CN113612813A - Distributed cross-network access method, device, system and storage medium - Google Patents
Distributed cross-network access method, device, system and storage medium Download PDFInfo
- Publication number
- CN113612813A CN113612813A CN202110698006.0A CN202110698006A CN113612813A CN 113612813 A CN113612813 A CN 113612813A CN 202110698006 A CN202110698006 A CN 202110698006A CN 113612813 A CN113612813 A CN 113612813A
- Authority
- CN
- China
- Prior art keywords
- network
- management
- user side
- node
- control unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000012546 transfer Methods 0.000 claims abstract description 30
- 238000012544 monitoring process Methods 0.000 claims abstract description 13
- 230000008569 process Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012423 maintenance Methods 0.000 claims description 8
- 238000012217 deletion Methods 0.000 claims description 5
- 230000037430 deletion Effects 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 2
- 230000035515 penetration Effects 0.000 abstract description 5
- 238000007726 management method Methods 0.000 description 85
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 1
- 230000000739 chaotic effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000007429 general method Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000005129 volume perturbation calorimetry Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Abstract
The invention provides a distributed cross-network access method, a device, a system and a storage medium, which are used for establishing a network connection relationship between a management side and a user side and comprise the following steps: presetting a network management control unit; establishing a management side network transfer node at the management side based on the network management control unit, monitoring a network channel and forwarding network traffic of the management side; establishing a user side network channel node at the user side based on the network management control unit; and realizing the network connection between the management side and the user side based on the management side network transfer node and the user side network channel node. Through the technical scheme, the user side can be actively connected to the management side, but the management side cannot be actively connected with the user side. The invention realizes safe and flexible intranet penetration access on the premise of ensuring the network security. The distributed proxy gateway applicable to the invention can enable the management platform to easily manage various systems and resources in different client intranets and collect the monitored data.
Description
Technical Field
The present invention relates to network communication technologies, and in particular, to a method, an apparatus, a system, and a storage medium for distributed cross-network access.
Background
In the field of automation operation and maintenance, a typical scenario exists, many managed machines are distributed in an isolated network and need to be managed uniformly, and the problem is more prominent when a management platform runs in a software and service as (SaaS) mode based on internet. To solve this problem, we need to open the connectivity of the network where the management platform is located and other isolated networks by some network penetration techniques, and ensure that the security is not reduced. In the prior art, no effective scheme is available for efficient cross-network access on the premise of ensuring no potential safety hazard.
Disclosure of Invention
Embodiments of the present invention provide a distributed cross-network access method, apparatus, system, and storage medium, which can implement secure and flexible intranet penetration access on the premise of ensuring network security. The distributed proxy gateway applicable to the invention can enable the management platform to easily manage various systems and resources in different client intranets and collect the monitored data.
In a first aspect of the embodiments of the present invention, a distributed cross-network access method is provided, where the method is used to establish a network connection relationship between a management side and a user side, and includes:
presetting a network management control unit;
establishing a management side network transfer node at the management side based on the network management control unit, monitoring a network channel and forwarding network traffic of the management side;
establishing a user side network channel node at the user side based on the network management control unit;
and realizing the network connection between the management side and the user side based on the management side network transfer node and the user side network channel node.
Optionally, in a possible implementation manner of the first aspect, the network management control unit is configured to control any one or more of addition, configuration, deletion, maintenance, connection quantity statistics, and dynamic addition of an agent map of a transit node in the management-side network.
Optionally, in a possible implementation manner of the first aspect, the network management control unit is configured to control any one or more of registration, deletion, and maintenance of the user-side network path node.
Optionally, in a possible implementation manner of the first aspect, the number of user-side network channel nodes connected to a transfer node in any current management-side network is determined;
if the number of the transfer nodes in the management side network is larger than a preset value, establishing a new transfer node in the management side network;
and the network traffic of the plurality of user side network channel nodes is evenly distributed to each management side network transfer node.
Optionally, in a possible implementation manner of the first aspect, the data transmitted by the network channel is monitored and the network traffic on the management side is forwarded based on the management-side network transit node.
Optionally, in a possible implementation manner of the first aspect, the access request is sent to the user-side network tunnel node based on the management-side network transit node;
and the user side processes the access request and forwards the access request to a corresponding intranet host.
In a second aspect of the embodiments of the present invention, a distributed cross-network access apparatus is provided, including:
the setting module is used for presetting a network management control unit;
the management side establishing module is used for establishing a management side network transfer node on the management side based on the network management control unit, monitoring a network channel and forwarding network traffic of the management side;
a user side establishing module, configured to establish a user side network channel node on the user side based on the network management control unit;
and the network establishing module is used for realizing the establishment of network connection between the management side and the user side based on the management side network transit node and the user side network channel node.
In a third aspect of the embodiments of the present invention, a distributed inter-network system is provided, including:
a management platform;
the network management control unit is connected with the management platform;
the request management unit is used for acting the request of the management end at the management platform to the user end;
and the request receiving unit is used for being connected with the request management unit and receiving the request of the management end at the management platform.
Optionally, in a possible implementation manner of the third aspect, the request management unit and the request receiving unit are in long connection.
A fourth aspect of the embodiments of the present invention provides a readable storage medium, in which a computer program is stored, and the computer program is used for implementing the method according to the first aspect of the present invention and various possible designs of the first aspect of the present invention when the computer program is executed by a processor.
Drawings
FIG. 1 is a flow chart of a first embodiment of a distributed cross-network access method;
FIG. 2 is a diagram illustrating a network connection relationship between a management side and a user side;
FIG. 3 is a block diagram of a first embodiment of a distributed cross-network access device;
fig. 4 is a block diagram of a first embodiment of a distributed cross-network access system.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the internal logic of the processes, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
It should be understood that in the present application, "comprising" and "having" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that, in the present invention, "a plurality" means two or more. "and/or" is merely an association describing an associated object, meaning that three relationships may exist, for example, and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "comprises A, B and C" and "comprises A, B, C" means that all three of A, B, C comprise, "comprises A, B or C" means that one of A, B, C comprises, "comprises A, B and/or C" means that any 1 or any 2 or 3 of A, B, C comprises.
It should be understood that in the present invention, "B corresponding to a", "a corresponds to B", or "B corresponds to a" means that B is associated with a, and B can be determined from a. Determining B from a does not mean determining B from a alone, but may also be determined from a and/or other information. And the matching of A and B means that the similarity of A and B is greater than or equal to a preset threshold value.
As used herein, "if" may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context.
The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
The following words are explained
Proxy: the agent module can be realized by computer program programming;
proxy Controller: the network agent control module can be realized by computer program programming;
proxy Listener: the network agent monitor comprises a network tunnel monitoring module and a flow transfer module and can be realized by computer program programming;
management platform: a management platform;
proxy Agent: a proxy server;
VMs: the virtual host may be a computer or other device.
Among the existing distributed cross-network access methods, there are several general methods, including
Physical special line connection method
The physical private line is a private connection of the user local data center with the operator physical network of the access point. The physical private line is a physical private line in which a plurality of users share port resources. This type of physical leased line allows a user to create multiple virtual interfaces to access multiple VPCs of the user.
SD-WAN connection method
Software-defined wide area networks (SD-WANs) are one solution to manage enterprise network connectivity and circuit costs in a programmable, automated way. It extends Software Defined Networking (SDN) to an application that enterprises can use to quickly create an intelligent hybrid WAN. The SD-WAN consists of an enterprise-level IP VPN, a broadband Internet and wireless services, and can economically and efficiently manage application programs, particularly application programs in the cloud. Traffic is automatically dynamically forwarded over the most appropriate active WAN path, depending on network conditions, security and quality of service (QoS) requirements of the application traffic, and circuit cost. A routing policy may be set.
VPN connection method
Virtual Private Network (Virtual Private Network). VPN is defined as a temporary, secure connection established through a public internet, which is a secure, stable tunnel through a chaotic public network, with which data can be encrypted several times for the purpose of secure use of the internet, and in the widely used business offices, virtual private networks can also be extensions to the intranet of the enterprise, which can help remote users, corporate branches, business partners and suppliers to establish trusted secure connections with the intranet of the company for cost effective connection to the business partners and the secure extranet virtual private networks of the users, so many office families also need to establish VPN connections in their own computers, facilitating teleworking, etc.
In the above physical private line connection method, SD-WAN connection method, and VPN connection method, the physical private line and SD-WAN technologies are expensive to use and are not suitable for one-to-many network access scenarios. The installation, deployment and configuration process is cumbersome. In a SaaS multi-tenant scenario, this may also result in network connectivity of multiple tenants, resulting in a potential network isolation hazard.
The VPN server is deployed in the isolated network, and the VPN client can access the internal resources of the isolated network after passing the authentication. However, when a plurality of isolated networks exist, each isolated network needs to install and deploy a VPN server, and the routing configurations are different, and the clients also need to install an equal number of VPN clients for each VPN server, and this configuration mode is difficult to avoid the problem of network routing conflicts, and resource nodes in the desired network cannot be accessed.
Therefore, the distributed cross-network access method provided by the invention can solve part of problems in a physical private line connection method, an SD-WAN connection method and a VPN connection method, so that the built access network can carry out flexible intranet penetration access on the premise of ensuring the safety.
The invention provides a distributed cross-network access method, as shown in a flow chart of fig. 1, which is used for establishing a network connection relationship between a management side and a user side, as shown in a schematic diagram of a network connection relationship of fig. 2, and comprises the following steps:
step S110, a network management control unit is preset. The network control unit can be a Proxy Controller, and can provide unified network Proxy management and control through the Proxy Controller, and provide a standard API interface for the outside.
Step S120, based on the network management control unit, establishing a management-side network transit node on the management side, monitoring a network channel, and forwarding a network traffic on the management side. The management-side network transit node may be a Proxy Listener node. The Proxy Controller has the functions of managing addition, configuration, deletion, maintenance (state monitoring), connection quantity statistics, dynamic addition of Proxy mapping and the like of Proxy Listener nodes.
Step S130, establishing a user side network channel node on the user side based on the network management control unit. The user side network path node may be a Proxy node. The Proxy Controller can manage the registration, deletion and maintenance of the Proxy nodes, and can select one Proxy Listener node for the Proxy to establish long connection according to a certain strategy in the Proxy registration stage.
Step S140, based on the management side network transfer node and the user side network channel node, the network connection between the management side and the user side is realized.
The transit node and/or Proxy Listener node in the management-side network established in step S120 are used to maintain the network tunnel between the management platform and the isolated network, and record the relevant information.
In one embodiment, further comprising:
judging the number of user side network channel nodes connected with the transfer node in any current management side network;
if the number of the transfer nodes in the management side network is larger than a preset value, establishing a new transfer node in the management side network;
and the network traffic of the plurality of user side network channel nodes is evenly distributed to each management side network transfer node.
Through the steps, the connection condition of the network channel nodes at the user side can be monitored, the network flow at the management side can be forwarded, and the conditions that the number of the connection between the transfer node and the network channel node at the user side in the network at the management side is too large, so that the transfer node is overloaded and cannot work normally are avoided. At this time, a management side network transfer node is established again to connect and distribute a plurality of user side network channel nodes.
That is, the Proxy Listener can be used to Proxy a request of the management side to a Proxy node of the user side. It is stateless and can be increased in number to increase load capacity. Meanwhile, the Proxy Listener can be distributed to different regions (regions closer to the user) to reduce the network delay between the Proxy node and the Proxy Listener.
In one embodiment, an access request is sent to a user-side network channel node based on the management-side network transit node;
and the user side processes the access request and forwards the access request to a corresponding intranet host, wherein the intranet host can be an intranet personal computer, a physical or virtual server and other systems for providing network services.
And collecting the monitoring data of a plurality of hosts in the intranet and reporting the monitoring data to a management side.
The Proxy is used for establishing network connection between the management side and the user side, and comprises the following functions:
the Proxy Agent sends a registration request to the Proxy Controller, the Proxy Controller allocates a corresponding Proxy Listener, at the moment, the Proxy Agent establishes a long connection with the Proxy Listener, the Proxy Listener can send an access request to an internal network host object to the Proxy Agent through the long connection, and then the Proxy Agent forwards the access request to different internal network hosts. The management side can manage and control various cloud resource objects in the intranet, and the management control comprises cloud platform API interface calling, operation and maintenance script issuing to the cloud host, remote desktop opening of the cloud host and the like. And after the Proxy Agent is disconnected with the Proxy Listener and attempts to reconnect for a plurality of times of failures, the Proxy Agent sends a registration request to the Proxy Controller again and acquires a new available Proxy Listener, thereby ensuring the stable availability of the Proxy service.
The technical scheme provided by the invention comprises the following functions and/or advantages:
1) collecting monitoring data;
2) remote cloud host operation and maintenance tasks;
3) connecting a cloud platform;
4) a remote desktop;
the Proxy end does not need to provide an external access port, and the data security of the user end can be ensured. The communication data between the nodes are encrypted (based on SSL certificate encryption).
The client accesses the Proxy Listener through the access trust of the Proxy Controller, and the client has the access key to access. The technical scheme provided by the application realizes safe and flexible intranet penetration access on the premise of ensuring network safety.
An embodiment of the present invention further provides a distributed cross-network access apparatus, as shown in fig. 3, including:
the setting module is used for presetting a network management control unit;
the management side establishing module is used for establishing a management side network transfer node on the management side based on the network management control unit, monitoring a network channel and forwarding network traffic of the management side;
a user side establishing module, configured to establish a user side network channel node on the user side based on the network management control unit;
and the network establishing module is used for realizing the establishment of network connection between the management side and the user side based on the management side network transit node and the user side network channel node.
An embodiment of the present invention further provides a distributed cross-network system, as shown in fig. 4, including:
a management platform;
the network management control unit can be a Proxy Controller and is connected with the management platform;
the request management unit can be a Proxy Listener and is used for acting the request of the management end at the management platform to the user end;
and the request receiving unit can be a Proxy Agent and is used for being connected with the request management unit and receiving the request of the management end at the management platform, and the request management unit is in long connection with the request receiving unit. The intranet host is connected with the request receiving unit and used for receiving a request to perform data interaction, wherein the intranet host can be a VMs.
According to the technical scheme provided by the invention, the management platform can use the proxy network management to connect and isolate resources in the network, wherein the resources can be software resources such as Vmware, OpenStack, Kubernetes, MySQL, Jenkins and the like, and can also be a physical machine or a virtual machine and the like, and the invention is not limited at all.
And the management platform can manage and isolate resources in the network by means of the agent network manager, realize remote control on the resources and record a control process. For example, software can be installed on a physical machine or a virtual machine, a table can be built and a modification field can be established on a database (such as MySQL), and nodes can also be added to kubernets.
In addition, the management platform can monitor and isolate resources in the network by means of the agent network manager, collect control data and provide icon display and alarm.
The readable storage medium may be a computer storage medium or a communication medium. Communication media includes any medium that facilitates transfer of a computer program from one place to another. Computer storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, a readable storage medium is coupled to the processor such that the processor can read information from, and write information to, the readable storage medium. Of course, the readable storage medium may also be an integral part of the processor. The processor and the readable storage medium may reside in an Application Specific Integrated Circuits (ASIC). Additionally, the ASIC may reside in user equipment. Of course, the processor and the readable storage medium may also reside as discrete components in a communication device. The readable storage medium may be a read-only memory (ROM), a random-access memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The present invention also provides a program product comprising execution instructions stored in a readable storage medium. The at least one processor of the device may read the execution instructions from the readable storage medium, and the execution of the execution instructions by the at least one processor causes the device to implement the methods provided by the various embodiments described above.
In the above embodiments of the terminal or the server, it should be understood that the Processor may be a Central Processing Unit (CPU), other general-purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A distributed cross-network access method for establishing a network connection relationship between a management side and a user side, comprising:
presetting a network management control unit;
establishing a management side network transfer node at the management side based on the network management control unit, monitoring a network channel and forwarding network traffic of the management side;
establishing a user side network channel node at the user side based on the network management control unit;
and realizing the network connection between the management side and the user side based on the management side network transfer node and the user side network channel node.
2. The distributed cross-network access method of claim 1,
the network management control unit is used for controlling any one or more of adding, configuring, deleting, maintaining, connecting quantity counting and dynamically adding proxy mapping of the transfer node in the management side network.
3. The distributed cross-network access method of claim 1,
the network management control unit is used for controlling any one or more of registration, deletion and maintenance of the user side network channel node.
4. The distributed cross-network access method of claim 1, further comprising:
judging the number of user side network channel nodes connected with the transfer node in any current management side network;
if the number of the transfer nodes in the management side network is larger than a preset value, establishing a new transfer node in the management side network;
and the network traffic of the plurality of user side network channel nodes is evenly distributed to each management side network transfer node.
5. The distributed cross-network access method of claim 1, further comprising:
and monitoring data transmitted by the network channel and forwarding the network traffic of the management side based on the management side network transfer node.
6. The distributed cross-network access method of claim 1, further comprising:
sending an access request to a user side network channel node based on the management side network transfer node;
and the user side processes the access request and forwards the access request to a corresponding intranet host.
7. A distributed cross-network access apparatus, comprising:
the setting module is used for presetting a network management control unit;
the management side establishing module is used for establishing a management side network transfer node on the management side based on the network management control unit, monitoring a network channel and forwarding network traffic of the management side;
a user side establishing module, configured to establish a user side network channel node on the user side based on the network management control unit;
and the network establishing module is used for realizing the establishment of network connection between the management side and the user side based on the management side network transit node and the user side network channel node.
8. A distributed cross-network system, comprising:
a management platform;
the network management control unit is connected with the management platform;
the request management unit is used for acting the request of the management end at the management platform to the user end;
and the request receiving unit is used for being connected with the request management unit and receiving the request of the management end at the management platform.
9. The distributed cross-network system of claim 8,
the request management unit is in long connection with the request receiving unit.
10. A readable storage medium, in which a computer program is stored which, when being executed by a processor, is adapted to carry out the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110698006.0A CN113612813A (en) | 2021-06-23 | 2021-06-23 | Distributed cross-network access method, device, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110698006.0A CN113612813A (en) | 2021-06-23 | 2021-06-23 | Distributed cross-network access method, device, system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113612813A true CN113612813A (en) | 2021-11-05 |
Family
ID=78303646
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110698006.0A Pending CN113612813A (en) | 2021-06-23 | 2021-06-23 | Distributed cross-network access method, device, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113612813A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101098271A (en) * | 2006-06-29 | 2008-01-02 | 腾讯科技(深圳)有限公司 | Expandable P2P flow media system |
| US20120023190A1 (en) * | 2010-07-26 | 2012-01-26 | Ari Backholm | Mobile network traffic coordination across multiple applications |
| CN105187416A (en) * | 2015-08-24 | 2015-12-23 | 国网北京市电力公司 | Safety protection method, device and system applied to charging system |
| US20160261564A1 (en) * | 2014-06-20 | 2016-09-08 | Zscaler, Inc. | Cloud-based virtual private access systems and methods |
| CN106790758A (en) * | 2016-12-29 | 2017-05-31 | 杭州迪普科技股份有限公司 | A kind of method and device of the network object of access NAT network internals |
| US20170302535A1 (en) * | 2013-02-26 | 2017-10-19 | Zentera Systems, Inc. | Secure cloud fabric to connect subnets in different network domains |
| US20180077245A1 (en) * | 2016-09-13 | 2018-03-15 | American Megatrends, Inc. | System and method for providing multiple ipmi serial over lan (sol) sessions in management controller stack |
| CN107948122A (en) * | 2016-10-12 | 2018-04-20 | 成都鼎桥通信技术有限公司 | Isolating device traversing method and device |
| CN110351233A (en) * | 2018-04-08 | 2019-10-18 | 蓝盾信息安全技术有限公司 | A kind of two-way transparent transmission technology based on safety isolation network gate |
| CN111064742A (en) * | 2019-12-28 | 2020-04-24 | 杭州安恒信息技术股份有限公司 | Method, device and related equipment for realizing intranet access based on network agent |
-
2021
- 2021-06-23 CN CN202110698006.0A patent/CN113612813A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101098271A (en) * | 2006-06-29 | 2008-01-02 | 腾讯科技(深圳)有限公司 | Expandable P2P flow media system |
| US20120023190A1 (en) * | 2010-07-26 | 2012-01-26 | Ari Backholm | Mobile network traffic coordination across multiple applications |
| US20170302535A1 (en) * | 2013-02-26 | 2017-10-19 | Zentera Systems, Inc. | Secure cloud fabric to connect subnets in different network domains |
| US20160261564A1 (en) * | 2014-06-20 | 2016-09-08 | Zscaler, Inc. | Cloud-based virtual private access systems and methods |
| CN105187416A (en) * | 2015-08-24 | 2015-12-23 | 国网北京市电力公司 | Safety protection method, device and system applied to charging system |
| US20180077245A1 (en) * | 2016-09-13 | 2018-03-15 | American Megatrends, Inc. | System and method for providing multiple ipmi serial over lan (sol) sessions in management controller stack |
| CN107948122A (en) * | 2016-10-12 | 2018-04-20 | 成都鼎桥通信技术有限公司 | Isolating device traversing method and device |
| CN106790758A (en) * | 2016-12-29 | 2017-05-31 | 杭州迪普科技股份有限公司 | A kind of method and device of the network object of access NAT network internals |
| CN110351233A (en) * | 2018-04-08 | 2019-10-18 | 蓝盾信息安全技术有限公司 | A kind of two-way transparent transmission technology based on safety isolation network gate |
| CN111064742A (en) * | 2019-12-28 | 2020-04-24 | 杭州安恒信息技术股份有限公司 | Method, device and related equipment for realizing intranet access based on network agent |
Non-Patent Citations (1)
| Title |
|---|
| 周剑岚等: "基于智能体的综合内网安全系统研究", 微计算机信息 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10742607B2 (en) | Application-aware firewall policy enforcement by data center controller | |
| EP3337097B1 (en) | Network element upgrading method and device | |
| EP3152865B1 (en) | Provisioning and managing slices of a consumer premises equipment device | |
| US9967346B2 (en) | Passing data over virtual links | |
| US10778465B1 (en) | Scalable cloud switch for integration of on premises networking infrastructure with networking services in the cloud | |
| WO2020125320A1 (en) | Vdc-based route configuration method and apparatus, and device and readable storage medium | |
| US11805011B2 (en) | Bulk discovery of devices behind a network address translation device | |
| US8266303B2 (en) | Managing network connections | |
| CN113472729A (en) | Role-based access control policy automatic generation | |
| CN111371664B (en) | Virtual private network access method and equipment | |
| WO2018103665A1 (en) | L2tp-based device management method, apparatus and system | |
| US20190297057A1 (en) | Dynamic firewall configuration and control for accessing services hosted in virtual networks | |
| CN111756565A (en) | Managing satellite devices within a branch network | |
| WO2017143695A1 (en) | Sub-network intercommunication method and device | |
| US8817664B2 (en) | Network edge switch configuration based on connection profile | |
| WO2024016593A1 (en) | Edge node access method and apparatus | |
| US20220141080A1 (en) | Availability-enhancing gateways for network traffic in virtualized computing environments | |
| CN112671811B (en) | Network access method and equipment | |
| CN113612813A (en) | Distributed cross-network access method, device, system and storage medium | |
| CN113055427B (en) | Service-based server cluster access method and device | |
| US11784874B2 (en) | Bulk discovery of devices behind a network address translation device | |
| US11258720B2 (en) | Flow-based isolation in a service network implemented over a software-defined network | |
| US11258653B1 (en) | Monitoring gateway systems and methods for openflow type networks | |
| CN114095357A (en) | Business system | |
| WO2024092046A1 (en) | Exchange engine for secure access service edge (sase) provider roaming |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |