CN116319835A - Data synchronization method, device, equipment and storage medium based on federal range - Google Patents
Data synchronization method, device, equipment and storage medium based on federal range Download PDFInfo
- Publication number
- CN116319835A CN116319835A CN202310522968.XA CN202310522968A CN116319835A CN 116319835 A CN116319835 A CN 116319835A CN 202310522968 A CN202310522968 A CN 202310522968A CN 116319835 A CN116319835 A CN 116319835A
- Authority
- CN
- China
- Prior art keywords
- range
- data synchronization
- data
- federal
- command
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The application discloses a data synchronization method, a device, equipment and a storage medium based on a federal target range, which belong to the field of network security, and are applied to sub-target ranges in the federal target range, wherein the federal target range also comprises a main target range, and the sub-target range acquires a data synchronization command issued by the main target range; the data transmission channel between the sub-range and the main range is opened based on the data synchronization command, and the data synchronization is carried out between the sub-range and the main range through the data transmission channel, so that when the data synchronization command is received, a special data transmission channel is temporarily provided for data synchronization, the data synchronization can be automatically carried out based on the data synchronization command without manual operation, and the data synchronization efficiency is improved.
Description
Technical Field
The application relates to the technical field of network security, in particular to a federal range-based data synchronization method, a federal range-based data synchronization device, federal range-based data synchronization equipment and a federal range-based data synchronization storage medium.
Background
The federal target ranges form a large-scale distributed network target range by concentrating the resources of each sub target range, and as each sub target range needs to simulate different scenes and complete the same attack and defense countermeasure exercise project in a matching way, the data synchronization efficiency among each sub target range can influence the task execution efficiency of each sub target range in the attack and defense countermeasure exercise project.
At present, in order to ensure data security, network isolation exists between each sub-range, so that data synchronization cannot be performed on line on each sub-range, and the purpose of data synchronization can be achieved only by manually operating each sub-range respectively.
Therefore, there is a problem in that the related art has low data synchronization efficiency.
Disclosure of Invention
The main purpose of the application is to provide a federal shooting range-based data synchronization method, a federal shooting range-based data synchronization device, federal shooting range-based data synchronization equipment and a federal shooting range-based data synchronization storage medium, and aims to solve the technical problem of low data synchronization efficiency.
To achieve the above object, the present application provides a data synchronization method based on a federal target range, which is applied to a sub target range in the federal target range, the federal target range further includes a main target range, and the data synchronization method based on the federal target range includes the following steps:
acquiring a data synchronization command issued by the main target field;
and opening a data transmission channel between the main shooting range and the data synchronization command, and performing data synchronization with the main shooting range through the data transmission channel.
In one possible implementation manner of the application, a plurality of sub-ranges are provided, each sub-range is correspondingly provided with a range ID, each sub-range is provided with at least one project, and each project is correspondingly provided with a project ID;
the step of obtaining the data synchronization command issued by the main target field comprises the following steps:
based on the target range ID of the self and the engineering ID of the corresponding engineering, reading a corresponding data synchronization command from a preset message queue;
the data synchronization command is built in the main shooting range in advance based on preset to-be-synchronized content of corresponding projects in the sub shooting ranges, shooting range IDs of the sub shooting ranges and project IDs of the corresponding projects, and is written into the preset message queue.
In a possible implementation manner of the present application, the step of performing data synchronization with the main target range through the data transmission channel includes:
analyzing the data synchronous command to obtain the type of the data synchronous command, wherein the type of the data synchronous command comprises engineering initialization, engineering updating and configuration file issuing;
and based on the type of the data synchronization command, synchronizing the preset content to be synchronized with the main shooting range through the data transmission channel.
In one possible implementation manner of the present application, the step of synchronizing the preset content to be synchronized with the main shooting range through the data transmission channel based on the type of the data synchronization command includes:
if the type of the data synchronization command is engineering update, comparing a first engineering file corresponding to the preset to-be-synchronized content in the main shooting range with a second engineering file corresponding to the preset to-be-synchronized content locally to obtain a comparison result;
and if the comparison result is inconsistent, synchronizing the incremental data in the first engineering file to the local.
In one possible implementation manner of the present application, the step of opening a data transmission channel between the main firing range and the main firing range based on the data synchronization command includes:
determining whether to execute the data synchronization command based on the type of the data synchronization command;
if the execution is determined, opening a VPN tunnel established between the local and the main target range through a preset data communication server;
and carrying out data synchronization with the main target range through the VPN tunnel.
In a possible implementation manner of the present application, after the step of parsing the data synchronization command to obtain the type of the data synchronization command and the preset content to be synchronized, the method further includes:
analyzing a plurality of data synchronous commands received simultaneously to obtain the execution priority of the plurality of data synchronous commands;
and sequentially executing the plurality of data synchronous commands based on the execution priority.
In a possible embodiment of the present application, after the step of data synchronizing with the main firing range through the data transmission channel, the method further includes:
and if the data synchronization is finished, sending feedback information of the data synchronization to the main target range so as to enable the main target range to send other data synchronization commands.
The application also provides a data synchronization device based on federal range, the device includes:
the command acquisition module is used for acquiring a data synchronization command issued by the main shooting range;
and the synchronization module is used for opening a data transmission channel between the main shooting range and the data transmission channel based on the data synchronization command and performing data synchronization between the main shooting range and the data transmission channel.
The application also provides a data synchronization device based on federal range, the device comprising: a memory, a processor, and a federal range based data synchronization program stored on the memory and executable on the processor, the federal range based data synchronization program configured to implement the steps of the federal range based data synchronization method as in any one of the above.
The present application further provides a storage medium having stored thereon a federal range based data synchronization program which when executed by a processor implements the steps of the federal range based data synchronization method as set forth in any one of the preceding claims.
Compared with the prior art, the data synchronization method based on the federal target ranges has the advantages that the network isolation exists between the sub target ranges, so that the data synchronization of the sub target ranges cannot be performed on line, the purpose of data synchronization can be achieved only by manually operating the sub target ranges respectively, the method is applied to the sub target ranges in the federal target ranges, the federal target ranges further comprise a main target range, and the sub target ranges acquire data synchronization commands issued by the main target range; the data transmission channel between the sub-range and the main range is opened based on the data synchronization command, and the data synchronization is carried out between the sub-range and the main range through the data transmission channel, so that when the data synchronization command is received, a special data transmission channel is temporarily provided for data synchronization, the data synchronization can be automatically carried out based on the data synchronization command without manual operation, and the data synchronization efficiency is improved.
Drawings
FIG. 1 is a flow chart of a first embodiment of a federal range-based data synchronization method according to the present application;
FIG. 2 is a logic architecture diagram of a federal range-based data synchronization method according to a first embodiment of the present application;
fig. 3 is a schematic diagram of a first scenario of a federal range-based data synchronization method according to a first embodiment of the present application;
FIG. 4 is a schematic diagram of the architecture of a federal range-based data synchronization device of a hardware operating environment in accordance with an embodiment of the present application;
fig. 5 is a schematic diagram of a federal range-based data synchronization apparatus according to a first embodiment of the present application.
The realization, functional characteristics and advantages of the present application will be further described with reference to the embodiments, referring to the attached drawings.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application. Although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope herein.
An embodiment of the present application provides a data synchronization method based on a federal target range, referring to fig. 1 and fig. 2, in this embodiment, the data synchronization method based on the federal target range includes:
step S10: acquiring a data synchronization command issued by the main target field;
step S20: and opening a data transmission channel between the main shooting range and the data synchronization command, and performing data synchronization with the main shooting range through the data transmission channel.
In this embodiment, the data synchronization method based on the federal range is applied to a data synchronization device based on the federal range, where the data synchronization device based on the federal range may be a sub-range in the federal range.
As an example, a federal target range includes multiple sub-ranges, where the federal target range forms a large-scale distributed network target range by concentrating the resources of each sub-range, where each sub-range needs to take on a different role and cooperate to complete the same attack and defense countermeasure exercise project.
As an example, multiple attack and defense exercise projects may be deployed in each sub-range, and each sub-range may be provided with at least one virtual machine (a software program that simulates the behavior of a physical computer), and/or at least one physical machine, and/or at least one virtual router, etc. infrastructure, each attack and defense exercise project requiring cooperation of different infrastructures in the sub-range.
As an example, the network architecture established between infrastructures for each of the sub-ranges in the federal range differs (e.g., there is some difference in network architecture between the sub-range established in city a and the sub-range established in city b, or between sub-ranges simulating different scenes in the attack and defense exercise project), thereby creating network heterogeneity between sub-ranges.
As an example, in the federal range, each sub-range needs to exchange data or synchronize data in the process of matching with one attack and defense countermeasure exercise project to achieve interaction between each sub-ranges. Specifically, when simulating different scenes, each separate shooting range has different required configuration files or data to be called. However, due to the isomerism of each sub-range and the network isolation between the sub-ranges, the data synchronization of each sub-range cannot be performed on line, and the purpose of data synchronization can be achieved only by manually operating each sub-range, so that the efficiency of the data synchronization between the sub-ranges is low, and the task execution efficiency of each sub-range in the attack and defense countermeasure exercise engineering can be affected.
As an example, the federal target range further includes a main target range, where the main target range may be a target range selected from the sub target ranges, or may be a fixed target range outside the sub target ranges, and referring to fig. 3, it is known that the main target range and the sub target ranges are provided with a command processing module, a message processing module, a data synchronization module, and a data channel management module.
The present embodiment aims at: and transmitting a data synchronization command through the main target field, and opening a data transmission channel between the sub-target fields and the main target field after receiving the command, so as to automatically realize data synchronization with the main target field.
The method comprises the following specific steps:
step S10: acquiring a data synchronization command issued by the main target field;
as an example, management of separate ranges is facilitated by issuing data synchronization commands from the main range. Specifically, the data synchronization command may be issued by one main target field selected from a plurality of sub-target fields, or may be issued by one main target field fixedly arranged, or may be issued by a sub-target field when other sub-target fields need to synchronize local data, or the like, so that different data synchronization scenes can be applied.
As an example, the sub-target range receives the data synchronization command issued by the main target range, and the main target range may directly transmit the data synchronization command to a certain sub-target range, or the main target range may issue the data synchronization command to a preset message queue, and the sub-target range periodically acquires or acquires at any time, so as to satisfy the issuing scenario of the instant command and the preset command.
As an example, the data synchronization command may be a command such as engineering initialization, engineering update, or configuration file issue of engineering, or configuration file update of engineering, which can automatically perform data synchronization on the engineering after the engineering is created (configuration of engineering parameters based on the engineering update or configuration file), thereby improving data synchronization efficiency and saving preparation time before engineering implementation.
As one example, a data synchronization command is used to command a separate firing range to perform a data synchronization task.
As an example, the command processing module is configured to perform structured language description on the command and package and parse the data synchronization command.
The data synchronization command can be structured language description (yaml or json format is used for configuration and management, yaml is a simple non-markup language, content format is humanized and easy to read, json serialization and deserialization speeds are fast, so that json can be processed by smaller and lighter codes, json is more suitable for message transmission for being compatible with platforms easily), namely, a special standard communication language is arranged between a main target range and a sub target range, and the standardization of command issuing can be improved, and the safety of data transmission can be improved.
As an example, the data synchronization command may be manually entered online, or may be periodically triggered as set in the main firing range.
In this embodiment, the step of obtaining the data synchronization command issued by the main target field includes:
step A1: based on the target range ID of the self and the engineering ID of the corresponding engineering, reading a corresponding data synchronization command from a preset message queue;
in this embodiment, there are a plurality of sub-ranges, each sub-range is correspondingly provided with a range ID, each sub-range is deployed with at least one project, and each project is correspondingly provided with a project ID.
In this embodiment, the data synchronization command is previously built in the main firing range based on the preset to-be-synchronized content of the corresponding project in the sub firing range, the firing range ID of the sub firing range, and the project ID of the corresponding project, and written into the preset message queue.
As an example, after the main shooting range builds a data synchronization command based on the preset to-be-synchronized content of the corresponding project in the sub shooting range, the shooting range ID of the sub shooting range and the project ID of the corresponding project, the data synchronization command is written into the preset message queue for reading by the sub shooting range.
As one example, the message processing module primarily distributes and processes commands. The data synchronous command can be issued by adopting a producer-consumer model (a message publishing-subscribing system), the main target range (producer) is responsible for sending the data synchronous command to a corresponding preset message queue (corresponding theme), and the sub target range receives the data synchronous command by reading the preset message queue (the consumer receives the message by subscribing the related theme), so that asynchronous and efficient processing of the command can be realized.
As an example, the preset message queue may be a Kafka message queue (first-in first-out queue), the command stored in the queue may be written in json or yaml format, the data form of the stored command may be a key-value form, the key includes a range ID of the target range and a queue name formed by an engineering ID of the corresponding engineering, the value includes preset to-be-synchronized content described by a structured language, so that the target range is conveniently and quickly located to a data synchronization command corresponding to the target range (the corresponding data synchronization command is read from the preset message queue according to the range ID of the target range and the engineering ID of the corresponding engineering, and the preset to-be-synchronized content in the data synchronization command is obtained by locating, and the adoption of the first-in first-out message queue can ensure efficient reading of the data synchronization command, ensure the order of the target range when the data synchronization command is read, and facilitate management of the data synchronization command.
As an example, the preset to-be-synchronized content may be determined based on the data integrity of each shooting range project during the project deployment process.
Step S20: and opening a data transmission channel between the main shooting range and the data synchronization command, and performing data synchronization with the main shooting range through the data transmission channel.
As an example, because network isolation exists between the separate ranges, the data of the separate ranges cannot be synchronized online, so that the data can be synchronized through a proprietary data transmission channel, the network architecture of the separate ranges is not affected, and the security of the data transmission can be ensured by using the proprietary data transmission channel.
As an example, based on the data synchronization command, a data transmission channel between the main shooting range and the sub shooting range is opened, that is, after the data synchronization command is received, the data transmission channel between the sub shooting range and the main shooting range can be directly opened, so that the efficiency of data synchronization is improved, or after the data synchronization command is received, the data transmission channel between the sub shooting range and the main shooting range is opened after the command is judged to be executed, so that the accuracy of the data synchronization command is ensured.
As an example, virtual machine tunnels (data transmission channels) may be constructed between the federal ranges by VPN technology (Ipsec VPN or SSL VPN), or ZTNA (Zero Trust Network Access ) between the ranges, thereby enabling network-secured interworking between the ranges.
In this embodiment, compared with the existing technology in which network isolation exists between the separate ranges, the data synchronization of the separate ranges cannot be performed online, and the purpose of data synchronization can be achieved by manually operating the separate ranges respectively; the data transmission channel between the sub-range and the main range is opened based on the data synchronization command, and the data synchronization is carried out between the sub-range and the main range through the data transmission channel, so that when the data synchronization command is received, a special data transmission channel is temporarily provided for data synchronization, the data synchronization can be automatically carried out based on the data synchronization command without manual operation, and the data synchronization efficiency is improved. The first-in first-out message queue can ensure the high-efficiency reading of the data synchronous command, ensure the ordering of the target ranges when the data synchronous command is read, and facilitate the management of the data synchronous command. And constructing a virtual tunnel (data transmission channel) between the ranges to realize network security intercommunication between the ranges.
Further, based on the foregoing embodiments of the present application, another embodiment of the present application is provided, in which the step of performing data synchronization with the main target range through the data transmission channel includes:
step B1: analyzing the data synchronous command to obtain the type of the data synchronous command, wherein the type of the data synchronous command comprises engineering initialization, engineering updating and configuration file issuing;
as an example, in the process of constructing the data synchronization command in the main shooting range in advance based on the preset to-be-synchronized content of the corresponding project in the sub shooting range, the shooting range ID of the sub shooting range, and the project ID of the corresponding project in the main shooting range, the type identifier may be added to the data synchronization command based on the preset to-be-synchronized content.
Specifically, the content to be synchronized includes engineering update content, engineering initialization content, configuration files, and the like.
Specifically, based on the content to be synchronized, an update identifier, an initialization identifier, or a configuration identifier can be added to the data synchronization command.
As an example, the type identification (update, initialization, etc.) of different data sync commands may be described by a cmdType field.
As an example, the data synchronization command is parsed to obtain the type of the data synchronization command and the preset content to be synchronized, so that the type of the command can be quickly identified according to the shooting range, different preset content to be synchronized can be quickly synchronized based on the command type, and the data synchronization speed is improved.
As an example, the preset content to be synchronized may be manually determined online, or may be periodically synchronized content set in advance in the main shooting range.
Step B2: and based on the type of the data synchronization command, synchronizing the preset content to be synchronized with the main shooting range through the data transmission channel.
As an example, if the type of the data synchronization command is update, a program that is not the latest version may be pre-located to increase the update speed (update verification speed, update confirmation speed, etc.), or whether the current version is the latest version may be pre-detected (if all are the latest versions, the update command is not executed, specific viewing of the preset content to be synchronized is not required, and the data synchronization efficiency is improved), etc., which is not limited herein. If the type of the data synchronization command is initialized, whether the current project is initialized or not can be detected in advance, and if the current project is partially initialized, the current project is positioned to a program which is not initialized in advance so as to improve the data synchronization efficiency.
As an example, the synchronization manner of the preset content to be synchronized may be determined based on the type of the data synchronization command, and then the synchronization of the preset content to be synchronized with the main shooting range through the data transmission channel may be performed by using the synchronization manner.
In this embodiment, the types of the data synchronization command include engineering initialization, engineering update, and configuration file distribution.
In this embodiment, the type of the data synchronization command may further include a configuration file update or an engineering deletion.
As an example, the type (update, initialization or configuration, etc.) of the data synchronization command is determined by parsing the type identifier of the data synchronization command, and if the type is update, the synchronization mode is to copy the delta file of the content to be synchronized in the main shooting range. If the type is configuration, the synchronization mode is to assign a value to the parameters of the content to be synchronized and/or enable certain functions and the like.
As an example, the data synchronization module is used for data synchronization, and the data is efficiently and quickly synchronized by matching the incremental synchronization method with the data transmission channels between the targets.
In this embodiment, the step of performing data synchronization with the main target range through the data transmission channel includes:
step C1: if the type of the data synchronization command is engineering update, comparing a first engineering file corresponding to the preset to-be-synchronized content in the main shooting range with a second engineering file corresponding to the preset to-be-synchronized content locally to obtain a comparison result;
as an example, if the type of the data synchronization command is engineering update, comparing a first engineering file corresponding to the preset to-be-synchronized content in the main shooting range with a second engineering file corresponding to the preset to-be-synchronized content locally to obtain a comparison result. Specifically, the hash value of the first file corresponding to the first engineering file locally to be synchronized (the hash is a value obtained by logic operation according to the data of the content of the file, the hash values obtained by different files are different) may be compared with the hash value of the second file corresponding to the second engineering file in the main shooting range to determine whether the hash value of the second file is consistent with the hash value of the second file corresponding to the content to be synchronized; the method can also compare the preset first file time stamp of the local corresponding file of the content to be synchronized with the preset second file time stamp of the corresponding file of the content to be synchronized in the main shooting range.
Step C2: and if the comparison result is inconsistent, synchronizing the incremental data in the first engineering file to the local.
As an example, if the comparison result is inconsistent, copying the incremental file of the file corresponding to the content to be synchronized in the main shooting range to the local; or if the preset first file time stamp is smaller than or larger than the preset second file time stamp, copying the increment file of the file corresponding to the content to be synchronized in the main shooting range to the local.
In this embodiment, after the step of parsing the data synchronization command to obtain the type of the data synchronization command and the preset content to be synchronized, the method further includes:
step S30: analyzing a plurality of data synchronous commands received simultaneously to obtain the execution priority of the plurality of data synchronous commands;
as an example, in order to prevent occurrence of a failure due to an execution order when a plurality of data synchronization commands (update commands or initialization and configuration commands of a plurality of parts, etc.) are received at the same time, an execution priority identification may be added in advance in the data synchronization commands. In particular, the execution priority may be identified in the structured description language by a cmdPriority field.
Step S40: and sequentially executing the plurality of data synchronous commands based on the execution priority.
As an example, if multiple data synchronization commands are received at the same time, the multiple data synchronization commands are parsed to obtain execution priorities of the multiple data synchronization commands, and the multiple data synchronization commands are executed in turn based on the execution priorities of the multiple data synchronization commands, so as to improve data synchronization efficiency and reduce occurrence of command execution errors.
In this embodiment, after the step of performing data synchronization with the main firing range through the data transmission channel, the method further includes:
step S50: and if the data synchronization is finished, sending feedback information of the data synchronization to the main target range so as to enable the main target range to send other data synchronization commands.
In this embodiment, if the data synchronization is finished, feedback information (may be a feedback signal or a data packet) of the data synchronization is sent to the main target, if the main target does not receive the feedback information within a certain time after sending the data synchronization command, the data synchronization command may be retransmitted, and if the feedback information is not received many times, a manager may be prompted to perform fault maintenance. And (3) realizing real-time fault monitoring of data synchronization, and if the feedback information is received by the main target range, issuing other data synchronization commands or ending the issuing of the data synchronization commands and the like.
In this embodiment, based on the type of the data synchronization command, the data synchronization manner is determined or preprocessed, so that different data synchronization methods can be provided for different types, or the data synchronization efficiency can be improved.
Further, based on the foregoing embodiments of the present application, another embodiment of the present application is provided, in which the step of opening a data transmission channel with the main target range based on the data synchronization command includes:
step D1: determining whether to execute the data synchronization command based on the type of the data synchronization command;
as an example, after receiving the data synchronization command, it is possible that the type of the data synchronization command is an engineering deletion command, and if the engineering deletion command contradicts other commands, the data synchronization command is not executed. Or if the received data synchronization command cannot be executed (support of other operations is required or has been executed, etc.), the data synchronization command is not executed.
Step D2: if the execution is determined, opening a VPN tunnel established between the local and the main target range through a preset data communication server;
as one example, the data channel management module is used to open, maintain, and close data transmission channels between the sub-ranges (between the main range and the sub-ranges); if the data synchronization command is determined to be executed, opening a VPN (Virtual Private Network ) tunnel established between the local and the main target range through a preset data communication server, specifically, if the current VPN tunnel is in an open state, data synchronization can be directly performed, and if the data synchronization command is not received within a preset period, the VPN tunnel is closed through the preset data communication server, so that the safety of data transmission is improved.
Specifically, VPN tunnels (data transmission channels) can be constructed between the ranges by VPN technology (Ipsec VPN or SSL VPN), and at least one data communication server is provided in each of the separate ranges to take charge of the external VPN function.
As an example, a tunnel is established between the local site and the main target site through VPN technology, and the transmission data is encrypted by using encryption technology to ensure the privacy and security of the data, so that different levels of quality of service assurance can be provided for different requirements. The forced tunnel can be established through the VPN, and the configuration and the creation of the data communication server supporting the VPN are realized, namely, if the data synchronization command is confirmed to be executed according to the target range, the data synchronization can be forcedly performed with the main target range through the data communication server without obtaining the response of the main target range, so that the data synchronization efficiency is improved.
As an example, vxLAN (Virtual eXtensible Local Area Network, virtual expansion lan) is adopted between different topology networks inside each separate target range to solve the problem that the existing VLAN technology cannot meet the requirements of the large two-layer network.
As an example, if the infrastructure such as a virtual machine and/or a physical machine in the sub-range is configured with the same vlan id as the infrastructure such as a virtual machine and/or a physical machine in the main range, VPN communication can be performed between any two or more infrastructures in the sub-range by the data communication server.
As an example, the VPN function of at least one data communication server provided between the local and the main firing range is opened in order to be able to process a plurality of data synchronization commands synchronously, or in order to support that the main firing range (one of the sub firing ranges) is able to synchronize data with a plurality of sub firing ranges simultaneously.
Step D3: and carrying out data synchronization with the main target range through the VPN tunnel.
As an example, after a VPN tunnel established between a local site and the main target site is opened through a preset data communication server, data synchronization with the main target site may be performed through the VPN tunnel.
In this embodiment, by establishing a VPN tunnel between the local site and the main target range, network isolation between the separate target ranges can be broken, so that not only is a data transmission function realized, but also data security and convenience of data synchronization are ensured.
Referring to fig. 4, fig. 4 is a schematic device structure diagram of a hardware running environment according to an embodiment of the present application.
As shown in fig. 4, the federal range-based data synchronization apparatus may include: a processor 1001, a memory 1005, and a communication bus 1002. The communication bus 1002 is used to enable connected communication between the processor 1001 and the memory 1005.
Optionally, the federal range-based data synchronization device may also include a user interface, a network interface, a camera, RF (Radio Frequency) circuitry, sensors, wiFi modules, and the like. The user interface may include a Display, an input sub-module such as a Keyboard (Keyboard), and the optional user interface may also include a standard wired interface, a wireless interface. The network interface may include a standard wired interface, a wireless interface (e.g., WI-FI interface).
It will be appreciated by those skilled in the art that the federal range based data synchronization device structure shown in fig. 4 is not limiting of federal range based data synchronization devices and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
As shown in fig. 4, an operating system, a network communication module, and a federal range-based data synchronization program may be included in the memory 1005 as a storage medium. The operating system is a program that manages and controls the federal farm-based data synchronization device hardware and software resources, supporting the federal farm-based data synchronization program and the execution of other software and/or programs. The network communication module is used to enable communication between components within the memory 1005 and other hardware and software in the federal range based data synchronization system.
In the federal range based data synchronization apparatus shown in fig. 4, a processor 1001 is configured to execute a federal range based data synchronization program stored in a memory 1005 to implement the steps of the federal range based data synchronization method described in any of the above.
The specific implementation manner of the data synchronization device based on the federal target range is basically the same as the above embodiments of the data synchronization method based on the federal target range, and is not repeated herein.
The application also provides a data synchronization device based on federal range, as shown in fig. 5, the device includes:
a command acquisition module 10, configured to acquire a data synchronization command issued by a main target range;
and the synchronization module 20 is used for opening a data transmission channel between the main shooting range and the main shooting range based on the data synchronization command and performing data synchronization with the main shooting range through the data transmission channel.
Optionally, in a possible embodiment of the present application, the command obtaining module 10 includes:
the command reading unit is used for reading the corresponding data synchronization command from the preset message queue based on the target range ID of the command reading unit and the project ID of the corresponding project;
the data synchronization command is built in the main shooting range in advance based on preset to-be-synchronized content of corresponding projects in the sub shooting ranges, shooting range IDs of the sub shooting ranges and project IDs of the corresponding projects, and is written into the preset message queue.
Optionally, in a possible embodiment of the present application, the synchronization module 20 includes:
the command analysis unit is used for analyzing the data synchronous command to obtain the type of the data synchronous command, wherein the type of the data synchronous command comprises engineering initialization, engineering update and configuration file issuing;
and the first data synchronization unit is used for synchronizing the preset content to be synchronized with the main shooting range through the data transmission channel based on the type of the data synchronization command.
Optionally, in a possible embodiment of the present application, the first data synchronization unit includes:
a comparison subunit, configured to compare a first engineering file corresponding to the preset to-be-synchronized content in the main shooting range with a second engineering file corresponding to the preset to-be-synchronized content locally if the type of the data synchronization command is engineering update, so as to obtain a comparison result;
and the data synchronization subunit is used for synchronizing the incremental data in the first engineering file to the local if the comparison result is inconsistent.
Optionally, in a possible embodiment of the present application, the synchronization module 20 further includes:
a type determining unit configured to determine whether to execute the data synchronization command based on a type of the data synchronization command;
the tunnel opening unit is used for opening a VPN tunnel established between the local and the main target range through a preset data communication server if the execution is determined;
and the second data synchronization unit is used for performing data synchronization with the main target range through the VPN tunnel.
Optionally, in a possible implementation manner of the present application, after the step of parsing the data synchronization command to obtain the type of the data synchronization command and the preset content to be synchronized, the apparatus further includes:
the command analysis module is used for analyzing the plurality of data synchronous commands received simultaneously to obtain the execution priority of the plurality of data synchronous commands;
and the command execution module is used for sequentially executing the plurality of data synchronization commands based on the execution priority.
Optionally, in a possible implementation manner of the present application, after the step of performing data synchronization with the main target range through the data transmission channel, the apparatus further includes:
and the information feedback module is used for sending feedback information of the data synchronization end to the main shooting range if the data synchronization is ended, so that the main shooting range can send other data synchronization commands.
The specific implementation manner of the data synchronization device based on the federal target range is basically the same as the above embodiments of the data synchronization method based on the federal target range, and is not repeated herein.
The present application further provides a storage medium having stored thereon a federal range based data synchronization program which when executed by a processor implements the steps of the federal range based data synchronization method as set forth in any one of the preceding claims.
The specific implementation manner of the storage medium is basically the same as the above embodiments of the data synchronization method based on the federal range, and will not be described herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above, including several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method described in the embodiments of the present application.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the claims, and all equivalent structures or equivalent processes using the descriptions and drawings of the present application, or direct or indirect application in other related technical fields are included in the scope of the claims of the present application.
Claims (10)
1. A federal range-based data synchronization method, characterized by being applied to a sub-range in the federal range, the federal range further comprising a main range, the federal range-based data synchronization method comprising the steps of:
acquiring a data synchronization command issued by the main target field;
and opening a data transmission channel between the main shooting range and the data synchronization command, and performing data synchronization with the main shooting range through the data transmission channel.
2. The federal based data synchronization method according to claim 1, wherein there are a plurality of sub-ranges, each sub-range is provided with a range ID, each sub-range is deployed with at least one project, and each project is provided with a project ID;
the step of obtaining the data synchronization command issued by the main target field comprises the following steps:
based on the target range ID of the self and the engineering ID of the corresponding engineering, reading a corresponding data synchronization command from a preset message queue;
the data synchronization command is built in the main shooting range in advance based on preset to-be-synchronized content of corresponding projects in the sub shooting ranges, shooting range IDs of the sub shooting ranges and project IDs of the corresponding projects, and is written into the preset message queue.
3. The federal range-based data synchronization method according to claim 2, wherein the step of data synchronizing with the main range through the data transmission channel comprises:
analyzing the data synchronous command to obtain the type of the data synchronous command, wherein the type of the data synchronous command comprises engineering initialization, engineering updating and configuration file issuing;
and based on the type of the data synchronization command, synchronizing the preset content to be synchronized with the main shooting range through the data transmission channel.
4. A federal firing range based data synchronization method according to claim 3, wherein the step of synchronizing the preset content to be synchronized with the main firing range through the data transmission channel based on the type of the data synchronization command comprises:
if the type of the data synchronization command is engineering update, comparing a first engineering file corresponding to the preset to-be-synchronized content in the main shooting range with a second engineering file corresponding to the preset to-be-synchronized content locally to obtain a comparison result;
and if the comparison result is inconsistent, synchronizing the incremental data in the first engineering file to the local.
5. A federal range-based data synchronization method according to claim 3, wherein the step of opening a data transmission channel with the main range based on the data synchronization command comprises:
determining whether to execute the data synchronization command based on the type of the data synchronization command;
if the execution is determined, opening a VPN tunnel established between the local and the main target range through a preset data communication server;
and carrying out data synchronization with the main target range through the VPN tunnel.
6. The federal range-based data synchronization method according to claim 1, wherein after the step of parsing the data synchronization command to obtain the type of the data synchronization command and the preset content to be synchronized, the method further comprises:
analyzing a plurality of data synchronous commands received simultaneously to obtain the execution priority of the plurality of data synchronous commands;
and sequentially executing the plurality of data synchronous commands based on the execution priority.
7. The federal range-based data synchronization method according to claim 1, wherein after the step of data synchronizing with the main range via the data transmission channel, the method further comprises:
and if the data synchronization is finished, sending feedback information of the data synchronization to the main target range so as to enable the main target range to send other data synchronization commands.
8. A federal range-based data synchronization apparatus, the apparatus comprising:
the command acquisition module is used for acquiring a data synchronization command issued by the main shooting range;
and the synchronization module is used for opening a data transmission channel between the main shooting range and the data transmission channel based on the data synchronization command and performing data synchronization between the main shooting range and the data transmission channel.
9. A federal range-based data synchronization apparatus, the apparatus comprising: a memory, a processor, and a federal range based data synchronization program stored on the memory and executable on the processor, the federal range based data synchronization program configured to implement the steps of the federal range based data synchronization method of any one of claims 1 to 7.
10. A storage medium having stored thereon a federal range based data synchronization program which when executed by a processor performs the steps of the federal range based data synchronization method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310522968.XA CN116319835B (en) | 2023-05-10 | 2023-05-10 | Data synchronization method, device, equipment and storage medium based on federal range |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310522968.XA CN116319835B (en) | 2023-05-10 | 2023-05-10 | Data synchronization method, device, equipment and storage medium based on federal range |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116319835A true CN116319835A (en) | 2023-06-23 |
| CN116319835B CN116319835B (en) | 2023-08-25 |
Family
ID=86781719
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310522968.XA Active CN116319835B (en) | 2023-05-10 | 2023-05-10 | Data synchronization method, device, equipment and storage medium based on federal range |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116319835B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6247135B1 (en) * | 1999-03-03 | 2001-06-12 | Starfish Software, Inc. | Synchronization process negotiation for computing devices |
| CN114363402A (en) * | 2021-12-16 | 2022-04-15 | 绿盟科技集团股份有限公司 | Target range interconnection method, system and electronic equipment |
| CN114500623A (en) * | 2022-01-17 | 2022-05-13 | 北京永信至诚科技股份有限公司 | Network target range interconnection and intercommunication method, device, equipment and readable storage medium |
-
2023
- 2023-05-10 CN CN202310522968.XA patent/CN116319835B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6247135B1 (en) * | 1999-03-03 | 2001-06-12 | Starfish Software, Inc. | Synchronization process negotiation for computing devices |
| CN114363402A (en) * | 2021-12-16 | 2022-04-15 | 绿盟科技集团股份有限公司 | Target range interconnection method, system and electronic equipment |
| CN114500623A (en) * | 2022-01-17 | 2022-05-13 | 北京永信至诚科技股份有限公司 | Network target range interconnection and intercommunication method, device, equipment and readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 徐国天;: "面向取证能力提升的网络靶场训练系统构建", 警察技术, no. 03 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116319835B (en) | 2023-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10392823B2 (en) | Synthetic client | |
| CN110602087B (en) | Intelligent screen projection method and device, intelligent terminal and server | |
| EP3439246B1 (en) | Service deployment method and apparatus, and network element | |
| US6134514A (en) | Large-scale network simulation method and apparatus | |
| CN111865736B (en) | Equipment control method and device | |
| WO2017215446A1 (en) | Configuration information notification method, configuration method and corresponding device for interface expansion apparatus | |
| EP4032207B1 (en) | State machine handling at a proxy node in an ethernet-based fronthaul network | |
| US10491628B2 (en) | Attack observation apparatus and attack observation method | |
| CN111200837B (en) | Wi-Fi software testing system and method | |
| CN109284140B (en) | Configuration method and related equipment | |
| EP3122008A1 (en) | Cloud desktop pushing method and system, pushing end and receiving end | |
| US10997376B2 (en) | Electronic message translation management | |
| WO2022267175A1 (en) | Information processing method and apparatus, and computer device and storage medium | |
| CN105388861A (en) | Method and system for controlling devices in internet of things | |
| CN102164312A (en) | Set-top box configuration method and system for Internet protocol television | |
| CN111885174B (en) | Method and system for processing nodes in different network segments | |
| CN111464646B (en) | Information processing method, information processing apparatus, electronic device, and medium | |
| CN105391612B (en) | A kind of method and device of VXLAN VTEP adjoinings study | |
| US20200228478A1 (en) | Electronic message control | |
| CN116319835B (en) | Data synchronization method, device, equipment and storage medium based on federal range | |
| US11653417B2 (en) | Upgrading access points | |
| Keranidis et al. | Experimentation on end-to-end performance aware algorithms in the federated environment of the heterogeneous PlanetLab and NITOS testbeds | |
| CN105897476B (en) | A kind of method and device creating transmission channel | |
| CN115065897A (en) | OLT equipment configuration method, device, equipment and readable storage medium | |
| CN109429205A (en) | A kind of narrowband Internet of Things upgrade method and device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |