor 202 and the machine-readable storage medium 203 communicate with each other via a bus 204. The processor 202 may execute the network topology establishment method described above by reading and executing machine executable instructions corresponding to the control logic of the network topology establishment method in the machine readable storage medium 203, and the specific content of the method is referred to the above embodiments, which will not be described herein again.
The machine-readable storage medium 203 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: volatile memory, non-volatile memory, or similar storage media. In particular, the machine-readable storage medium 203 may be a RAM (random Access Memory), a flash Memory, a storage drive (e.g., a hard drive), any type of storage disk (e.g., an optical disk, a DVD, etc.), or similar storage medium, or a combination thereof.
Fig. 3 is a flowchart illustrating an embodiment of a network topology establishing apparatus according to an exemplary embodiment of the present invention, where the network topology establishing apparatus may be applied to an electronic device, as shown in fig. 3, and the network topology establishing apparatus includes:
an obtaining module 310, configured to obtain, from a cloud, sub-networks owned by the device, and determine server information included in each sub-network;
the establishing module 320 is configured to, for each sub-network, obtain, from the cloud, an access control list of each server in the sub-network, and establish a topology structure of the sub-network according to the obtained access control list and server information included in the sub-network.
In an optional implementation manner, the obtaining module 310 is specifically configured to, in a process of determining server information included in each sub-network, obtain, from the cloud, server information owned by the device and a server identifier included in each sub-network, where the server information at least includes the server identifier; for each sub-network, the server information corresponding to the server identifier included in the sub-network is queried from the server information as the server information included in the sub-network.
In an optional implementation manner, the establishing module 320 is specifically configured to establish an unrestricted connectivity relationship for any two servers in the sub-network in a process of establishing a topology structure of the sub-network according to the obtained access control list and server information included in the sub-network; and aiming at the access control list of each server, inquiring other servers with rule limitation to the server according to the access control list, and modifying the unlimited connection relation between the other servers.
In an optional implementation manner, the establishing module 320 is specifically configured to determine, according to the access control list, a limited connectivity relationship with the other server in a process of modifying an unlimited connectivity relationship with the other server; and modifying the unlimited connectivity with the other servers by utilizing the limited connectivity.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention. One of ordinary skill in the art can understand and implement it without inventive effort.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (8)
1. A network topology establishment method is applied to an electronic device, and comprises the following steps:
acquiring sub-networks owned by the equipment from a cloud end, and determining server information included by each sub-network;
and aiming at each sub-network, acquiring an access control list of each server in the sub-network from the cloud, and establishing a topological structure of the sub-network according to the acquired access control list and the server information included in the sub-network.
2. The method of claim 1, wherein determining the server information included in each sub-network comprises:
acquiring server information owned by the equipment and server identifications included by each sub-network from the cloud, wherein the server information at least includes the server identifications;
for each sub-network, the server information corresponding to the server identifier included in the sub-network is queried from the server information as the server information included in the sub-network.
3. The method of claim 1, wherein the establishing the topology of the sub-network according to the obtained access control list and the server information included in the sub-network comprises:
establishing an unlimited connection relation for any two servers in the sub-network;
and aiming at the access control list of each server, inquiring other servers with rule limitation to the server according to the access control list, and modifying the unlimited connection relation between the other servers.
4. The method of claim 3, wherein modifying the unrestricted connectivity with the other servers comprises:
determining a limited communication relation with the other servers according to the access control list;
and modifying the unlimited connectivity with the other servers by utilizing the limited connectivity.
5. An apparatus for establishing network topology, the apparatus being applied to an electronic device, the apparatus comprising:
the acquisition module is used for acquiring the sub-networks owned by the equipment from the cloud and determining the server information included by each sub-network;
and the establishing module is used for acquiring the access control list of each server in the sub-network from the cloud terminal aiming at each sub-network, and establishing the topological structure of the sub-network according to the acquired access control list and the server information included by the sub-network.
