CN102833261A - Improved network topology structure of directory service system - Google Patents
Improved network topology structure of directory service system Download PDFInfo
- Publication number
- CN102833261A CN102833261A CN2012103236445A CN201210323644A CN102833261A CN 102833261 A CN102833261 A CN 102833261A CN 2012103236445 A CN2012103236445 A CN 2012103236445A CN 201210323644 A CN201210323644 A CN 201210323644A CN 102833261 A CN102833261 A CN 102833261A
- Authority
- CN
- China
- Prior art keywords
- equipment
- server
- access gateway
- netware
- topology structure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an improved network topology structure of a directory service system. The improved network topology structure comprises an identity server and an access gateway server; both the identity server and the access gateway server are connected with an internal exchanger; the internal exchanger is divided into two independent network segments, namely VLAN 1 and VLAN 2, wherein the VLAN 1 is used for providing the load balancing to the access gateway server, and the VLAN 2 is used for providing the load balancing to the identity server; F5 equipment is used for providing a load service for both network segments VLAN 1 and VLAN 2; and both internal exchanger and the F5 equipment are connected with an upper exchanger. Through a network transformation, a mode that the directory service access management server is directly accessed into the F5 equipment is changed as a bypass mode, therefore, the directory service access management server is accessed into a secondary exchanger and is then connected onto the F5 equipment through the secondary exchanger to realize the load balancing, and a single-point hidden trouble of the F5 equipment of the directory service access management is solved to support further expansion of the server.
Description
Technical field
The present invention relates to a kind of NetWare directory services NetWare, especially a kind of improved NetWare directory services NetWare network topology structure.
Background technology
Directory services access management service cluster (AM; Access Manager) is the unified inlet of directory service unified identity authentication, access control, single-sign-on; Comprise access gateway server (AG, Access Gateway) and authentication server (IDS, Identity Server).
In traditional access information management based on http protocol, the access gateway server directly is connected with separate unit F5 equipment with authentication server, realizes load balancing, and is as shown in Figure 3.But there are 2 potential safety hazards in this direct access way: there is single-point hidden danger in (1): because F5 equipment is connected with the catalog system server apparatus, unusual if F5 equipment occurs, meeting directly influence the availability of catalog system; During recovery system, need to adopt manual mode that the catalog system access management server is switched to subsequent use F5 equipment, and in handoff procedure, NetWare directory services NetWare just can not externally provide service, influences the use of operation system; (2) extendible capacity property is poor: because the catalog system number of servers of the F5 equipment second line of a couplet receives the restriction of F5 equipment physical interface quantity; When the NetWare directory services NetWare visit capacity increases; When existing server can not satisfy the ever-increasing dilatation demand of system; And catalog system overall server quantity can not surpass F5 equipment physical interface quantity, and causes system extendible capacity property is poor.
Summary of the invention
The technical problem that the present invention will solve provides a kind of improved NetWare directory services NetWare network topology and bypass cut-in method thereof, solved the F5 single-point hidden danger that the directory services access management exists, and provides support for server expansion from now on.
For solving the problems of the technologies described above, the technical scheme that the present invention taked is: a kind of improved NetWare directory services NetWare network topology structure comprises authentication server and access gateway server; Authentication server all is connected with the inner exchanging machine with the access gateway server; The inner exchanging machine is divided into two independently network segment VLAN1 and VLAN2; Wherein, VLAN1 provides load balancing for the access gateway server, and VLAN2 is that authentication server provides load balancing; F5 equipment is that two network segment VLAN1 and VLAN2 provide the load service; The inner exchanging machine all is connected with last layer switch with F5 equipment.
Wherein, Said authentication server externally provides the address of service and address that the access gateway server externally provides service all to be arranged on the F5 equipment; And the gateway of authentication server and access gateway server all is made as the address of F5 equipment, by the corresponding data flow of F5 device forwards.
Wherein, the said layer switch of going up is connected with client through network cloud.
Wherein, said F5 equipment comprises main F5 equipment and the subsequent use F5 equipment that adopts the Two-node Cluster Deployment pattern.
Adopt the beneficial effect that technique scheme produced to be: the present invention has following technical characterstic: (1) has solved the F5 equipment single-point hidden danger that the directory services access management exists: under direct-connected deployment mode; The server single-point connects into F5 equipment; The probability of F5 device fails about 0.001%; After changing to bypass, server and F5 equipment do not have the physical connection relation, and two F5 two-shippers can provide load balancing service for server simultaneously; Any one breaks down and can not influence existing service; The probability that two F5 equipment breaks down simultaneously is 0.001%*0.001=0.000001%, therefore, will reduce by 1000 times owing to the unavailable probability of the service that the F5 equipment fault causes; (2) provide support for server expansion from now on: under direct-connected deployment mode, but F5 equipment load number of servers depends on the physical port of equipment, and the physical port that provides of F5 equipment is 8 at present, but corresponding load number of servers n=8; After changing the bypass deployment mode into, but the load number of servers depends on bandwidth, and 8 ports can bundle, when using shared bandwidth and be no more than 8000Mbps, but the n=+ of load number of servers in theory ∞; (3) accomplish the transformation of directory services access management system network through the mode of dividing VLAN, saved resource to greatest extent.
In a word; The present invention is through the network rebuilding, and the pattern that the directory services access management server is directly inserted F5 equipment changes bypass mode into, is about to the directory access management server and inserts Layer 2 switch; Be connected on the F5 equipment through Layer 2 switch, realize load balancing.Solved the F5 equipment single-point hidden danger that the directory services access management exists, and provided support for server expansion from now on.
Description of drawings
Fig. 1 is a NetWare directory services NetWare network topological diagram of the present invention;
Fig. 2 is the network topological diagram that adopts built-in switchboard direct connection mode;
Fig. 3 is prior art Access Management Access and authentication server network topology structure figure.
Embodiment
Below in conjunction with accompanying drawing and embodiment the present invention is done further detailed explanation.
Be illustrated in figure 1 as NetWare directory services NetWare network topological diagram of the present invention, adopt rete mirabile bypass mode access management server cluster.NetWare directory services NetWare network topology structure of the present invention; Comprise authentication server and access gateway server; Among the figure; Authentication server IDS3-IDS6, SSL_IDS1, SSL_IDS2 are divided into the authentication server cluster, and access gateway server A G3-AG6, SSL_AG1, SSL_AG2 are divided into the access gateway server cluster; Authentication server all is connected with the inner exchanging machine with the access gateway server; The inner exchanging machine is divided into two independently network segment VLAN1 and VLAN2; Wherein, VLAN1 provides load balancing for the access gateway server, and VLAN2 is that authentication server provides load balancing; Authentication server externally provides the address of service and address that the access gateway server externally provides service all to be arranged on the F5 equipment; And the gateway of authentication server and access gateway server all is made as the address of F5 equipment, by the corresponding data flow of F5 device forwards; F5 equipment comprises main F5 equipment and the subsequent use F5 equipment that adopts the Two-node Cluster Deployment pattern, i.e. F5 A machine among Fig. 1 and F5 B machine, and F5 equipment is that two network segment VLAN1 and VLAN2 provide the load service; The inner exchanging machine all is connected with last layer switch with F5 equipment, and last layer switch is connected with client through network cloud
Directory services access management system bypass access module implementation procedure of the present invention is following:
Step 1: authentication server cluster and access gateway server cluster to Access Management Access are divided;
Step 2: use inner exchanging machine mode, switch is marked off two independently network segment VLAN1 and VLAN2; These two independently network segment VLAN1 and VLAN2, one is special in the authentication server cluster provides load balancing, and another provides load balancing for the access gateway server cluster specially.
Step 3: each network segment all has the F5 equipment of Two-node Cluster Deployment pattern, and the network segment that is respectively different provides the load service, and authentication server is deployed in the 10.122.1.0/24 network segment at present, and the access gateway department server is deployed in the 10.122.6.0/24 network segment.
Step 4: authentication server externally provides the address setting of service on F5 equipment, to be 10.122.1.132/32, and the access gateway server externally provides the address setting of service on F5 equipment, to be 10.122.6.116/32.
Step 5: the gateway of authentication server and access gateway server all is made as the F5 device address, transmits corresponding data flow by F5.
Step 6:, stop client to walk around each server communication of the direct Access Management Access of four layer switch through the setting of fire compartment wall between different segment.
Step 7: force client through F5 device access authentication server and access gateway server through fire compartment wall; The address of service promptly is provided with visit F5 equipment only; Address that cannot the accesses identity certificate server in like manner forces also must interconnect through F5 equipment between access gateway server cluster and the authentication server cluster.
The present invention adopts the Two-node Cluster Deployment pattern of main F5 equipment and subsequent use F5 equipment, and after main F5 equipment was delayed machine, subsequent use F5 equipment work guaranteed that network still is communicated with; This design had both guaranteed the two-node cluster hot backup function of F5 server, solved Single Point of Faliure completely, and the expansion of directory access management server after also being convenient to.
Be illustrated in figure 2 as the network topological diagram that adopts built-in switchboard direct connection mode.Among the figure, authentication server cluster and access gateway server cluster pass through independently inner exchanging machine access F5 equipment respectively, and F5 equipment is connected with last layer switch.Wherein, respectively having two with the inner exchanging machine that the authentication server cluster is connected with the access gateway server cluster respectively, is in order to improve reliability; F5 equipment also adopts the main F5 equipment and the subsequent use F5 equipment of Two-node Cluster Deployment pattern; F5 A machine and F5 B machine in promptly scheming; This design had both guaranteed the two-node cluster hot backup function of F5 equipment, solved Single Point of Faliure completely, and the expansion of directory access management server after also being convenient to.
But, because said structure need adopt four switches, consider that the fault frequency of occurrences of switch is less, can simplified design, adopt structure as shown in Figure 1.
Claims (4)
1. improved NetWare directory services NetWare network topology structure comprises authentication server and access gateway server; It is characterized in that: authentication server all is connected with the inner exchanging machine with the access gateway server; The inner exchanging machine is divided into two independently network segment VLAN1 and VLAN2; Wherein, VLAN1 provides load balancing for the access gateway server, and VLAN2 is that authentication server provides load balancing; F5 equipment is that two network segment VLAN1 and VLAN2 provide the load service; The inner exchanging machine all is connected with last layer switch with F5 equipment.
2. improved NetWare directory services NetWare network topology structure according to claim 1; It is characterized in that: said authentication server externally provides the address of service and address that the access gateway server externally provides service all to be arranged on the F5 equipment; And the gateway of authentication server and access gateway server all is made as the address of F5 equipment, by the corresponding data flow of F5 device forwards.
3. improved NetWare directory services NetWare network topology structure according to claim 1 is characterized in that: the said layer switch of going up is connected with client through network cloud.
4. improved NetWare directory services NetWare network topology structure according to claim 1 is characterized in that: said F5 equipment comprises main F5 equipment and the subsequent use F5 equipment that adopts the Two-node Cluster Deployment pattern.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103236445A CN102833261A (en) | 2012-09-05 | 2012-09-05 | Improved network topology structure of directory service system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103236445A CN102833261A (en) | 2012-09-05 | 2012-09-05 | Improved network topology structure of directory service system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102833261A true CN102833261A (en) | 2012-12-19 |
Family
ID=47336231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012103236445A Pending CN102833261A (en) | 2012-09-05 | 2012-09-05 | Improved network topology structure of directory service system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102833261A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107229492A (en) * | 2017-05-17 | 2017-10-03 | 东软集团股份有限公司 | Installation method, device, system, storage medium and the equipment of server system |
| CN107809384A (en) * | 2017-11-01 | 2018-03-16 | 携程旅游网络技术(上海)有限公司 | The route distribution method of terminal device, device, electronic equipment, storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101207561A (en) * | 2006-12-22 | 2008-06-25 | 华为技术有限公司 | Cluster manager, cluster system as well as cluster managing method |
| CN101667937A (en) * | 2008-09-02 | 2010-03-10 | 华为技术有限公司 | Method for realizing disaster recovery of data service equipment, data service equipment and data service systems |
| WO2011045297A1 (en) * | 2009-10-14 | 2011-04-21 | Alcatel Lucent | Management of a communication device via a telecommunications network |
| US20120117379A1 (en) * | 2010-11-04 | 2012-05-10 | F5 Networks, Inc. | Methods for handling requests between different resource record types and systems thereof |
| CN102624916A (en) * | 2012-03-26 | 2012-08-01 | 华为技术有限公司 | Method, node manager and system for load balancing in cloud computing system |
-
2012
- 2012-09-05 CN CN2012103236445A patent/CN102833261A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101207561A (en) * | 2006-12-22 | 2008-06-25 | 华为技术有限公司 | Cluster manager, cluster system as well as cluster managing method |
| CN101667937A (en) * | 2008-09-02 | 2010-03-10 | 华为技术有限公司 | Method for realizing disaster recovery of data service equipment, data service equipment and data service systems |
| WO2011045297A1 (en) * | 2009-10-14 | 2011-04-21 | Alcatel Lucent | Management of a communication device via a telecommunications network |
| US20120117379A1 (en) * | 2010-11-04 | 2012-05-10 | F5 Networks, Inc. | Methods for handling requests between different resource record types and systems thereof |
| CN102624916A (en) * | 2012-03-26 | 2012-08-01 | 华为技术有限公司 | Method, node manager and system for load balancing in cloud computing system |
Non-Patent Citations (3)
| Title |
|---|
| F5网络公司: "《电力行业GIS/MIS负载均衡》", 《GIS-MIS-LOAD-BALANCING》 * |
| 喻殿云: "《负载均衡在企业网络中的应用研究》", 《中国优秀硕士学位论文全文数据库》 * |
| 许红果等: "《集群和负载均衡技术在省级数据集中的应用研究》", 《计算机工程与设计》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107229492A (en) * | 2017-05-17 | 2017-10-03 | 东软集团股份有限公司 | Installation method, device, system, storage medium and the equipment of server system |
| CN107809384A (en) * | 2017-11-01 | 2018-03-16 | 携程旅游网络技术(上海)有限公司 | The route distribution method of terminal device, device, electronic equipment, storage medium |
| CN107809384B (en) * | 2017-11-01 | 2020-05-29 | 携程旅游网络技术(上海)有限公司 | Route distribution method and device of terminal equipment, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11902086B2 (en) | Method and system of a dynamic high-availability mode based on current wide area network connectivity | |
| EP2433395B1 (en) | Achieving about an equal number of active links across chassis in a virtual port-channel environment | |
| CN110798811B (en) | Formation unmanned aerial vehicle communication mode, control method, passive relay information transmission method and application | |
| CN111245747B (en) | Networking method for data center network and data center network | |
| CN104202409B (en) | The SSL VPN devices group system and its method of work of a kind of load balancing | |
| CN102984057B (en) | A kind of Multi-service integration dual-redundancy network system | |
| CN101820358A (en) | The Ethernet optical-fibre channel of high usage and multichannel | |
| CN104639464A (en) | System and method for realizing cross-interchanger link aggregation on OpenFlow interchanger | |
| CN108075825B (en) | SDN-based multi-controller failure processing method for space-based information network | |
| CN102255633B (en) | A kind of method and system of multi-stand user backup | |
| CN104683015A (en) | Unmanned aerial vehicle ground station bus system | |
| CN103095569A (en) | Hot disaster tolerance wide area network framework with high redundancy and low cost and achieving method thereof | |
| CN206559565U (en) | Terminal communication access network EPON ring-shaped network structures | |
| CN105391651B (en) | Virtual optical network multi-layer resource convergence method and system | |
| CN104580502A (en) | Method for achieving load balance dual-unit hot standby | |
| CN107846318A (en) | A kind of distributed type assemblies and distributed type assemblies management method | |
| CN104753707A (en) | System maintenance method and network switching equipment | |
| CN115766335A (en) | Networking system for sharing technical research result information | |
| CN105610555B (en) | A kind of practical system-level redundancy communication network framework | |
| CN114900389A (en) | Data center wide area network networking system and wide area network virtual access method | |
| CN104113434B (en) | A kind of data center network redundancy control apparatus using multiple cases group system | |
| CN108966368B (en) | Networking method and system of LTE private network in public security field | |
| CN102833261A (en) | Improved network topology structure of directory service system | |
| CN103534985B (en) | Service load allocating method, apparatus and communication system | |
| CN101895444A (en) | Dual system of ATCA blade server, connection method and test method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: INFORMATION AND COMMUNICATION BRANCH OF STATE GRID Free format text: FORMER OWNER: HEBEI ELECTRIC POWER CORPORATION HEBEI ELECTRIC POWER CORPORATION INFORMATION COMMUNICATION BRANCH Effective date: 20150114 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20150114 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: Information Communication Branch, State Grid Hebei Electric Power Co., Ltd. Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: Hebei Electric Power Corporation Applicant before: Hebei Electric Power Corporation Information Communication Branch |
|
| C05 | Deemed withdrawal (patent law before 1993) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20121219 |