CN113965332B - Enterprise cloud loading method, equipment, system and storage medium - Google Patents
Enterprise cloud loading method, equipment, system and storage medium Download PDFInfo
- Publication number
- CN113965332B CN113965332B CN202010605476.3A CN202010605476A CN113965332B CN 113965332 B CN113965332 B CN 113965332B CN 202010605476 A CN202010605476 A CN 202010605476A CN 113965332 B CN113965332 B CN 113965332B
- Authority
- CN
- China
- Prior art keywords
- cloud
- enterprise
- server
- intranet
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Abstract
The application provides an enterprise cloud loading method, equipment, a system and a storage medium, wherein a cloud loading request sent by an intranet server in an enterprise intranet is obtained on the basis of cloud network slicing, then a target relay network cloud slice is determined from a plurality of to-be-selected relay network cloud slices of an operator private network according to the cloud loading request, and finally communication connection between the intranet server and the cloud server is established by utilizing the target relay network cloud slice. The cloud server is directly integrated with the enterprise intranet without a cloud private line or a public network, the problems that the safety is low due to the fact that the existing enterprise cloud service needs to be connected with the public network or the use cost is high due to the fact that the cloud private line needs to be added are solved, the technical effects that the existing intranet in an enterprise and the existing special transmission network of an operator are reused, the enterprise cloud can be achieved only by adding a cloud server connection node, safety and efficiency are achieved, cost is low, and operation is simple and convenient are achieved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to an enterprise cloud computing method, device, system, and storage medium.
Background
With the continuous development of information technology, the amount of information to be processed by a computer is increasing, especially, enterprises need to process a large amount of business data information, even perform large data analysis, but the processing capacity of servers inside the enterprises is limited, and in order to improve the processing capacity, a large amount of cost is required to add and maintain the manuscript performance computer. In order to solve the problem, the computer cloud service has been rapidly developed in recent years, and the resource sharing and the efficient utilization can be realized by using a high-performance mainframe computer as a cloud server.
Currently, enterprises are generally connected with cloud servers through public networks such as the internet, or connect with cloud servers by individually opening exclusive cloud private lines.
However, the existing cloud service networking manner causes the following problems: 1) The public network possibly suffers from attack of a hacker on the public network, so that confidential data of enterprises are revealed, namely, cloud security is poor; 2) The cloud private line is opened, longer laying time of basic equipment is needed, the laying cost is higher, high private line use and maintenance cost is paid each year, and the use rate of the general cloud private line is lower, so that resource waste is caused.
Disclosure of Invention
Based on the above problems, the application provides an enterprise cloud loading method, equipment, a system and a storage medium, so as to solve the problems that in the prior art, communication equipment is frequently switched on and off according to real-time traffic, so that the mobile communication is adversely affected in multiple aspects and the service life of the equipment is adversely affected.
In a first aspect, the present application provides an enterprise cloud loading method, applied to cloud network slicing, where the cloud network slicing includes an enterprise intranet, an operator private network and a cloud server, the enterprise intranet is connected with the operator private network through an cloud loading dedicated node, the cloud loading dedicated node is an intranet node in the enterprise intranet, and the operator private network is connected with the cloud server, where the method includes:
acquiring a cloud request sent by an intranet server in the enterprise intranet;
determining a target relay network cloud slice from a plurality of relay network cloud slices to be selected of the private network of the operator according to the cloud uploading request;
and establishing communication connection between the intranet server and the cloud server by using the target relay network cloud slice.
In one possible design, the request to cloud includes: the first address information of the intranet server, the second address information of the cloud-up special node and the third address information of the cloud server;
correspondingly, the establishing the communication connection between the intranet server and the cloud server by using the target relay network cloud slice includes:
establishing a first transmission channel between the intranet server and the cloud-up special node according to the first address information and the second address information;
establishing a second transmission channel between the cloud-up special node and the cloud server according to the second address information and the third address information;
and establishing communication connection between the intranet server and the cloud server by using the first transmission channel and the second transmission channel.
Optionally, the cloud request further includes: an upper cloud license identifier, wherein the upper cloud license identifier is used for the enterprise intranet;
correspondingly, before determining the target relay network cloud slice from the plurality of to-be-selected relay network cloud slices of the operator private network according to the cloud uploading request, the method further comprises:
and authenticating the private network of the enterprise according to the cloud license identifier, wherein an authentication result is authentication passing.
In one possible design, after the communication connection between the intranet server and the cloud server is established by using the target relay network cloud slice, the method further includes:
transmitting an information processing request sent by the intranet server to the cloud server so that the cloud server determines a processing result according to the information processing request;
and feeding back the processing result sent by the cloud server to the intranet server.
In a second aspect, the present application provides an enterprise cloud device, including a memory, a processor, and computer-executable instructions stored in the memory and executable on the processor, the processor implementing the following steps when executing the computer-executable instructions: acquiring a cloud uploading request sent by an intranet server in an enterprise intranet;
determining a target relay network cloud slice from a plurality of to-be-selected relay network cloud slices of an operator private network according to the cloud uploading request;
and establishing communication connection between the intranet server and the cloud server by using the target relay network cloud slice.
In one possible design, the request to cloud includes: the first address information of the intranet server, the second address information of the cloud-up special node and the third address information of the cloud server;
correspondingly, the establishing the communication connection between the intranet server and the cloud server by using the target relay network cloud slice includes:
establishing a first transmission channel between the intranet server and the cloud-up special node according to the first address information and the second address information;
establishing a second transmission channel between the cloud-up special node and the cloud server according to the second address information and the third address information;
and establishing communication connection between the intranet server and the cloud server by using the first transmission channel and the second transmission channel.
Optionally, the cloud request further includes: an upper cloud license identifier, wherein the upper cloud license identifier is used for the enterprise intranet;
correspondingly, before determining the target relay network cloud slice from the plurality of to-be-selected relay network cloud slices of the operator private network according to the cloud uploading request, the method further comprises:
and authenticating the private network of the enterprise according to the cloud license identifier, wherein an authentication result is authentication passing.
In one possible design, after the communication connection between the intranet server and the cloud server is established by using the target relay network cloud slice, the method further includes:
transmitting an information processing request sent by the intranet server to the cloud server so that the cloud server determines a processing result according to the information processing request;
and feeding back the processing result sent by the cloud server to the intranet server.
In a third aspect, the present application provides an enterprise cloud system, including:
the cloud server comprises an enterprise intranet, an operator private network, a cloud server and enterprise cloud-up equipment, wherein the enterprise intranet is connected with the operator private network through a cloud-up private node, the cloud-up private node is an intranet node in the enterprise intranet, and the operator private network is connected with the cloud server;
the cloud-on-enterprise device is configured to implement any one of the possible cloud-on-enterprise methods provided in the first aspect.
In a fourth aspect, the present application provides a storage medium having stored therein a computer program for performing any one of the possible cloud-on-enterprise methods provided in the first aspect.
The cloud server is connected to the private network of the operator by adding network nodes in the enterprise intranet, so that the cloud server is directly integrated with the enterprise intranet without a cloud private line or a public network, the problem of low safety caused by the fact that the existing enterprise cloud service needs to be connected with the public network or high use cost caused by adding the cloud private line is solved, the existing intranet in a multiplexing enterprise and the existing private transmission network of the operator are achieved, and the cloud server can be cloud in an enterprise only by adding the cloud server connection nodes, so that the cloud service system is safe and efficient, low in cost and simple and convenient to operate.
Drawings
For a clearer description of the technical solutions of the present application or of the prior art, the drawings used in the description of the embodiments or of the prior art will be briefly described, it being obvious that the drawings in the description below are some embodiments of the present application, and that other drawings can be obtained from these drawings without inventive effort for a person skilled in the art.
FIGS. 1a-1b are schematic diagrams of an existing enterprise cloud architecture provided herein;
fig. 2 is a schematic flow chart of an enterprise cloud method provided in the present application;
fig. 3 is a schematic diagram of an intranet structure after cloud-up of an enterprise provided in the present application;
fig. 4 is a schematic diagram of a private network of a plurality of cloud network slice multiplexing operators provided in the present application;
FIG. 5 is a schematic flow chart of another method for cloud computing in enterprises provided by the present application;
FIG. 6 is a schematic diagram of an on-enterprise cloud system architecture provided herein;
fig. 7 is a schematic diagram of a collaborative application scenario of a cloud system on a multi-enterprise including a plurality of cloud servers provided in the present application;
fig. 8 is a schematic structural diagram of an enterprise cloud device provided in the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, including but not limited to combinations of embodiments, which can be made by one of ordinary skill in the art without inventive faculty, are intended to be within the scope of the present application, based on the embodiments herein.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims of this application and in the above-described figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be capable of operation in sequences other than those illustrated or described herein, for example. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For ease of understanding, the following description is made with reference to the terminology used in connection with the embodiments of the present application.
An enterprise intranet: the enterprise covers the private network of the operators in the whole country through renting network operators, and connects the enterprise headquarters with branch institutions in other areas to form a cross-regional enterprise computer local area network.
Operator private network: relay networks, which are exclusively used for serving enterprise data traffic, are laid down by network operators and cover nationwide places. The operator private network has high bandwidth and high data transmission capability. An operator private network is a backbone network for enterprise data transmission. The private network of the operator is laid according to the network distribution plan of the operator, and is a main data path for connecting a span distance such as a span province.
Cloud special line: communication lines dedicated to connect cloud servers with servers within an enterprise. The cloud private line is commonly shared by an enterprise user and does not generate physical connection with other servers. The cloud private line is laid according to the application of enterprise users.
Cloud net slicing: and a logically closed network space is formed by integrating the cloud server into a computer local area network of the enterprise intranet by adding network nodes on the basis of the enterprise intranet, and the cross-regional connecting line is born by an operator private network.
Fig. 1a-1b are schematic diagrams of an existing cloud architecture on an enterprise provided by the present application, as shown in fig. 1a, due to the 6 times of computing processing capacity of a cloud computing service compared with a traditional server and the continuous development of the cloud service, a considerable part of enterprises have deployed services originally in an enterprise intranet onto the cloud, but the services migrated onto the cloud are still limited to low-security or medium-security services, and high-security core services are still strictly limited in the enterprise intranet by the enterprises. The reason for this phenomenon is that, as shown in fig. 1a, an intranet connects with a remote cloud server by using public network space such as the internet, which results in risk of interception or attack of business data of the enterprise, and for this problem, a cloud service provider generally stacks a protection fence layer by layer on the public network through VPC (virtual PortChannel) virtual link aggregation technology: intrusion detection, intrusion prevention, network layer firewall, vulnerability scanning, antivirus software, application layer firewall, database security protection software, etc. are deployed. However, the layer-by-layer guard rail still cannot fundamentally solve the security risk of data transmission in the public network, and enterprise clients need to pay more use and maintenance costs for these security guards. This results in that the core business of the enterprise still needs to be strictly limited in the intranet, but the core business is also usually the data business with the highest requirement on computing power, and a great development space still exists for the cloud demand on the core business of the enterprise.
In order to solve the security problem, a cloud service provider proposes a scheme of independently opening a cloud private line for each enterprise to replace a public network, as shown in fig. 1b, a cloud server is connected to a server of an enterprise headquarter through the cloud private line, and each enterprise branch office needs to realize cloud service through transfer of the enterprise headquarter server. However, as enterprise digitization progresses from offices to production areas, enterprise digitization information resources are distributed over a wide spatial range, which enables cloud services to evolve from central cloud computing covering enterprise core data assets to edge cloud computing covering enterprise production. The cloud server can only realize the connection with the servers of other enterprise branches through the transit of the enterprise headquarter server, which makes the enterprise headquarter server return to the old road with increased processing capacity, and if each branch is provided with a cloud private line, the cost is obviously too high.
In order to solve the above problems, the applicant found that the root of the problems lies in that in the prior art, a cloud server is taken as a networking center, the cloud server and an enterprise intranet are separately built, and then the thinking of how to connect is considered, namely, the cloud server is taken as an external connection server of the enterprise intranet in the existing enterprise, the cloud server is dissociated outside the enterprise intranet, the enterprise intranet and the cloud server are connected through a public network or an upper cloud private line, a service provider providing cloud service only considers to leave an external interaction interface, the enterprise also only considers that an internal local area network only needs to leave an external interaction interface, and a network operator can only connect the cloud server and the enterprise intranet under the requirements of both the cloud service provider and the enterprise, which is equivalent to the passive architecture network of the three parties.
The inventor stands on the angle of a network operator, and takes an enterprise client as a networking center to comprehensively plan enterprise cloud, and the invention concept of the application is as follows: the construction of the enterprise intranet is that the enterprise rents the operator private network of the network operator architecture, the existing operator private network only needs to utilize cloud network cooperative equipment, namely enterprise cloud equipment, to uniformly distribute the transmission of cloud service data of different enterprise clients, the operator private network can be used for replacing the cloud private line, only the cloud private node is needed to be added in the enterprise intranet, then a cloud server can be integrated into the enterprise intranet through the cloud private node, cloud data interaction becomes data interaction among all nodes in the closed intranet, the cloud private line is prevented from being paved for each enterprise client independently, the full and efficient utilization of the resources of the operator private network is realized, cloud service of the enterprise is simplified, the cloud service cost of the enterprise is reduced, and meanwhile the security of enterprise cloud data is improved. The definition of the operator private network is described by the above technical terms and will not be repeated here.
The cloud-up method of the enterprise of the application is described in detail below in conjunction with the embodiments.
It should be noted that, the following cloud-on-enterprise methods are all applied to the "cloud network slice" type intranet architecture scheme. The cloud network slicing refers to that an enterprise intranet takes an operator private network covering the whole country as a connection basis, dedicated network data transmission channel resources are distributed to enterprise clients through cloud network cooperative equipment, namely enterprise cloud equipment, on the operator private network, so that the enterprise intranet is extended to a cloud server, computer resource slices, such as virtual machines, physical machines and even rack resources, corresponding to the enterprise clients on the cloud server are sealed into the enterprise intranet, and a logically sealed independent cloud-containing enterprise local area network is formed into cloud network slices in the mode. Each cloud network slice is logically not communicated and self-closed, so that high safety of data is guaranteed, but the cloud network slices are highly shared on the level of a physical transmission medium and a cloud server, a large amount of physical resources are saved, and a brand new channel is provided for enterprises to quickly access or expand cloud services.
Fig. 2 is a schematic flow chart of an enterprise cloud method provided in the present application. As shown in fig. 2, the specific steps of the method include:
s201, acquiring a cloud uploading request sent by an intranet server in an enterprise intranet.
Fig. 3 is a schematic diagram of an intranet structure after cloud-up of an enterprise provided by the present application. As shown in FIG. 3, the intranet 31 comprises a plurality of network nodes, each node is connected to at least one computer server, the servers of the whole enterprise are connected to each other by the intranet 31, such as the servers of the headquarters of the enterprise in FIG. 3 are connected to the servers of the branches of the enterprise, and the nodes may be located in different geographic locations, such as distributed across markets, distributed across provinces, etc., or the nodes may be divided into office nodes and production nodes, where the office nodes and the production nodes span a larger geographic area.
An intranet server under a certain node in the intranet, such as an intranet server in a branch 1, combines the self address, the address of the cloud-up special node 32 and other relevant cloud service information into an cloud-up request, sends the cloud-up request to the intranet, and network equipment of the cloud-up special node, such as a gateway, forwards the cloud-up request to the operator private network 33, and is acquired and received by cloud network cooperative equipment connected to the operator private network 33, namely, enterprise cloud-up equipment. Different intranets achieve the technical effect of fast cloud loading and fast addition or deletion of cloud servers for the enterprise through orthogonal multiplexing of the operator private network 33.
S202, determining a target relay network cloud slice from a plurality of to-be-selected relay network cloud slices of the private network of the operator according to the cloud uploading request.
Fig. 4 is a schematic diagram of a private network of a plurality of cloud network slice multiplexing operators provided in the present application. As shown in fig. 4, since the plurality of cloud network slices share the operator private network, that is, the enterprise intranet a, the enterprise intranet B and the enterprise intranet C in fig. 4 are all connected to the operator private network on the physical connection line, the operator private network may transmit cloud service data of the plurality of cloud network slices at the same time, so that overall allocation of data transmission channel resources of the operator private network is necessary, the allocation of data transmission channel resources in the operator private network, which is responsible for long-distance trans-regional data transmission, is called relay network cloud slice, and all data transmission channel resources are divided into the plurality of relay network cloud slices. And for the idle relay network cloud slices in the period, the to-be-selected relay network cloud slices are called, and the enterprise cloud equipment screens out target relay network cloud slices from the to-be-selected relay network cloud slices according to the cloud request and a preset resource allocation rule/preset allocation algorithm. Specifically, according to matching one or more dimensions such as data size, task emergency degree, enterprise client level, cloud resource usage information of a cloud server and the like in the cloud request, a relay network cloud slice matched with the cloud request is determined, and it is understood that the essence of the relay network cloud slice is to logically divide a signal frequency band channel or a time sequence used by an operator private network or a means combining the two.
It should be noted that, in this embodiment, the implementation manner of the information included in the cloud request and the preset allocation algorithm is not limited, and those skilled in the art may select a specific implementation manner according to actual situations, which all fall within the scope described in this step.
And S203, establishing communication connection between the intranet server and the cloud server by utilizing the target relay network cloud slice.
As shown in fig. 4, after determining the cloud slice of the target relay network, the relay network transmits information of the enterprise cloud service to the cloud server, and returns a result processed by the cloud server to a server in a target node in the enterprise intranet, so that communication connection between the intranet server and the cloud server is established.
The embodiment provides an enterprise cloud loading method, which comprises the steps of obtaining a cloud loading request sent by an intranet server in an enterprise intranet on the basis of cloud network slices, determining a target relay network cloud slice from a plurality of to-be-selected relay network cloud slices of an operator private network according to the cloud loading request, and finally establishing communication connection between the intranet server and the cloud server by utilizing the target relay network cloud slice. The cloud server is directly integrated with the enterprise intranet without a cloud private line or a public network, the problems that the safety is low due to the fact that the existing enterprise cloud service needs to be connected with the public network or the use cost is high due to the fact that the cloud private line needs to be added are solved, the technical effects that the existing intranet in an enterprise and the existing special transmission network of an operator are reused, the enterprise cloud can be achieved only by adding a cloud server connection node, safety and efficiency are achieved, cost is low, and operation is simple and convenient are achieved.
Fig. 5 is a schematic flow chart of another cloud-on-enterprise method provided in the present application. As shown in fig. 5, the specific steps of the method include:
s501, acquiring a cloud request sent by an intranet server in an enterprise intranet.
In this step, the cloud up request includes: the cloud server comprises an upper cloud permission identifier, first address information of an intranet server, second address information of an upper cloud special node and third address information of the cloud server.
It should be noted that, the above address information may be understood as an intranet IP address, where the IP addresses may only be visible in the same cloud network slice, that is, other intranets may not obtain the IP address information of the intranet, so that the logical closure of the cloud network slice may be implemented, and the security of the data may be ensured.
For other contents of this step, see explanation in S101, and will not be described here again.
S502, authenticating the private network of the enterprise according to the cloud license identifier, wherein the authentication result is authentication passing.
The cloud license identifier is unique identification information distributed to the enterprise client by the cloud service provider or the network service operator after the cloud service provider, the network service operator and the enterprise client sign a cloud service agreement, and the cloud license identifier can correspond to the cloud service authority level of the enterprise client. After receiving the cloud request from the cloud special node, the enterprise cloud equipment authenticates according to the cloud permission identifier in the cloud request, judges whether the enterprise client is still in the cloud service agreement period, and provides corresponding priority and resource allocation basis for the subsequent relay network cloud slice according to the authority level corresponding to the cloud permission identifier.