6. The apparatus according to claim 5, wherein the obtaining module is specifically configured to, in the process of determining the server information included in each sub-network, obtain, from the cloud, the server information owned by the device and the server identifier included in each sub-network, where the server information at least includes the server identifier; for each sub-network, the server information corresponding to the server identifier included in the sub-network is queried from the server information as the server information included in the sub-network.
7. The apparatus according to claim 5, wherein the establishing module is configured to establish an unrestricted connectivity relationship for any two servers in the sub-network during the process of establishing the topology structure of the sub-network according to the obtained access control list and the server information included in the sub-network; and aiming at the access control list of each server, inquiring other servers with rule limitation to the server according to the access control list, and modifying the unlimited connection relation between the other servers.
8. The apparatus according to claim 7, wherein the establishing module is configured to determine the restricted connectivity with the other server according to the access control list in a process of modifying the unrestricted connectivity with the other server; and modifying the unlimited connectivity with the other servers by utilizing the limited connectivity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910882796.0A CN110611591B (en) | 2019-09-18 | 2019-09-18 | Network topology establishing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910882796.0A CN110611591B (en) | 2019-09-18 | 2019-09-18 | Network topology establishing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110611591A true CN110611591A (en) | 2019-12-24 |
| CN110611591B CN110611591B (en) | 2022-09-09 |
Family
ID=68892965
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910882796.0A Active CN110611591B (en) | 2019-09-18 | 2019-09-18 | Network topology establishing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110611591B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113904921A (en) * | 2021-10-21 | 2022-01-07 | 上海观安信息技术股份有限公司 | Dynamic network topological graph generating method, system, processing equipment and storage medium based on log and graph |
| CN114499985A (en) * | 2021-12-29 | 2022-05-13 | 奇安信科技集团股份有限公司 | Safety detection method and device based on endogenous safety mechanism |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101146044A (en) * | 2007-10-24 | 2008-03-19 | 杭州华三通信技术有限公司 | A method and device for constructing terminal topology |
| CN102014403A (en) * | 2009-09-07 | 2011-04-13 | 中兴通讯股份有限公司 | Method and system for transmitting network topology information |
| CN103051609A (en) * | 2012-12-07 | 2013-04-17 | 东软集团股份有限公司 | Gateway equipment and network access controlled visualized interaction method executed by same |
| CN105847300A (en) * | 2016-05-30 | 2016-08-10 | 北京琵琶行科技有限公司 | Method and device for visualizing topological structure of enterprise network boundary equipment |
| WO2017049439A1 (en) * | 2015-09-21 | 2017-03-30 | Splunk Inc. | Topology map displays of cloud computing resources |
| CN108390874A (en) * | 2018-02-12 | 2018-08-10 | 北京工业大学 | Access control model and access method based on certificate in network structure |
| CN108462587A (en) * | 2017-02-20 | 2018-08-28 | 中兴通讯股份有限公司 | A kind of network topology treating method and apparatus |
| CN108600198A (en) * | 2018-04-04 | 2018-09-28 | 北京百悟科技有限公司 | Access control method, device, computer storage media and the terminal of fire wall |
| US20180351791A1 (en) * | 2017-05-31 | 2018-12-06 | Cisco Technology, Inc. | Network policy analysis for networks |
| CN109005054A (en) * | 2018-07-13 | 2018-12-14 | 北京西普阳光教育科技股份有限公司 | Build and access method, server and the terminal of built network topology |
| CN109842520A (en) * | 2018-12-27 | 2019-06-04 | 华为技术服务有限公司 | The determination method, apparatus and system of network topology |
-
2019
- 2019-09-18 CN CN201910882796.0A patent/CN110611591B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101146044A (en) * | 2007-10-24 | 2008-03-19 | 杭州华三通信技术有限公司 | A method and device for constructing terminal topology |
| CN102014403A (en) * | 2009-09-07 | 2011-04-13 | 中兴通讯股份有限公司 | Method and system for transmitting network topology information |
| CN103051609A (en) * | 2012-12-07 | 2013-04-17 | 东软集团股份有限公司 | Gateway equipment and network access controlled visualized interaction method executed by same |
| WO2017049439A1 (en) * | 2015-09-21 | 2017-03-30 | Splunk Inc. | Topology map displays of cloud computing resources |
| CN105847300A (en) * | 2016-05-30 | 2016-08-10 | 北京琵琶行科技有限公司 | Method and device for visualizing topological structure of enterprise network boundary equipment |
| CN108462587A (en) * | 2017-02-20 | 2018-08-28 | 中兴通讯股份有限公司 | A kind of network topology treating method and apparatus |
| US20180351791A1 (en) * | 2017-05-31 | 2018-12-06 | Cisco Technology, Inc. | Network policy analysis for networks |
| CN108390874A (en) * | 2018-02-12 | 2018-08-10 | 北京工业大学 | Access control model and access method based on certificate in network structure |
| CN108600198A (en) * | 2018-04-04 | 2018-09-28 | 北京百悟科技有限公司 | Access control method, device, computer storage media and the terminal of fire wall |
| CN109005054A (en) * | 2018-07-13 | 2018-12-14 | 北京西普阳光教育科技股份有限公司 | Build and access method, server and the terminal of built network topology |
| CN109842520A (en) * | 2018-12-27 | 2019-06-04 | 华为技术服务有限公司 | The determination method, apparatus and system of network topology |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113904921A (en) * | 2021-10-21 | 2022-01-07 | 上海观安信息技术股份有限公司 | Dynamic network topological graph generating method, system, processing equipment and storage medium based on log and graph |
| CN113904921B (en) * | 2021-10-21 | 2024-04-30 | 上海观安信息技术股份有限公司 | Dynamic network topology graph generation method, system, processing equipment and storage medium based on log and graph |
| CN114499985A (en) * | 2021-12-29 | 2022-05-13 | 奇安信科技集团股份有限公司 | Safety detection method and device based on endogenous safety mechanism |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110611591B (en) | 2022-09-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10445069B2 (en) | System and method for generating an application structure for an application in a computerized organization | |
| CN108134764B (en) | Distributed data sharing and exchanging method and system | |
| EP3841730B1 (en) | Identifying device types based on behavior attributes | |
| CN105684391A (en) | Automated generation of label-based access control rules | |
| CN107710196A (en) | A kind of method and system for managing resource object | |
| US10680973B2 (en) | Systems and methods for intelligent application grouping | |
| CN110611591B (en) | Network topology establishing method and device | |
| EP1916596A1 (en) | Improvements in or relating computer network management | |
| CN106528066B (en) | Business process operation method and device | |
| CN106095511A (en) | A kind of server updating method and apparatus | |
| CN103414756B (en) | A kind of task distribution method, distribution node and system | |
| CN110995489B (en) | Large data platform server management method, device, server and storage medium | |
| CN107395645B (en) | For fire wall system and method and be stored with the medium of corresponding program | |
| CN108574957B (en) | Intelligent routing inspection server, routing inspection system and method for evolved packet core network equipment | |
| CN114860806A (en) | Data query method and device of block chain, computer equipment and storage medium | |
| CN115604103A (en) | Configuration method and device of cloud computing system, storage medium and electronic equipment | |
| CN110868340B (en) | Testing method and device, reconfigurable tester and controller | |
| JP5278533B2 (en) | Access control device, information management device, and access control method | |
| US11550050B2 (en) | Radar visualization of cloud native environments | |
| CN113590907A (en) | Camera management method and device, electronic equipment and storage medium | |
| CN106789315B (en) | System configuration method and device | |
| CN112631996A (en) | Log searching method and device | |
| CN105978881B (en) | The querying method and system for the firewall that ip is passed through address | |
| CN106941413B (en) | Service management method and device | |
| KR20150112127A (en) | Local resource sharing method of machine to machine component and apparatus thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |