CN102857475A - Firewall virtualization processing system - Google Patents
Firewall virtualization processing system Download PDFInfo
- Publication number
- CN102857475A CN102857475A CN2011101807118A CN201110180711A CN102857475A CN 102857475 A CN102857475 A CN 102857475A CN 2011101807118 A CN2011101807118 A CN 2011101807118A CN 201110180711 A CN201110180711 A CN 201110180711A CN 102857475 A CN102857475 A CN 102857475A
- Authority
- CN
- China
- Prior art keywords
- fire compartment
- compartment wall
- physical server
- physical
- firewall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a firewall virtualization processing system which comprises a physical firewall and a plurality of physical servers. The physical firewall is respectively connected with the plurality of physical servers, the physical firewall is provided with Xen virtual machine software, the three physical servers comprise a first physical server, a second physical server and a third physical server, and each of the physical servers is provided with a virtual background program. Compared with firewall virtualization processing systems, the firewall virtualization processing system has the advantages that the physical firewall is logically divided into a plurality of logical firewalls by means of a virtual technology.
Description
Technical field
The present invention relates to a kind of internet security correlation technique, especially relate to a kind of virtualization of fire compartment wall treatment system.
Background technology
Be referred to as " the cloud computing development first year " in 2010, cloud computing is considered to the third technical revolution of the Internet.According to the development of cloud computing, emerge a lot of cloud computing products in market, " cloud main frame " and " cloud storage " is the core product of cloud computing IaaS (architecture is namely served), also is the core architecture basic-level support of cloud computing development.Its core technology is Intel Virtualization Technology, virtually can make the traditional server hardware device, fictionalize many cover logic hardware, in the many covers of virtual unit operation operating system, so that the traditional hardware utilization rate rises to 50%-70% from 5%-30%, the centralized stores pattern of cloud storage, the information centralization that also is.For the interconnected application that brings has been contained, resilient expansion, resource optimization, mass memory, high stability, the multiple advantage such as use as required.
But its defective is also particularly evident, and cloud computing be unable to do without the Internet, does not have the Internet, and cloud computing is not known where to begin.The cloud computing basis is the extension of Internet technology so, and network security problem is undoubtedly the key application problem.But because hardware is virtual, physical network card also has been virtualized.Come the on-premise network framework according to the conventional architectures theory, fire compartment wall originally, because virtual increase and cause the quantity of fire compartment wall to explode, security protection, the neither one client can be ready the mechanism accepting to share, basic demand must be fully independently to control.So the value that the virtual value of fire compartment wall embodies is thus well imagined.
Cloud computing technology is greatly developed, the transition that will certainly cause conventional I DC trustship business. my company is along with network technology is reformed, fast response, in October, 2010, the IaaS cloud host service of reaching the standard grade, find that in the operation process cloud computing product that architecture is namely served can substitute traditional IDC trusteeship service really.The work that all hardware server can be finished, the cloud main frame can be competent at, and also more reliable than traditional physical server on stability.But network security problem is one of key problem of internet, applications.Because the change of the network architecture, so that the legacy network security architecture is difficult to realize at the cloud main frame.How does the quick emergence of cloud computing also so that the enterprise that provides IaaS to serve is more and more, lead over the industry average level in the IaaS field? the network security problem that solves the cloud host application becomes the core work of research and development department of company.
According to the cloud computing technology core: virtual main points, so that virtualized server hardware obtains the legacy network security architecture, must realize the virtual of hardware firewall.
Summary of the invention
Purpose of the present invention is exactly to provide a kind of virtualization of fire compartment wall treatment system for the defective that overcomes above-mentioned prior art existence.
Purpose of the present invention can be achieved through the following technical solutions:
A kind of virtualization of fire compartment wall treatment system is characterized in that, comprises physics fire compartment wall, many physical servers, and described physics fire compartment wall is connected with many physical servers respectively.
Described physics fire compartment wall is provided with 2~100 network interfaces.
Described network interface is the gigabit networking interface.
Described physics fire compartment wall is the physics fire compartment wall that the Xen software virtual machine is housed.
Described physical server is provided with three, is respectively the first physical server, the second physical server, the 3rd physical server, and every physical server is the server that virtual background program is housed.
Described the first physical server is the physical server that the Xen software virtual machine is housed, described the second physical server is the physical server that the VMware software virtual machine is housed, and described the 3rd physical server is the physical server that the Hyper software virtual machine is housed.
Every physical server all can fictionalize 2~10 virtual machines.
Compared with prior art, the present invention has the physics fire compartment wall by Intel Virtualization Technology, reaches a firewall logic and is divided into many logic fire compartment walls, and each virtual firewall independence control, independent architecture, independently satisfy every network safety prevention demand.
Description of drawings
Fig. 1 is structural representation of the present invention.
Embodiment
The present invention is described in detail below in conjunction with the drawings and specific embodiments.
Embodiment
As shown in Figure 1, a kind of virtualization of fire compartment wall treatment system comprises physics fire compartment wall 1, many physical servers, and described physics fire compartment wall 1 is connected with many physical servers respectively.Described physics fire compartment wall 1 is provided with 3 network interfaces, and described network interface is the gigabit networking interface.Described physics fire compartment wall is the physics fire compartment wall that the Xen software virtual machine is housed.
Described physical server is provided with three, is respectively the first physical server 2, the second physical server 3, the 3rd physical server 4, and every physical server is the server that virtual background program is housed.Described the first physical server 2 is for being equipped with the physical server of Xen software virtual machine, described the second physical server 3 is for being equipped with the physical server of VMware software virtual machine, and described the 3rd physical server 4 is for being equipped with the physical server of Hyper software virtual machine.Every physical server all can fictionalize 3 virtual machines.Realize that virtual firewall is to the network safety prevention of virtual machine.
Implementation step
A) physical topology connects: with reference to the accompanying drawings 1, and finish physical topology and connect.
B) the physics fire compartment wall imports the Xen software virtual machine: the fire compartment wall root backstage of entering first, and among Xen software virtual machine importing fire compartment wall FLASH memory device.
C) carry out the Xen software virtual machine: under fire compartment wall root pattern, carrying out the Xen software virtual machine, is a plurality of virtual machines with the firewall hardware logical partitioning.And with wall port, logical partitioning is among each virtual machine.
D) fire compartment wall IOS is imported in the virtual machine: in the virtual machine FLASH memory space that previous step generates, import fire compartment wall ios program, and operation fire compartment wall IOS program, so that virtual machine becomes virtual firewall.
E) revise fire compartment wall IOS program: revise fire compartment wall IOS program, so that there is convenient centralized configuration in virtual machine with the vdom form in the IOS program at fire compartment wall.
F) the verifying virtual machines logic is connected under each virtual firewall: the checking hardware server generates many virtual machines and operation system on various different virtuals backstage.In the virtual firewall of finishing before logic is connected to.
G) virtualization of checking fire compartment wall realization: whether the checking virtual firewall is relatively independent, and whether the checking virtual firewall can reach the network safety prevention effect of virtual machine.
Professional term is explained:
1.IaaS---(Infrastructure as a Service) infrastructure is namely served one of developing direction of cloud computing.The consumer can obtain service from perfect computer based Infrastructure by Internet.This class service is called infrastructure and namely serves (Infrastructure asaService, IaaS).Service (such as storage and database) based on Internet is the part of IaaS.
2.PaaS---(Platform-as-a-Service) platform is namely served, one of cloud computing developing direction.The business model that server platform provides as a kind of service, corresponding server platform of cloud computing epoch or development environment provide as service just becomes PaaS (Platform as a Service).
3.SaaS---the meaning (Software-as-a-service) is that software is namely served, and the Chinese of SaaS is soft battalion or software operation.SaaS is based on the software application pattern that the Internet provides software service.As a kind of software application pattern of the innovation that begins to rise in 21 century, SaaS is the recent tendency of software development in science and technology.
Claims (7)
1. virtualization of a fire compartment wall treatment system is characterized in that, comprises physics fire compartment wall, many physical servers, and described physics fire compartment wall is connected with many physical servers respectively.
2. a kind of virtualization of fire compartment wall treatment system according to claim 1 is characterized in that described physics fire compartment wall is provided with 2~100 network interfaces.
3. a kind of virtualization of fire compartment wall treatment system according to claim 2 is characterized in that described network interface is the gigabit networking interface.
4. a kind of virtualization of fire compartment wall treatment system according to claim 1 is characterized in that, described physics fire compartment wall is the physics fire compartment wall that the Xen software virtual machine is housed.
5. a kind of virtualization of fire compartment wall treatment system according to claim 1, it is characterized in that, described physical server is provided with three, be respectively the first physical server, the second physical server, the 3rd physical server, every physical server is the server that virtual background program is housed.
6. a kind of virtualization of fire compartment wall treatment system according to claim 5, it is characterized in that, described the first physical server is the physical server that the Xen software virtual machine is housed, described the second physical server is the physical server that the VMware software virtual machine is housed, and described the 3rd physical server is the physical server that the Hyper software virtual machine is housed.
7. a kind of virtualization of fire compartment wall treatment system according to claim 6 is characterized in that, every physical server all can fictionalize 2~10 virtual machines.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011101807118A CN102857475A (en) | 2011-06-29 | 2011-06-29 | Firewall virtualization processing system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011101807118A CN102857475A (en) | 2011-06-29 | 2011-06-29 | Firewall virtualization processing system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102857475A true CN102857475A (en) | 2013-01-02 |
Family
ID=47403675
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011101807118A Pending CN102857475A (en) | 2011-06-29 | 2011-06-29 | Firewall virtualization processing system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102857475A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103685235A (en) * | 2013-11-18 | 2014-03-26 | 汉柏科技有限公司 | Three-tier network virtualization realization method and system on the basis of firewall |
CN104113527A (en) * | 2014-06-19 | 2014-10-22 | 上海地面通信息网络有限公司 | Waf firewall configuration applied to cloud computing network |
CN105939356A (en) * | 2016-06-13 | 2016-09-14 | 北京网康科技有限公司 | Virtual firewall dividing method and device |
WO2017016487A1 (en) * | 2015-07-28 | 2017-02-02 | Huawei Technologies Co., Ltd. | Single network interface for multiple interface virtual network functions |
CN106911723A (en) * | 2017-04-26 | 2017-06-30 | 北京启明星辰信息安全技术有限公司 | Traffic security processing method and safety virtualization system |
US20180234298A1 (en) * | 2017-02-13 | 2018-08-16 | Oracle International Corporation | Implementing a single-addressable virtual topology element in a virtual topology |
US10291507B2 (en) | 2017-02-13 | 2019-05-14 | Oracle International Corporation | Implementing a virtual tap in a virtual topology |
US10389628B2 (en) | 2016-09-02 | 2019-08-20 | Oracle International Corporation | Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network |
US10693732B2 (en) | 2016-08-03 | 2020-06-23 | Oracle International Corporation | Transforming data based on a virtual topology |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1373871A (en) * | 1999-08-23 | 2002-10-09 | 泰拉斯普林公司 | Extensible computing system |
CN1754161A (en) * | 2002-10-18 | 2006-03-29 | 科拉图斯公司 | Apparatus, method, and computer program product for building virtual networks |
CN101668022A (en) * | 2009-09-14 | 2010-03-10 | 陈博东 | Virtual network isolation system established on virtual machine and implementation method thereof |
CN201499183U (en) * | 2009-09-14 | 2010-06-02 | 陈博东 | Virtual network separation system |
CN101958903A (en) * | 2010-10-09 | 2011-01-26 | 南京博同科技有限公司 | Method for realizing high-performance firewall based on SOC and parallel virtual firewall |
CN102110030A (en) * | 2009-12-28 | 2011-06-29 | 北京安码科技有限公司 | Parallel computing method and device supporting software self-repairing |
-
2011
- 2011-06-29 CN CN2011101807118A patent/CN102857475A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1373871A (en) * | 1999-08-23 | 2002-10-09 | 泰拉斯普林公司 | Extensible computing system |
CN1754161A (en) * | 2002-10-18 | 2006-03-29 | 科拉图斯公司 | Apparatus, method, and computer program product for building virtual networks |
CN101668022A (en) * | 2009-09-14 | 2010-03-10 | 陈博东 | Virtual network isolation system established on virtual machine and implementation method thereof |
CN201499183U (en) * | 2009-09-14 | 2010-06-02 | 陈博东 | Virtual network separation system |
CN102110030A (en) * | 2009-12-28 | 2011-06-29 | 北京安码科技有限公司 | Parallel computing method and device supporting software self-repairing |
CN101958903A (en) * | 2010-10-09 | 2011-01-26 | 南京博同科技有限公司 | Method for realizing high-performance firewall based on SOC and parallel virtual firewall |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103685235A (en) * | 2013-11-18 | 2014-03-26 | 汉柏科技有限公司 | Three-tier network virtualization realization method and system on the basis of firewall |
CN104113527A (en) * | 2014-06-19 | 2014-10-22 | 上海地面通信息网络有限公司 | Waf firewall configuration applied to cloud computing network |
WO2017016487A1 (en) * | 2015-07-28 | 2017-02-02 | Huawei Technologies Co., Ltd. | Single network interface for multiple interface virtual network functions |
US9979639B2 (en) | 2015-07-28 | 2018-05-22 | Futurewei Technologies, Inc. | Single network interface for multiple interface virtual network functions |
CN105939356B (en) * | 2016-06-13 | 2019-06-14 | 北京网康科技有限公司 | A kind of virtual firewall division methods and device |
CN105939356A (en) * | 2016-06-13 | 2016-09-14 | 北京网康科技有限公司 | Virtual firewall dividing method and device |
US10693732B2 (en) | 2016-08-03 | 2020-06-23 | Oracle International Corporation | Transforming data based on a virtual topology |
US11082300B2 (en) | 2016-08-03 | 2021-08-03 | Oracle International Corporation | Transforming data based on a virtual topology |
US10389628B2 (en) | 2016-09-02 | 2019-08-20 | Oracle International Corporation | Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network |
US11240152B2 (en) | 2016-09-02 | 2022-02-01 | Oracle International Corporation | Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network |
US10291507B2 (en) | 2017-02-13 | 2019-05-14 | Oracle International Corporation | Implementing a virtual tap in a virtual topology |
US10462033B2 (en) | 2017-02-13 | 2019-10-29 | Oracle International Corporation | Implementing a virtual tap in a virtual topology |
US10462013B2 (en) * | 2017-02-13 | 2019-10-29 | Oracle International Corporation | Implementing a single-addressable virtual topology element in a virtual topology |
US20180234298A1 (en) * | 2017-02-13 | 2018-08-16 | Oracle International Corporation | Implementing a single-addressable virtual topology element in a virtual topology |
US10862762B2 (en) | 2017-02-13 | 2020-12-08 | Oracle International Corporation | Implementing a single-addressable virtual topology element in a virtual topology |
CN106911723A (en) * | 2017-04-26 | 2017-06-30 | 北京启明星辰信息安全技术有限公司 | Traffic security processing method and safety virtualization system |
CN106911723B (en) * | 2017-04-26 | 2020-03-03 | 北京启明星辰信息安全技术有限公司 | Flow safety processing method and safety virtualization system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102857475A (en) | Firewall virtualization processing system | |
US10432464B2 (en) | Creating new cloud resource instruction set architecture | |
Zhang et al. | Cloud computing: state-of-the-art and research challenges | |
US9813423B2 (en) | Trust-based computing resource authorization in a networked computing environment | |
US9183032B2 (en) | Method and system for migration of multi-tier virtual application across different clouds hypervisor platforms | |
US9292316B2 (en) | Cloud of virtual clouds for increasing isolation among execution domains | |
US10324754B2 (en) | Managing virtual machine patterns | |
US20150363180A1 (en) | Software deployment in a distributed virtual machine environment | |
US9547519B2 (en) | Overcommitting virtual machine hosts | |
US11558311B2 (en) | Automated local scaling of compute instances | |
US9361120B2 (en) | Pluggable cloud enablement boot device and method that determines hardware resources via firmware | |
US9389874B2 (en) | Apparatus and methods for automatically reflecting changes to a computing solution in an image for the computing solution | |
US20150106611A1 (en) | Pluggable cloud enablement boot device and method | |
CN109254836B (en) | Deadline constraint cost optimization scheduling method for priority dependent tasks of cloud computing system | |
US10114677B2 (en) | Method and system for workload recommendations on information handling systems | |
WO2015032201A1 (en) | Virtual machine placing method and device | |
US10248464B2 (en) | Providing additional memory and cache for the execution of critical tasks by folding processing units of a processor complex | |
US10565020B2 (en) | Adjustment of the number of central processing units to meet performance requirements of an I/O resource | |
WO2020108536A1 (en) | Virtual network resource allocation method and system and electronic device | |
CN203301532U (en) | Cloud desktop system | |
CN104484221A (en) | Method for taking over existing vCenter cluster by CloudStack | |
CN202127422U (en) | Fire wall virtualization treatment device | |
KR102554497B1 (en) | Apparatus and method of platform building for providing service of shipping port logistics based on cloud computing | |
US9710296B2 (en) | Allocating cost of disk usage to a linked clone virtual machine | |
US20200326976A1 (en) | Operating cluster computer system with coupling facility |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130102 |
|
RJ01 | Rejection of invention patent application after publication |