S503, establishing a first transmission channel between the intranet server and the cloud-climbing special node according to the first address information and the second address information.
To facilitate an understanding of this step, mpls_vpn (Multi-Protocol Label Switching Virtual Private Network) based virtual private network technology is illustrated herein. The mpls_vpn network consists essentially of CE (Customer Edge Router) customer network edge router device, PE (Provider Edge Router) network operator edge router device and P (Provider Router) network operator core router device, parts 3. The CE is directly connected with the operator network, the CE 'perceives' the existence of VPN, the PE is directly connected with the CE of the user, is responsible for VPN service access and processing VPN-IPv4 route, is a main realization of MPLS three-layer VPN, and P is responsible for fast forwarding data and is not directly connected with the CE. The PE device adds MPLS labels to information in the enterprise network, and further distributes routes among branches of the same VPN user, namely the enterprise network user, namely the first address information and the second address information are added to the MPLS labels to form VPN data packets, and a data channel of an intranet server and a cloud-up special node is established.
In one possible design, to improve the data transmission efficiency, the intranet server may first apply for resource allocation to the cloud-dedicated node, and the intranet edge router or the cloud-dedicated device of the enterprise allocates the transmission channel resources of the intranet server and the cloud-dedicated node, that is, establishes a first transmission channel through the first address information and the second address information.
S504, establishing a second transmission channel between the cloud special node and the cloud server according to the second address information and the third address information.
And when the first transmission channel is established, the operator core router equipment or the enterprise cloud-up equipment establishes a second transmission channel for connecting the cloud-up special node of the enterprise intranet with the cloud server by utilizing a preset allocation algorithm according to the data bearing condition of the current relay network. It will be appreciated that this functionality of the cloud-up device may also be included in the operator core router device.
Specifically, the intranet can be divided into virtual network VLAN segments by VLAN (Virtual Local Area Network) virtual local area network technology, one VLAN segment is a broadcast domain, communication between VLANs is completed by a layer 3 router, and the broadcast domain can be a virtual segment composed of a set of arbitrarily selected layer two network addresses (MAC addresses). In this way, the division of the working groups in the network may break through the geographical location limitation in the shared network, but rather be divided entirely according to management functions. The grouping mode based on the workflow greatly improves the management functions of network planning and reorganization. Workstations in the same VLAN communicate as if they were on separate switches, no matter which switch they are actually connected to. The broadcast in the same VLAN can be heard only by members in the VLAN and can not be transmitted to other VLANs, so that the technical effect that a plurality of enterprise intranets share a physical transmission medium, namely an operator private network, can be realized, the cloud speed of an enterprise can be accelerated, and the resource utilization rate can be improved.
S505, establishing communication connection between the intranet server and the cloud server by using the first transmission channel and the second transmission channel.
After the first transmission channel and the second transmission channel are established, namely the cloud slice of the relay network is distributed, the enterprise intranet server and the cloud server receive the connection establishment notification, and therefore the intranet server and the cloud server can start data transmission.
It should be noted that, one cloud server corresponds to one cloud-up dedicated node, and when a plurality of intranet nodes send a cloud-up request to the cloud-up dedicated node at the same time, cloud slice resources of the relay network are allocated by the enterprise cloud-up device or the router device of the cloud-up dedicated node according to a preset priority scheme. For example, for a central cloud server, an intranet node corresponding to an enterprise headquarter or an intranet node responsible for big data analysis service has the highest priority and can be allocated to the maximum bandwidth; for example, for a 5G edge cloud server, which is mainly responsible for basic cloud services of a production area or other branch office, the corresponding production area node or branch office node has a relatively high priority.
In one possible design, the intranet of the enterprise may set a plurality of alternative nodes as the cloud-dedicated nodes to be selected, so that after the enterprise signs a service agreement with the cloud service provider, the enterprise may directly select one of the cloud-dedicated nodes to be selected as the cloud-dedicated node corresponding to the cloud server, and when the contract expires, the cloud-dedicated node may be directly released. Therefore, the expansion or reduction of the cloud service corresponding to the enterprise can be realized rapidly, and the situation that enterprise clients need to open a plurality of cloud private lines to realize the cloud service demands of different cloud service providers or different enterprise branches is avoided.
S506, the information processing request sent by the intranet server is transmitted to the cloud server, so that the cloud server determines a processing result according to the information processing request.
In this step, the information processing request may be a large data analysis request for the enterprise core operation data, or may be a service data processing request for a web portal.
S507, feeding back the processing result sent by the cloud server to the intranet server.
In this step, the cloud server may transmit the processing result to the intranet server at one time, or may transmit the feedback result first for the content with less processing time consumption according to the content of the service request, so as to improve the experience of the user.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program when executed performs steps including the above method embodiments; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
According to the enterprise cloud loading method, cloud loading requests sent by an intranet server in an enterprise intranet are obtained on the basis of cloud network slicing, then an enterprise private network is authenticated according to cloud loading permission identification, after authentication is passed, a first transmission channel of the intranet server and a cloud loading special node is established according to first address information and second address information, a second transmission channel of the cloud loading special node and the cloud server is established according to second address information and third address information, and communication connection between the intranet server and the cloud server is established by utilizing the first transmission channel and the second transmission channel, so that cloud service data interaction is achieved. The cloud server is directly integrated with the enterprise intranet without a cloud private line or a public network, the problems that the safety is low due to the fact that the existing enterprise cloud service needs to be connected with the public network or the use cost is high due to the fact that the cloud private line needs to be added are solved, the technical effects that the existing intranet in an enterprise and the existing special transmission network of an operator are reused, the enterprise cloud can be achieved only by adding a cloud server connection node, safety and efficiency are achieved, cost is low, and operation is simple and convenient are achieved.
Fig. 6 is a schematic diagram of an on-enterprise cloud system architecture provided in the present application. As shown in fig. 6, the intranet is connected with the operator private network 62 through an upper cloud private node 611, the enterprise cloud device 64 is responsible for planning and scheduling data transmission of each cloud network slice on the operator private network 62, and cloud service data interaction is realized between a cloud server 63 in a different place and a certain intranet server in the intranet 61 through the operator private network 62. It should be noted that, the private network 62 refers to a trans-regional private backbone network laid by a network operator, which is a relay network for long-distance transmission, and a connection network between branches in the intranet is also an private network laid by a leased network operator, so the private network 62 may be considered as extending the intranet 61, and thus the cloud server 63 is integrated into the intranet 61. The cloud-up method for the enterprise is realized by the cloud-up system for the enterprise, the enterprise can realize quick cloud-up or quick expansion of the number of cloud servers only by increasing the number of the cloud-up special nodes 611 in the enterprise intranet 61, for example, the number of the cloud-up special nodes corresponding to the 5G edge cloud service can be increased, and the 5G edge cloud server can be connected with the servers of all branch institutions in the enterprise intranet through the private network 62 of the operator, so that the quick expansion of the 5G edge cloud service is realized.
Fig. 7 is a schematic diagram of a collaborative application scenario of a cloud system on a multi-enterprise including a plurality of cloud servers provided in the present application. As shown in fig. 7, the intranet a and the intranet B are respectively connected with the private network of the operator through respective cloud-up dedicated nodes, that is, orthogonal multiplexing of the private network of the operator is realized, one physical line can serve hundreds of thousands of enterprise clients, the private network of the enterprise is divided into a plurality of logic isolation areas through cloud-up devices or core routers of the private network of the operator, and different private networks and network nodes in the private network of the enterprise are distinguished through logic isolation. And in the same intranet, the intranet node can send cloud-up requests to multiple cloud-up special nodes at the same time, for example, a headquarter node a of the intranet a can send cloud-up requests of a central cloud service and cloud-up requests of a 5G edge cloud service to two cloud-up special nodes corresponding to the 5G edge cloud at the same time, the central cloud server processes data analysis business, and the 5G edge cloud server can send edge cloud service data to wireless terminal devices in various branches of the enterprise, such as pushing work communication information among employees of the enterprise. It should be noted that, although the enterprise intranet a and the enterprise intranet B are logically isolated and share the same private network of the operator, the private network of the operator is not a public network like the internet, and is not open to the individual user, so that the data between the enterprise intranets are not exposed in the public network, the possibility of hacking is avoided, and the security problem of the enterprise core service data is improved.
Fig. 8 is a schematic structural diagram of an enterprise cloud device provided in the present application. As shown in fig. 8, the cloud-on-enterprise device 800 may include: at least one processor 801 and a memory 802. Fig. 8 shows an electronic device using one processor as an example.
A memory 802 for storing programs. In particular, the program may include program code including computer-operating instructions.
Memory 802 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 801 is configured to execute the computer-executable instructions stored in the memory 802 to implement the cloud computing method of the above embodiments of the method, and detailed steps of implementation may refer to the cloud computing method flow of the enterprise shown in fig. 5, and specific terms and working principles refer to S501 to S507, which are not described herein.
The processor 801 may be a central processing unit (central processing unit, abbreviated as CPU), or an application specific integrated circuit (application specific integrated circuit, abbreviated as ASIC), or one or more integrated circuits configured to implement embodiments of the present application.
Alternatively, the memory 802 may be separate or integrated with the processor 801. When the memory 802 is a device separate from the processor 801, the electronic device 800 may further include:
a bus 803 for connecting the processor 801 and the memory 802. The bus may be an industry standard architecture (industry standard architecture, abbreviated ISA) bus, an external device interconnect (peripheral component, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. Buses may be divided into address buses, data buses, control buses, etc., but do not represent only one bus or one type of bus.
Alternatively, in a specific implementation, if the memory 802 and the processor 801 are integrated on a chip, the memory 802 and the processor 801 may complete communication through an internal interface.
The present application also provides a computer-readable storage medium, which may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk or an optical disc, etc., and specifically, the computer readable storage medium stores program instructions, where the program instructions are used in the enterprise cloud method in the foregoing embodiments, and will not be described herein again.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.
Claims (8)
1. The utility model provides an enterprise cloud method, its characterized in that is applied to cloud net section, cloud net section contains intranet, operator private network and cloud server, the intranet through go up cloud private node with the operator private network is connected, go up cloud private node is intranet node in the intranet, the operator private network with cloud server is connected, the method includes:
acquiring a cloud request sent by an intranet server in the enterprise intranet;
determining a target relay network cloud slice from a plurality of relay network cloud slices to be selected of the private network of the operator according to the cloud uploading request;
establishing communication connection between the intranet server and the cloud server by utilizing the target relay network cloud slice;
the cloud request includes: the first address information of the intranet server, the second address information of the cloud-up special node and the third address information of the cloud server;
correspondingly, the establishing the communication connection between the intranet server and the cloud server by using the target relay network cloud slice includes:
establishing a first transmission channel between the intranet server and the cloud-up special node according to the first address information and the second address information;
establishing a second transmission channel between the cloud-up special node and the cloud server according to the second address information and the third address information;
and establishing communication connection between the intranet server and the cloud server by using the first transmission channel and the second transmission channel.
2. The enterprise cloud method of claim 1, wherein the cloud request further comprises: an upper cloud license identifier, wherein the upper cloud license identifier is used for the enterprise intranet;
correspondingly, before determining the target relay network cloud slice from the plurality of to-be-selected relay network cloud slices of the operator private network according to the cloud uploading request, the method further comprises:
and authenticating the private network of the enterprise according to the cloud license identifier, wherein an authentication result is authentication passing.
3. The enterprise cloud method of any of claims 1-2, further comprising, after said establishing a communication connection between the intranet server and the cloud server using the target relay network cloud slice:
transmitting an information processing request sent by the intranet server to the cloud server so that the cloud server determines a processing result according to the information processing request;
and feeding back the processing result sent by the cloud server to the intranet server.
4. An enterprise cloud computing device comprising a memory, a processor, and computer-executable instructions stored in the memory and executable on the processor, wherein the processor, when executing the computer-executable instructions, performs the steps of:
acquiring a cloud uploading request sent by an intranet server in an enterprise intranet;
determining a target relay network cloud slice from a plurality of to-be-selected relay network cloud slices of an operator private network according to the cloud uploading request;
establishing communication connection between the intranet server and a cloud server by utilizing the target relay network cloud slice;
the cloud request includes: the first address information of the intranet server, the second address information of the cloud-up special node and the third address information of the cloud server;
correspondingly, the establishing the communication connection between the intranet server and the cloud server by using the target relay network cloud slice includes:
establishing a first transmission channel between the intranet server and the cloud-up special node according to the first address information and the second address information;
establishing a second transmission channel between the cloud-up special node and the cloud server according to the second address information and the third address information;
and establishing communication connection between the intranet server and the cloud server by using the first transmission channel and the second transmission channel.
5. The enterprise cloud apparatus of claim 4, wherein said cloud request further comprises: an upper cloud license identifier, wherein the upper cloud license identifier is used for the enterprise intranet;
correspondingly, before determining the target relay network cloud slice from the plurality of to-be-selected relay network cloud slices of the operator private network according to the cloud uploading request, the method further comprises:
and authenticating the private network of the enterprise according to the cloud license identifier, wherein an authentication result is authentication passing.
6. The enterprise cloud apparatus of any of claims 4-5, further comprising, after said establishing a communication connection between said intranet server and said cloud server using said target relay network cloud slice:
transmitting an information processing request sent by the intranet server to the cloud server so that the cloud server determines a processing result according to the information processing request;
and feeding back the processing result sent by the cloud server to the intranet server.
7. An enterprise cloud computing system, comprising:
the cloud server comprises an enterprise intranet, an operator private network, a cloud server and enterprise cloud-up equipment, wherein the enterprise intranet is connected with the operator private network through a cloud-up private node, the cloud-up private node is an intranet node in the enterprise intranet, and the operator private network is connected with the cloud server;
the cloud-on-enterprise device is configured to implement the cloud-on-enterprise method of any of claims 1 to 3.
8. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the enterprise cloud-on method of any of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010605476.3A CN113965332B (en) | 2020-06-29 | 2020-06-29 | Enterprise cloud loading method, equipment, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010605476.3A CN113965332B (en) | 2020-06-29 | 2020-06-29 | Enterprise cloud loading method, equipment, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113965332A CN113965332A (en) | 2022-01-21 |
| CN113965332B true CN113965332B (en) | 2023-08-08 |
Family
ID=79459096
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010605476.3A Active CN113965332B (en) | 2020-06-29 | 2020-06-29 | Enterprise cloud loading method, equipment, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113965332B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115243229A (en) * | 2022-05-30 | 2022-10-25 | 浪潮通信技术有限公司 | Cloud network fusion method, device and system, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283755A (en) * | 2013-07-01 | 2015-01-14 | 阿里巴巴集团控股有限公司 | Virtual private cloud accessing method and system thereof |
| CN105120530A (en) * | 2015-09-11 | 2015-12-02 | 北京金山安全软件有限公司 | Method and device for acquiring data and data acquisition system |
| CN109286954A (en) * | 2018-11-05 | 2019-01-29 | 中国联合网络通信集团有限公司 | A kind of data transmission method and transmission net controller |
| WO2019095374A1 (en) * | 2017-11-20 | 2019-05-23 | Nokia Shanghai Bell Co., Ltd. | Apparatus, system and method for security management based on event correlation in a distributed multi-layered cloud environment |
| CN110198555A (en) * | 2019-05-21 | 2019-09-03 | 中国联合网络通信集团有限公司 | A kind of configuration method and device of network slice |
| CN110266767A (en) * | 2019-05-22 | 2019-09-20 | 中国联合网络通信集团有限公司 | Cloud method and equipment in enterprise |
| CN111106991A (en) * | 2018-10-29 | 2020-05-05 | 中国移动通信集团浙江有限公司 | Cloud special line system and service issuing and opening method thereof |
| CN111340456A (en) * | 2020-03-06 | 2020-06-26 | 国网冀北电力有限公司 | Edge cloud collaborative data processing method, device and equipment based on Internet of things |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9172605B2 (en) * | 2014-03-07 | 2015-10-27 | Ubiquiti Networks, Inc. | Cloud device identification and authentication |
| US9350710B2 (en) * | 2014-06-20 | 2016-05-24 | Zscaler, Inc. | Intelligent, cloud-based global virtual private network systems and methods |
-
2020
- 2020-06-29 CN CN202010605476.3A patent/CN113965332B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283755A (en) * | 2013-07-01 | 2015-01-14 | 阿里巴巴集团控股有限公司 | Virtual private cloud accessing method and system thereof |
| CN105120530A (en) * | 2015-09-11 | 2015-12-02 | 北京金山安全软件有限公司 | Method and device for acquiring data and data acquisition system |
| WO2019095374A1 (en) * | 2017-11-20 | 2019-05-23 | Nokia Shanghai Bell Co., Ltd. | Apparatus, system and method for security management based on event correlation in a distributed multi-layered cloud environment |
| CN111106991A (en) * | 2018-10-29 | 2020-05-05 | 中国移动通信集团浙江有限公司 | Cloud special line system and service issuing and opening method thereof |
| CN109286954A (en) * | 2018-11-05 | 2019-01-29 | 中国联合网络通信集团有限公司 | A kind of data transmission method and transmission net controller |
| CN110198555A (en) * | 2019-05-21 | 2019-09-03 | 中国联合网络通信集团有限公司 | A kind of configuration method and device of network slice |
| CN110266767A (en) * | 2019-05-22 | 2019-09-20 | 中国联合网络通信集团有限公司 | Cloud method and equipment in enterprise |
| CN111340456A (en) * | 2020-03-06 | 2020-06-26 | 国网冀北电力有限公司 | Edge cloud collaborative data processing method, device and equipment based on Internet of things |
Non-Patent Citations (1)
| Title |
|---|
| 5G时代中国移动将推动云网融合;庄性华;梁勇;周二玲;李文扬;;通信企业管理(第01期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113965332A (en) | 2022-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107959654B (en) | Data transmission method and device and mixed cloud system | |
| US11005818B2 (en) | Dynamic, user-configurable virtual private network | |
| US10382401B1 (en) | Cloud over IP for enterprise hybrid cloud network and security | |
| US10848461B2 (en) | Unified security policies across virtual private clouds with overlapping IP address blocks | |
| CN107623663B (en) | Method and device for processing network flow | |
| EP2995067B1 (en) | A direct connect virtual private interface for a one to many connection with multiple virtual private clouds | |
| CN101288272B (en) | Tunneled security groups | |
| US8713628B2 (en) | Method and system for providing cloud based network security services | |
| EP2922246B1 (en) | Method and data center network for cross-service zone communication | |
| US11595393B2 (en) | Role-based access control policy auto generation | |
| CN110971626A (en) | Enterprise branch office access request processing method, device and system | |
| CN101001264B (en) | Method, device, network edge equipment and addressing server for L1VPN address distribution | |
| CN102891790A (en) | VPN (Virtual Private Network) virtualization method and system of visiting virtual private cloud | |
| CN111385326B (en) | Rail transit communication system | |
| CN111371664B (en) | Virtual private network access method and equipment | |
| CN110089078B (en) | Method and apparatus for providing a traffic forwarder via a dynamic overlay network | |
| CN112822037B (en) | Flow arrangement method and system for security resource pool | |
| US7822872B2 (en) | Multi-location distributed workplace network | |
| Shanmugam et al. | DEIDtect: towards distributed elastic intrusion detection | |
| CN104506614A (en) | Design method for distributed multi-activity data center based on cloud computing | |
| CN106027491B (en) | Separated links formula communication processing method and system based on isolation IP address | |
| CN113965332B (en) | Enterprise cloud loading method, equipment, system and storage medium | |
| CN107426100B (en) | VPN user access method and device based on user group | |
| CN104426864A (en) | Cross-domain remote command realization method and system | |
| Odi et al. | The proposed roles of VLAN and inter-VLAN routing in effective distribution of network services in Ebonyi State University |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |