CN110677469B - Security disaster recovery system and disaster recovery implementation method - Google Patents
Security disaster recovery system and disaster recovery implementation method Download PDFInfo
- Publication number
- CN110677469B CN110677469B CN201910901317.5A CN201910901317A CN110677469B CN 110677469 B CN110677469 B CN 110677469B CN 201910901317 A CN201910901317 A CN 201910901317A CN 110677469 B CN110677469 B CN 110677469B
- Authority
- CN
- China
- Prior art keywords
- disaster recovery
- resource
- security
- mirror image
- recovery system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1464—Management of the backup or restore process for networked environments
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0663—Performing the actions predefined by failover planning, e.g. switching to standby network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
Abstract
The invention discloses a security disaster recovery system, which comprises: the cloud storage is configured to store data in a cloud end; the mirror image system is configured to create a mirror image according to the requirements of a user; the disaster recovery module is configured to combine the mirror image configuration basic resource to generate a disaster recovery resource template; the resource package is configured to generate and store resources corresponding to the disaster backup resource template according to the disaster backup resource template; the switching module is configured to execute disaster recovery switching operation to switch to the security disaster recovery system when necessary; also discloses a corresponding disaster recovery implementation method; under the condition that a disaster occurs in the production center, the disaster backup center can be quickly started to take over the service system through disaster backup switching.
Description
Technical Field
The invention relates to the technical field of security cloud, in particular to a security disaster recovery system and an implementation method thereof.
Background
Market trading scale of the securities industry is rapidly increased, and the rapid development of business requires a highly reliable and available technical system to be adapted to the market trading scale. Securities companies often employ component level backups of the core system to improve the reliability and availability of the system operation. However, in recent two years, a plurality of security companies interrupt transactions for half an hour or even 1 hour due to system failure, so that a large amount of customer disputes and economic compensation with higher quota are directly generated, and the market reputation of enterprises is badly influenced. If the security company encounters large-scale disasters such as fire, power failure, flood, earthquake and the like, and the infrastructure, the IT system, the business data and key personnel are destroyed under the condition of no security disaster recovery system, the security company lacks an effective means to ensure the continuous operation of company business, client resources are rapidly lost, and enterprises face operational crisis.
Thus, the importance of the security disaster preparation system to the security company is self evident. However, in the majority of current security disaster recovery system construction schemes, a security company is required to invest a large amount of hardware cost and human resources, the finally received benefits cannot reach expectations, security disaster recovery system resources are generally idle and wasted, meanwhile, the security disaster recovery system has insufficient maintenance attention, finally, when switching is needed, the initially established RTO and RPO requirements cannot be realized at all, and the security disaster recovery system construction is greatly discounted. Therefore, how to construct a security disaster recovery system with low cost, high efficiency, excellent maintainability and expandability is an urgent need for security companies.
Disclosure of Invention
In view of the existing defects, the invention provides a security disaster recovery system and an implementation method thereof, which can rapidly start a disaster recovery center to take over a business system through disaster recovery switching under the condition that a disaster occurs in a production center.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
a security disaster recovery system, comprising:
the cloud storage is configured to store data at a cloud end;
the mirror image system is configured to create a mirror image according to the requirements of a user;
the disaster recovery module is configured to combine the mirror image configuration basic resource to generate a disaster recovery resource template;
the resource package is configured to generate and store resources corresponding to the disaster backup resource template according to the disaster backup resource template;
and the switching module is configured to execute disaster recovery switching operation to switch to the security disaster recovery system when necessary.
According to an aspect of the present invention, the disaster recovery module further includes a data disk snapshot for data recovery or replication of a disk, and the cloud storage includes a plurality of SSD disks.
According to one aspect of the invention, the images include a public image and a custom image, wherein the custom image is obtained by:
a user creates a self-defined mirror image according to an ECS example;
selecting a mirror image shared by other users;
and importing the image file of the offline environment into the cluster of the ECS to generate a custom image.
In accordance with an aspect of the invention, the disaster recovery module further comprises an IP configuration of the ECS.
In accordance with one aspect of the invention, the security disaster recovery system is configured to: under daily conditions, the security disaster recovery system runs in a small fire, namely an initial resource state, and checks whether the function of the business system is normal.
According to one aspect of the invention, the resource package is configured such that no add-drop operations are possible for resources within the resource package.
In accordance with one aspect of the invention, the resource package is configured to perform a production operation, producing resources of the resource package.
According to one aspect of the invention, the security disaster recovery system automatically executes disaster recovery switching operation or manually executes disaster recovery switching operation by technicians in the case of a production center failure or disaster recovery drilling is required.
According to one aspect of the invention, the security disaster recovery backup system can execute resource expansion operation during disaster recovery switching operation.
The method for realizing the disaster recovery of the security disaster recovery backup system comprises the following steps:
creating a disaster recovery template;
submitting a template order;
generating a resource package after the audit is passed;
performing disaster recovery and backup switching operation to switch to a security disaster recovery and backup system if necessary;
resource pack production resources of the security disaster recovery system.
According to one aspect of the invention, the security disaster recovery system disaster recovery implementation method comprises the following steps: and executing resource capacity expansion operation.
The implementation of the invention has the advantages that: the invention discloses a security disaster recovery system, which comprises: the cloud storage is configured to store data at a cloud end; the mirror image system is configured to create a mirror image according to the requirements of a user; the disaster recovery module is configured to combine the mirror image configuration basic resource to generate a disaster recovery resource template; the resource package is configured to generate and store resources corresponding to the disaster backup resource template according to the disaster backup resource template; the switching module is configured to execute disaster recovery switching operation to switch to the security disaster recovery system when necessary; a user creates a disaster recovery resource template, and selects whether to select a user-defined mirror image when creating an ECS according to the self requirement, whether to create a data disc according to a snapshot, whether to select an SSD disc, and whether to define a virtual machine IP address; the resource application process can be referred to when other resources are created; after all resources are created, clicking is completed, and the disaster recovery resource template is successfully created; the user only needs to use the template to submit the order, and after the order is approved by a customer manager, a resource package is formed at the user side; each resource packet is provided with a 'production' button, the resources of the resource packet are produced immediately after clicking, and meanwhile, the resource charging is started; aiming at the partial resources, the whole resources are provided with one-key starting, stopping, restarting and releasing functions; the management operation of a single resource is consistent with the current virtual area resource; under daily conditions, the security disaster recovery system operates in a small fire (initial resource) state, and the main purpose is to check whether the operation of the service system is normal; if a production center fails or disaster recovery drilling is needed, under the leadership authorization of the securities company, technicians of the securities company can independently execute disaster recovery switching operation or automatically execute the disaster recovery switching operation; in consideration of the fact that the resource condition of the small fire state cannot meet the access of a large number of users of a similar production system, the resource expansion operation can be executed by another technical team while the disaster recovery switching operation is performed.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic diagram of a security disaster recovery system according to a first embodiment of the present invention;
FIG. 2 is a schematic view of a security disaster recovery system according to a second embodiment of the present invention;
FIG. 3 is a flow chart of the security disaster recovery system according to the present invention;
FIG. 4 is a flowchart illustrating the capacity expansion operation according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
Example one
As shown in fig. 1 and 2, a security disaster recovery system includes:
the cloud storage 1 is configured to store data in a cloud end;
the cloud storage comprises a plurality of disks which can be selectively configured by a user; in practical application, the cloud storage adopts the SSD disk, and compared with a common high-cloud disk, the SSD disk has stronger IO performance and is beneficial to improving the read-write performance of a database.
The mirror image system 2 is configured to create a mirror image according to the requirements of users;
the mirror image system comprises creation of mirror images, and specifically comprises:
the image is a template of an ECS instance runtime environment, and the template includes specific operating system information and sometimes additionally some pre-installed applications.
The image file is equivalent to a replica file, which contains all data in one or more disks, and for the cloud server ECS, the disks may be a single system disk or a combination of a system disk and a data disk. You can create a new ECS instance using the mirror or replace the system disk of the ECS instance. In this embodiment, a system image may be provided, the authorization for which is at the discretion of the customer.
The embodiment provides flexible and various mirror image types, and facilitates the client to obtain mirror image resources. One is a public mirror provided by the cloud platform; the other type is a user-defined mirror image which can be created according to the existing physical machine server, virtual machine or cloud host of a client, and the mirror image has high flexibility and can meet the personalized requirements of the client.
The customized mirror image can be implemented in the following modes:
a custom image is created from an existing ECS instance.
Select other users to share the image to you.
The image file of the offline environment can be imported into the cluster of the ECS to generate a custom image.
The disaster recovery module 3 is configured to generate a disaster recovery resource template by combining the mirror image configuration basic resource;
the basic resources comprise mirror images, cloud disks and the like; the method can also comprise the following steps: the disk snapshot is a data copy of a certain disk at a certain time point and is used for data recovery or replication of the disk; the IP of the ECS is created either as an automatically assigned IP address or as a manually configured IP address.
The disaster generation backup resource template specifically may include:
1. creating a self-defined mirror image and a disk snapshot;
in the preparation period, a client creates ECS resources and performs information configuration and software installation in the ECS according to the requirement of the client. And then creating a custom mirror image according to the ECS example.
And creating the data disk snapshot according to the self requirement.
2. Creating a disaster recovery resource template;
a user creates a disaster recovery resource template, and selects whether to select a user-defined mirror image when creating an ECS according to the self requirement, whether to create a data disc according to a snapshot, whether to select an SSD disc, and whether to self-define a virtual machine IP address; the resource application process may be consulted when creating other resources. And after all resources are created, clicking is completed, and the disaster recovery resource template is successfully created.
In practical application, a user can create a plurality of disaster recovery resource templates, and the disaster recovery resource templates can be created from the beginning or can be copied and slightly modified. The user can add or delete resources in the template.
The resource package 4 is configured to generate and store resources corresponding to the disaster backup resource template according to the disaster backup resource template;
the generation of the resource packet is performed by the following method:
and the user can submit the order by using the disaster recovery resource template, and a resource package is formed at the user side after the order is approved by a customer manager.
In practical application, when a resource package is clicked, the details of the resources contained in the package can be checked, but the resources cannot be subjected to the operation of increasing, deleting and modifying.
In practical application, each resource packet is provided with a 'production' button, resources of the resource packet are produced immediately after clicking, and meanwhile, resource charging is started. Aiming at the partial resources, the whole resources are provided with one-key starting, stopping, restarting and releasing functions; the management operation of the single resource is consistent with the current virtual area resource.
And the switching module 5 is configured to execute disaster recovery switching operation to switch to the security disaster recovery system when necessary.
Under daily conditions, the security disaster recovery system operates in a small-fire (initial resource) state, and the main purpose is to check whether the operation of the business system is normal.
If a production center fails or disaster recovery drilling is needed, under the leadership authorization of the securities company, technicians of the securities company can independently execute disaster recovery switching operation.
Taking a constant UF2.0 system as an example, when a switching operation needs to be triggered, a technician can change the online transaction, the access configuration of the mobile terminal site, and the access configuration of the business hall to the AR by a technical means (an automated script or other schemes), and point the configurations to the JAR of the disaster recovery center, so as to ensure that a user can quickly re-access the business system.
As shown in fig. 3, the security disaster recovery system of this embodiment works as follows:
A) starting;
B) creating a disaster recovery template;
C) completing template creation by applying/adding/deleting resources;
D) submitting a template order;
E) the client manager approves;
if the examination and approval pass, executing F, and if the examination and approval do not pass, returning to execute C;
F) generating a resource package;
G) producing resources;
if the resources cannot be produced, returning to execute C, and if the resources cannot be produced, executing H;
H) disaster recovery drilling or disaster recovery execution;
I) and (6) ending.
The security disaster recovery system of this embodiment includes: the cloud storage is configured to store data at a cloud end; the mirror image system is configured to create a mirror image according to the requirements of a user; the disaster recovery module is configured to combine the mirror image configuration basic resource to generate a disaster recovery resource template; the resource package is configured to generate and store resources corresponding to the disaster backup resource template according to the disaster backup resource template; the switching module is configured to execute disaster recovery switching operation to switch to the security disaster recovery system when necessary; a user creates a disaster recovery resource template, and selects whether to select a self-defined mirror image when creating an ECS according to the self requirement, whether to create a data disc according to a snapshot, whether to select an SSD disc, and whether to self-define a virtual machine IP address; the resource application process can be referred to when other resources are created; after all resources are created, clicking is completed, and the disaster recovery resource template is successfully created; the user only needs to use the template to submit the order, and after the order is approved by a customer manager, a resource package is formed at the user side; each resource packet is provided with a 'production' button, the resources of the resource packet are produced immediately after clicking, and simultaneously, the resource charging is started; aiming at the partial resources, the whole resources are provided with one-key starting, stopping, restarting and releasing functions; the management operation of a single resource is consistent with the current virtual area resource; under daily conditions, the security disaster recovery system operates in a small fire (initial resource) state, and the main purpose is to check whether the operation of the service system is normal; if a production center fault occurs or disaster recovery drilling is needed, under the leadership authorization of the stock company, technicians of the stock company can independently execute disaster recovery switching operation or automatically execute the disaster recovery switching operation; in consideration of the situation that resources in a small fire state cannot meet the access of a large number of users of a similar production system, resource capacity expansion operation can be executed by another technical team while disaster recovery switching operation is performed.
Example two
As shown in fig. 2, 3 and 4, a security disaster preparation system includes:
the cloud storage 1 is configured to store data in a cloud end;
the cloud storage comprises a plurality of disks which can be selectively configured by a user; in practical application, the cloud storage adopts the SSD disk, and compared with a common high-cloud disk, the SSD disk has stronger IO performance and is beneficial to improving the read-write performance of the database.
The mirror image system 2 is configured to create a mirror image according to the requirements of users;
the mirror image system comprises creation of mirror images, and specifically comprises:
the image is a template of an ECS instance runtime environment, and the template includes specific operating system information and sometimes additionally some pre-installed applications.
The image file is equivalent to a replica file, which contains all data in one or more disks, and for the cloud server ECS, the disks may be a single system disk or a combination of a system disk and a data disk. You can create a new ECS instance using the mirror or replace the system disk of the ECS instance. In this embodiment, a system image may be provided, with authorization for the system image being resolved at the discretion of the customer.
The embodiment provides flexible and various mirror image types, and facilitates the client to obtain mirror image resources. One is a public mirror provided by the cloud platform; the other type is a user-defined mirror image which can be created according to the existing physical machine server, virtual machine or cloud host of a client, and the mirror image has high flexibility and can meet the personalized requirements of the client.
The customized mirror image can be implemented in the following modes:
a custom image is created from an existing ECS instance.
Select other users to share the image to you.
The image file of the offline environment can be imported into the cluster of the ECS to generate a custom image.
The disaster recovery module 3 is configured to combine the mirror image configuration basic resource to generate a disaster recovery resource template;
the basic resources comprise mirror images, cloud disks and the like; the method can also comprise the following steps: disk snapshot, which refers to data copy of a certain disk at a certain time point and is used for data recovery or replication of the disk; the IP of the ECS is created either as an automatically assigned IP address or as a manually configured IP address.
The disaster recovery resource generation template specifically may include:
1. creating a self-defined mirror image and a disk snapshot;
in the preparation period, a client creates ECS resources and performs information configuration and software installation in the ECS according to the requirements of the client. And creating a custom image according to the ECS example.
And creating the data disk snapshot according to the self requirement.
2. Creating a disaster recovery resource template;
a user creates a disaster recovery resource template, and selects whether to select a self-defined mirror image when creating an ECS according to the self requirement, whether to create a data disc according to a snapshot, whether to select an SSD disc, and whether to self-define an IP address of a virtual machine; the resource application process may be consulted when creating other resources. And after all resources are created, clicking is completed, and the disaster recovery resource template is successfully created.
In practical application, a user can create a plurality of disaster recovery resource templates, and the disaster recovery resource templates can be created from the beginning or can be copied and slightly modified. The user can add or delete resources in the template.
The resource package 4 is configured to generate and store resources corresponding to the disaster backup resource template according to the disaster backup resource template;
the generation of the resource packet is performed by the following method:
and the user can submit the order by using the disaster recovery resource template, and a resource package is formed at the user side after the order is approved by a customer manager.
In practical application, when a resource package is clicked, the details of the resources contained in the package can be checked, but the resources cannot be subjected to the operation of adding, deleting and modifying.
In practical application, each resource packet is provided with a 'production' button, resources of the resource packet are produced immediately after clicking, and meanwhile, resource charging is started. Aiming at the partial resources, the whole resources are provided with one-key starting, stopping, restarting and releasing functions; the management operation of the single resource is consistent with the current virtual area resource.
And the switching module 5 is configured to execute disaster recovery switching operation to switch to the security disaster recovery system when necessary.
Under daily conditions, the security disaster recovery system operates in a small fire (initial resource) state, and the main purpose is to check whether the operation of the service system is normal.
If a production center fails or disaster recovery drilling is needed, under the leadership authorization of the stock company, the stock company technicians can independently execute disaster recovery switching operation.
Taking a constant UF2.0 system as an example, when a switching operation needs to be triggered, a technician can change the online transaction, the access configuration of the mobile terminal site, and the access configuration of the business hall to the AR by a technical means (an automated script or other schemes), and point the configurations to the JAR of the disaster recovery center, so as to ensure that a user can quickly re-access the business system.
As shown in fig. 3, the working process of non-resource capacity expansion of the security disaster recovery system according to this embodiment is as follows:
A) starting;
B) creating a disaster recovery template;
C) completing template creation by applying/adding/deleting resources;
D) submitting a template order;
E) the client manager approves;
if the examination and approval pass, executing F, and if the examination and approval do not pass, returning to execute C;
F) generating a resource package;
G) producing resources;
if the resources cannot be produced, returning to execute C, and if the resources cannot be produced, executing H;
H) disaster recovery drilling or disaster recovery execution;
I) and (6) ending.
Meanwhile, in consideration of the situation that resources in a small fire state cannot meet the access of a large number of users of a similar production system, the resource capacity expansion operation can be executed by another technical team while the disaster recovery switching operation is carried out.
And the capacity expansion module 6 is configured to execute resource capacity expansion operation.
The resource capacity expansion operation comprises the following steps:
1. under the condition that a disaster occurs in the production center, the disaster recovery center can be quickly started to take over the service system through disaster recovery and backup switching; meanwhile, an AS (application server) middleware and an LS (local server) middleware image reserved at the initial stage of disaster recovery backup construction planning are quickly pulled up in an online capacity expansion mode, and after the AS and LS middleware images are approved by a certification cloud client manager, the middleware automatically starts service and registers to a corresponding atomic group, so that the requirement of quick expansion of service capacity is finally met, and the capacity expansion operation does not influence the state operation of the original disaster recovery backup small fire.
2. After the production center recovers the function, the newly-added cloud host can be closed and recovered to be the mirror image service, and the disaster recovery center becomes a low-cost standby center again.
3. Fast capacity expansion strategy (take a constant UF2.0 system as an example):
4. the system with the middleware deployed can be packaged into a mirror image of the ECS, the mirror image is stored in a mirror image library, when disaster recovery services need to be started, the ECS mirror image can be quickly pulled up and added into a service middleware cluster, and the computing power of the whole system is quickly improved.
5. In the expansion process, the original service is not influenced, and the capacity expansion and the upgrade are truly and smoothly carried out.
6. Taking XX security users AS an example, in a small-fire (initial scale) state, the number of AS (atomic AS middleware) is 9, the number of LS (logical AS middleware) is 11, BAR is 2, and JAR is 2, which can meet the basic business function requirements.
7. When disaster recovery switching is triggered, according to a specified capacity expansion scheme, the number of AS is expanded to 18, the number of LS is expanded to 16, BAR is 3, and JAR is 6, so that the maximum service performance requirement is met.
As shown in fig. 4, the resource expansion has the following specific operation example steps:
a1: starting;
a2: cloud host resource preparation (18 AS, 16 ls, 2 databases in this plan);
a3: testing the service function;
a4: closing part of the middleware server, packaging the middleware server into a mirror image for reservation, and keeping the nrs.xml configuration file on the LS unchanged;
if the version upgrading is found to be needed, executing steps B1-B4;
b1: upgrading an AS/LS version;
b2: pulling up the closed intermediate server from the mirror image, and keeping the IP address unchanged;
b3: upgrading the AS/LS middleware version to keep consistent with the production center;
b4: starting AS/LS middleware service, and then switching to A3;
a5: configuring a monitoring script, and filtering an AS middleware log which is not operated in an nrs.xml file and not displaying the AS middleware log;
a6: the monitoring page stops the monitoring service of the closed AS middleware;
a7: the security disaster recovery system keeps initial planning configuration, namely 11 LS, 9 AS and 2 database servers at this time, and keeps the running state;
a8: checking whether the service of the business system normally runs;
the preparation stage is carried out;
if yes, starting formal capacity expansion, and executing A9;
a9: starting expansion;
a10: recovering an AS middleware cloud host from the mirror image, and designating an IP address AS an original reserved middleware address (important);
a11: auditing the upper certificate technology;
a12: newly starting the AS middleware, automatically registering to a corresponding AS atomic group according to the nrs.xml file on the LS, and actively allocating a request to a new AS by the LS;
a13: waiting for 1 minute, completely opening the AS, and connecting to a database;
a14: deactivating the monitoring log filtering script;
a15: the monitoring page starts monitoring service of the closed AS middleware;
a16: checking whether the service flow is distributed to the newly added AS middleware or not;
if yes, go to step A17, otherwise go to C1;
c1: checking middleware and configuration;
a17: recovering an LS middleware cloud host from the mirror image, and designating an IP address as an original reserved middleware address (important);
a18: the LS cloud host automatically registers in the corresponding function atomic group according to the same function;
the above implementation process further includes the steps of:
d1: the monitoring page checks whether the services are all normally operated; if not, go to step C1; if yes, executing D2;
d2: and verifying the service function.
The security disaster recovery system of this embodiment includes: the cloud storage is configured to store data at a cloud end; the mirror image system is configured to create a mirror image according to the requirements of a user; the disaster recovery module is configured to combine the mirror image configuration basic resource to generate a disaster recovery resource template; the resource package is configured to generate and store resources corresponding to the disaster backup resource template according to the disaster backup resource template; the switching module is configured to execute disaster recovery switching operation to switch to the security disaster recovery system when necessary; a user creates a disaster recovery resource template, and selects whether to select a self-defined mirror image when creating an ECS according to the self requirement, whether to create a data disc according to a snapshot, whether to select an SSD disc, and whether to self-define a virtual machine IP address; the resource application process can be referred to when other resources are created; after all resources are created, clicking is completed, and the disaster recovery resource template is successfully created; a user only needs to use a template to submit an order, and a resource package is formed at a user side after the order is approved by a customer manager; each resource packet is provided with a 'production' button, the resources of the resource packet are produced immediately after clicking, and meanwhile, the resource charging is started; aiming at the partial resources, the whole resources are provided with one-key starting, stopping, restarting and releasing functions; the management operation of a single resource is consistent with the current virtual area resource; under daily conditions, the security disaster recovery system operates in a small fire (initial resource) state, and the main purpose is to check whether the operation of the service system is normal; if a production center fault occurs or disaster recovery drilling is needed, under the leadership authorization of the stock company, technicians of the stock company can independently execute disaster recovery switching operation or automatically execute the disaster recovery switching operation; in consideration of the situation that resources in a small fire state cannot meet the access of a large number of users of a similar production system, resource capacity expansion operation can be executed by another technical team while disaster recovery switching operation is performed. Under the condition that a disaster occurs in the production center, the disaster recovery center can be quickly started to take over the service system through disaster recovery and backup switching; meanwhile, an AS and LS middleware mirror image reserved at the initial stage of disaster recovery backup construction planning is quickly pulled up in an online capacity expansion mode, after approval by a certified cloud client manager, the middleware automatically starts service and registers to a corresponding atomic group, the requirement of quick expansion of service capacity is finally realized, and the operation of the capacity expansion operation does not influence the operation of the original disaster recovery backup small fire state; after the production center recovers the function, the newly-added cloud host can be closed and recovered to be the mirror service, and the disaster recovery center becomes a low-cost standby center again; the system with the middleware deployed is packaged into a mirror image of the ECS, the mirror image is stored in a mirror image library, when disaster recovery services need to be started, the ECS mirror image can be quickly pulled up and added into a service middleware cluster, and the computing power of the whole system is quickly improved; in the expansion process, the original service is not influenced, and the smooth expansion and the upgrade are really realized; the basic service function requirements can be met; when disaster recovery switching is triggered, capacity expansion is carried out according to a specified capacity expansion scheme, so that the maximum service performance requirement is met.
EXAMPLE III
As shown in fig. 3, a method for implementing disaster recovery based on the security disaster recovery system includes the following steps:
step S1: creating a disaster recovery template;
step S2: submitting a template order;
step S3: generating a resource package after the audit is passed;
step S4: performing disaster recovery and backup switching operation to switch to a security disaster recovery and backup system if necessary;
step S5: resource package production resource of the security disaster recovery system.
Step S6: and executing resource capacity expansion operation.
The specific implementation process can be as follows:
A) starting;
B) creating a disaster recovery template;
C) applying for/adding new resources/deleting resources to complete template creation;
D) submitting a template order;
E) the client manager approves;
if the examination and approval pass, executing F, and if the examination and approval do not pass, returning to execute C;
F) generating a resource package;
G) producing resources;
if the resources cannot be produced, returning to execute C, and if the resources cannot be produced, executing H;
H) disaster recovery drilling or disaster recovery execution;
I) and (6) ending.
Meanwhile, in consideration of the situation that resources in a small fire state cannot meet the access of a large number of users of a similar production system, the resource capacity expansion operation can be executed by another technical team while the disaster recovery switching operation is carried out.
The resource capacity expansion operation comprises:
a1: starting;
a2: cloud host resource preparation (18 AS, 16 ls and 2 databases in the current plan);
a3: testing a service function;
a4: closing part of the middleware server, packaging the middleware server into a mirror image for reservation, and keeping the nrs.xml configuration file on the LS unchanged;
if the version upgrading is found to be needed, executing steps B1-B4;
b1: upgrading an AS/LS version;
b2: pulling up the closed intermediate server from the mirror image, and keeping the IP address unchanged;
b3: upgrading the AS/LS middleware version to be consistent with the production center;
b4: starting the AS/LS middleware service, and then switching to A3;
a5: configuring a monitoring script, and filtering an AS middleware log which is not operated in an nrs.xml file and not displaying the AS middleware log;
a6: the monitoring page stops the monitoring service of the closed AS middleware;
a7: the security disaster recovery system keeps initial planning configuration, which is 11 LS, 9 AS and 2 database servers at this time, and keeps running state;
a8: checking whether the service of the business system normally runs;
the preparation stage is carried out;
if yes, starting formal capacity expansion, and executing A9;
a9: starting expansion;
a10: recovering an AS middleware cloud host from the mirror image, and designating an IP address AS an original reserved middleware address (important);
a11: auditing the upper certificate technology;
a12: newly starting the AS middleware, automatically registering to a corresponding AS atomic group according to the nrs.xml file on the LS, and actively allocating a request to a new AS by the LS;
a13: waiting for 1 minute, completely opening the AS, and connecting to a database;
a14: deactivating the monitoring log filtering script;
a15: the monitoring page starts monitoring service of the closed AS middleware;
a16: checking whether the service flow is distributed to the newly added AS middleware or not;
if yes, go to step A17, otherwise go to C1;
c1: checking middleware and configuration;
a17: recovering an LS middleware cloud host from the mirror image, and designating an IP address as an original reserved middleware address (important);
a18: the LS cloud host automatically registers in the corresponding function atomic group according to the same function;
the above implementation process further includes the steps of:
d1: the monitoring page checks whether the services all run normally or not; if not, go to step C1; if yes, executing D2;
d2: and verifying the service function.
1. Under the condition that a disaster occurs in the production center, the disaster recovery center can be quickly started to take over the service system through disaster recovery and backup switching; meanwhile, an AS (application server) middleware and an LS (local server) middleware image reserved at the initial stage of disaster recovery backup construction planning are quickly pulled up in an online capacity expansion mode, and after the AS and LS middleware images are approved by a certification cloud client manager, the middleware automatically starts service and registers to a corresponding atomic group, so that the requirement of quick expansion of service capacity is finally met, and the capacity expansion operation does not influence the state operation of the original disaster recovery backup small fire.
2. After the production center recovers the function, the newly-added cloud host can be closed and recovered to be the mirror service, and the disaster recovery center becomes a low-cost backup center again.
3. Fast capacity expansion strategy (taking a constant UF2.0 system as an example):
4. the system with the middleware deployed can be packaged into a mirror image of the ECS, the mirror image is stored in a mirror image library, when disaster recovery services need to be started, the ECS mirror image can be quickly pulled up and added into a service middleware cluster, and the computing power of the whole system is quickly improved.
5. In the expansion process, the original service is not influenced, and the smooth expansion and the upgrade are really realized.
6. Taking XX stock users AS an example, in a small-fire (initial scale) state, the number of AS (atomic AS middleware) is 9, the number of LS (logical AS middleware) is 11, the number of BAR is 2, and the number of JAR is 2, so that basic service function requirements can be met.
7. When disaster recovery switching is triggered, according to a specified expansion scheme, the number of AS is expanded to 18, the number of LS is expanded to 16, BAR is 3, and JAR is 6, so that the maximum service performance requirement is met.
In the embodiment, when a disaster occurs in the production center, the disaster recovery center can be quickly started to take over the service system through disaster recovery switching; meanwhile, an AS and LS middleware mirror image reserved in the early stage of disaster recovery backup construction planning is quickly pulled up in an online capacity expansion mode, after the mirror image is approved by a certification cloud client manager, the middleware automatically starts service and registers to a corresponding atomic group, the requirement of quick expansion of service capacity is finally met, and the capacity expansion operation does not influence the state operation of the original disaster recovery backup small fire; after the production center recovers the function, the newly-added cloud host can be closed and recovered to be the mirror image service, and the disaster recovery center becomes a low-cost standby center again; the system with the middleware deployed is packaged into a mirror image of the ECS, the mirror image is stored in a mirror image library, when disaster recovery services need to be started, the ECS mirror image can be quickly pulled up and added into a service middleware cluster, and the computing power of the whole system is quickly improved; in the expansion process, the original service is not influenced, and the smooth expansion and upgrading are really realized; the basic service function requirements can be met; when disaster recovery switching is triggered, capacity expansion is carried out according to a specified capacity expansion scheme, so that the maximum service performance requirement is met.
The implementation of the invention has the advantages that: the invention discloses a security disaster recovery system, which comprises: the cloud storage is configured to store data at a cloud end; the mirror image system is configured to create a mirror image according to the requirements of a user; the disaster recovery module is configured to combine the mirror image configuration basic resource to generate a disaster recovery resource template; the resource package is configured to generate and store resources corresponding to the disaster backup resource template according to the disaster backup resource template; the switching module is configured to execute disaster recovery switching operation to switch to the security disaster recovery system when necessary; a user creates a disaster recovery resource template, and selects whether to select a self-defined mirror image when creating an ECS according to the self requirement, whether to create a data disc according to a snapshot, whether to select an SSD disc, and whether to self-define a virtual machine IP address; the resource application process can be referred to when other resources are created; after all resources are created, clicking is completed, and the disaster recovery resource template is successfully created; the user only needs to use the template to submit the order, and after the order is approved by a customer manager, a resource package is formed at the user side; each resource packet is provided with a 'production' button, the resources of the resource packet are produced immediately after clicking, and meanwhile, the resource charging is started; aiming at the partial resources, the whole resources are provided with one-key starting, stopping, restarting and releasing functions; the management operation of a single resource is consistent with the current virtual area resource; under daily conditions, the security disaster recovery system operates in a small fire (initial resource) state, and the main purpose is to check whether the operation of the service system is normal; if a production center fails or disaster recovery drilling is needed, under the leadership authorization of the securities company, technicians of the securities company can independently execute disaster recovery switching operation or automatically execute the disaster recovery switching operation; in consideration of the situation that resources in a small fire state cannot meet the access of a large number of users of a similar production system, resource capacity expansion operation can be executed by another technical team while disaster recovery switching operation is performed. Under the condition that a disaster occurs in the production center, the disaster recovery center can be quickly started to take over the service system through disaster recovery and backup switching; meanwhile, an AS and LS middleware mirror image reserved in the early stage of disaster recovery backup construction planning is quickly pulled up in an online capacity expansion mode, after the mirror image is approved by a certification cloud client manager, the middleware automatically starts service and registers to a corresponding atomic group, the requirement of quick expansion of service capacity is finally met, and the capacity expansion operation does not influence the state operation of the original disaster recovery backup small fire; after the production center recovers the function, the newly-added cloud host can be closed and recovered to be the mirror service, and the disaster recovery center becomes a low-cost standby center again; the system with the deployed middleware is packaged into an ECS mirror image, the ECS mirror image is stored in a mirror image library, and when disaster recovery backup services need to be started, the ECS mirror image can be quickly pulled up and added into a service middleware cluster, so that the computing power of the whole system is quickly improved; in the expansion process, the original service is not influenced, and the smooth expansion and upgrading are really realized; the basic service function requirements can be met; when disaster recovery switching is triggered, capacity expansion is carried out according to a specified capacity expansion scheme, so that the maximum service performance requirement is met.
The above description is only an embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention disclosed herein are intended to be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A security disaster recovery system, comprising:
the cloud storage is configured to store data at a cloud end;
the mirror image system is configured to create a mirror image according to the requirements of a user;
the disaster recovery module is configured to combine the mirror image configuration basic resource to generate a disaster recovery resource template;
the resource package is configured to generate and store resources corresponding to the disaster backup resource template according to the disaster backup resource template; the resource package is configured to be capable of performing production operations to produce resources of the resource package;
and the switching module is configured to execute disaster recovery switching operation to switch to the security disaster recovery system when necessary.
2. The security disaster recovery system of claim 1, wherein the disaster recovery module further comprises a data disk snapshot for data recovery or replication of a disk, and the cloud storage comprises a plurality of SSD disks.
3. The security disaster recovery system of claim 1 wherein said images comprise a public image and a custom image, wherein the custom image is obtained by:
a user creates a self-defined mirror image according to an ECS example;
selecting a mirror image shared by other users;
and importing the image file of the offline environment into the cluster of the ECS to generate a self-defined image.
4. The security disaster recovery system as in claim 1, wherein said disaster recovery module further comprises an IP configuration of an ECS.
5. The security disaster recovery system of claim 1, wherein the security disaster recovery system is configured to: under daily conditions, the security disaster recovery system runs in an initial resource state of a small fire, and whether the function of the business system is normal or not is checked.
6. The security disaster recovery system as recited in claim 1 wherein the resource package is configured such that no add/delete operations are possible for resources within the resource package.
7. The security disaster recovery system according to claim 1, wherein the security disaster recovery system automatically performs disaster recovery switching operations or manually performs disaster recovery switching operations by technicians in case of a production center failure or a need for disaster recovery drilling.
8. The security disaster recovery system according to claim 7, wherein the security disaster recovery system is capable of performing resource expansion operation during disaster recovery switching operation.
9. The method for realizing the security disaster recovery system disaster recovery as set forth in any one of claims 1 to 8, wherein the method for realizing the security disaster recovery system disaster recovery comprises the following steps:
creating a disaster recovery template;
submitting a template order;
generating a resource package after the audit is passed;
performing disaster recovery and backup switching operation to switch to a security disaster recovery and backup system if necessary;
resource package production resource of the security disaster recovery system.
10. The method for implementing security disaster recovery and backup system according to claim 9, wherein the method for implementing security disaster recovery and backup system comprises: and executing resource capacity expansion operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910901317.5A CN110677469B (en) | 2019-09-23 | 2019-09-23 | Security disaster recovery system and disaster recovery implementation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910901317.5A CN110677469B (en) | 2019-09-23 | 2019-09-23 | Security disaster recovery system and disaster recovery implementation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110677469A CN110677469A (en) | 2020-01-10 |
| CN110677469B true CN110677469B (en) | 2022-07-15 |
Family
ID=69078564
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910901317.5A Active CN110677469B (en) | 2019-09-23 | 2019-09-23 | Security disaster recovery system and disaster recovery implementation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110677469B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114697198A (en) * | 2022-04-18 | 2022-07-01 | 北京嗨学网教育科技股份有限公司 | Cloud disaster backup server implementation method, cloud disaster backup server starting method and cloud disaster backup server starting device |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102012789A (en) * | 2009-09-07 | 2011-04-13 | 云端容灾有限公司 | Centralized management type backup and disaster recovery system |
| EP2575045A1 (en) * | 2011-09-30 | 2013-04-03 | Accenture Global Services Limited | Distributed computing backup and recovery system |
| CN103281208A (en) * | 2013-03-27 | 2013-09-04 | 山东省计算中心 | Data disaster backup service and integrated monitoring system |
| CN103838646A (en) * | 2014-02-13 | 2014-06-04 | 中国科学院国家天文台 | System and method for big data remote disaster recovery backup of ground application |
| CN104239164A (en) * | 2013-06-19 | 2014-12-24 | 国家电网公司 | Cloud storage based disaster recovery backup switching system |
| CN106445746A (en) * | 2016-10-12 | 2017-02-22 | 北京智网科技股份有限公司 | Method and device for disaster recovery backup facing emergency replacement |
| CN106776121A (en) * | 2016-11-23 | 2017-05-31 | 中国工商银行股份有限公司 | A kind of data calamity is for device, system and method |
| CN108964986A (en) * | 2018-06-15 | 2018-12-07 | 国网上海市电力公司 | Cooperative office system application layer dual-active disaster recovery and backup systems |
| CN109491832A (en) * | 2018-09-26 | 2019-03-19 | 华为技术有限公司 | Data disaster tolerance method and website |
| CN109947591A (en) * | 2017-12-20 | 2019-06-28 | 腾讯科技(深圳)有限公司 | Database strange land disaster recovery and backup systems and its dispositions method, deployment device |
-
2019
- 2019-09-23 CN CN201910901317.5A patent/CN110677469B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102012789A (en) * | 2009-09-07 | 2011-04-13 | 云端容灾有限公司 | Centralized management type backup and disaster recovery system |
| EP2575045A1 (en) * | 2011-09-30 | 2013-04-03 | Accenture Global Services Limited | Distributed computing backup and recovery system |
| CN103281208A (en) * | 2013-03-27 | 2013-09-04 | 山东省计算中心 | Data disaster backup service and integrated monitoring system |
| CN104239164A (en) * | 2013-06-19 | 2014-12-24 | 国家电网公司 | Cloud storage based disaster recovery backup switching system |
| CN103838646A (en) * | 2014-02-13 | 2014-06-04 | 中国科学院国家天文台 | System and method for big data remote disaster recovery backup of ground application |
| CN106445746A (en) * | 2016-10-12 | 2017-02-22 | 北京智网科技股份有限公司 | Method and device for disaster recovery backup facing emergency replacement |
| CN106776121A (en) * | 2016-11-23 | 2017-05-31 | 中国工商银行股份有限公司 | A kind of data calamity is for device, system and method |
| CN109947591A (en) * | 2017-12-20 | 2019-06-28 | 腾讯科技(深圳)有限公司 | Database strange land disaster recovery and backup systems and its dispositions method, deployment device |
| CN108964986A (en) * | 2018-06-15 | 2018-12-07 | 国网上海市电力公司 | Cooperative office system application layer dual-active disaster recovery and backup systems |
| CN109491832A (en) * | 2018-09-26 | 2019-03-19 | 华为技术有限公司 | Data disaster tolerance method and website |
Non-Patent Citations (1)
| Title |
|---|
| "证券业信息系统备份能力建设应用研究";王淼;《中国优秀硕士学位论文全文数据库 信息科技辑》;20130430;第1-8、25-30页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110677469A (en) | 2020-01-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109901949B (en) | Application disaster recovery system and method for double-activity data center | |
| US10169173B2 (en) | Preserving management services with distributed metadata through the disaster recovery life cycle | |
| Hamilton | On Designing and Deploying Internet-Scale Services. | |
| US7020697B1 (en) | Architectures for netcentric computing systems | |
| US20210311858A1 (en) | System and method for providing a test manager for use with a mainframe rehosting platform | |
| US8560887B2 (en) | Adding scalability and fault tolerance to generic finite state machine frameworks for use in automated incident management of cloud computing infrastructures | |
| US9558459B2 (en) | Dynamic selection of actions in an information technology environment | |
| US8234633B2 (en) | Incident simulation support environment and business objects associated with the incident | |
| CN100461130C (en) | Method for testing a software application | |
| Nguyen et al. | Availability modeling and analysis of a data center for disaster tolerance | |
| CN106850260A (en) | A kind of dispositions method and device of virtual resources management platform | |
| US20090171730A1 (en) | Non-disruptively changing scope of computer business applications based on detected changes in topology | |
| US10956203B2 (en) | Quality assurance for a context driven hybrid transaction processing system | |
| CN112486466B (en) | Method for realizing quick universal basic framework based on micro-service architecture | |
| CN110063042A (en) | A kind of response method and its terminal of database failure | |
| Weikum | Towards guaranteed quality and dependability of information services | |
| CN110677469B (en) | Security disaster recovery system and disaster recovery implementation method | |
| US20090138101A1 (en) | Method, System and Computer Program Product for Improving Information Technology Service Resiliency | |
| Nugraha et al. | Official document management for government service in Indonesia using smart contract | |
| CN111737130B (en) | Public cloud multi-tenant authentication service testing method, device, equipment and storage medium | |
| CN112463248B (en) | Method for mounting and dismounting cloud hard disk based on OpenStack cloud platform | |
| CN114036560A (en) | Charging pile subsidy data management method based on block chain | |
| Somasekaram | A component-based business continuity and disaster recovery framework | |
| Adeshiyan et al. | Using virtualization for high availability and disaster recovery | |
| US9645851B1 (en) | Automated application protection and reuse using an affinity module |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |