CN102932453A - Method for achieving data center security system based on cloud computation - Google Patents
Method for achieving data center security system based on cloud computation Download PDFInfo
- Publication number
- CN102932453A CN102932453A CN2012104313453A CN201210431345A CN102932453A CN 102932453 A CN102932453 A CN 102932453A CN 2012104313453 A CN2012104313453 A CN 2012104313453A CN 201210431345 A CN201210431345 A CN 201210431345A CN 102932453 A CN102932453 A CN 102932453A
- Authority
- CN
- China
- Prior art keywords
- cloud
- security
- data center
- cloud security
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for achieving a data center security system based on cloud computation. According to requirements of the cloud computation, the architecture of a data center security protection system architected by 'cloud security' includes that data of an enterprise can be distributed at different cloud data central terminals, each cloud data center is architected with a 'cloud security' submodule, an enterprise cloud computation data center is provided with a 'cloud security' control center which is responsible for monitoring real-time dynamics of each cloud data center, when potential safety hazard accidents occur, measures are immediately taken to perform remote stopping, the 'cloud security' control center is further responsible for formulating safety regulations and standards and sending the safety regulations and standards to the 'cloud security' submodule of each cloud data center, the 'cloud security' control center and the 'cloud security' submodules commonly maintain the safety of the enterprise computation data center, the safety of the data center is controlled through a visual interface, accordingly the safety of the data center is guaranteed, and the foundation of the development of data center safety system in the future is established.
Description
Technical field
The invention belongs to cloud computing data center security fields, on the basis of conventional data centers safety precaution system, in conjunction with the theory of cloud computing and " cloud security " under the new situation data center's security system is conducted in-depth research, design has provided data center's safety precaution system of " cloud security " framework, and use correlation technique in laboratory environment, to carry out the Realization of Simulation, " cloud security " control centre can control the fail safe at data center by interface intuitively, and with " cloud security " submodule common guarantee and the safety at service data center of cooperating with each other.
Background technology
With reference to OSI information security system framework and national information efficient public security system, data center's safety precaution architecture is made of technical system, organizational framework and management system.Ensure data center's safety, except the organization and management system that will guarantee the safety precaution system, the more important thing is technically its fail safe is ensured.
Cloud computing be by integrate, management, allotment be distributed in network computational resource everywhere, and provides safe and reliable data storage, conveniently Internet service and powerful computing capability to a large number of users simultaneously with unified interface.The storage of cloud computing and computing will no longer operate in local computer or the server, but operate on a large amount of computers that are distributed on the internet, the user only needs accessing Internet, just can namely serve by infrastructure, platform is namely served and software is namely served 3 kinds of forms, by terminal equipments such as computer, mobile phones, conveniently usage data and service in any place.Enterprise has deposit data in the data center of architecture cloud computing platform in enterprises, must ensure that data center is perfectly safe, and namely must ensure the fail safe of " high in the clouds " data center data.This computation model of cloud computing is applied to information security field, is called " cloud security " thereby produced a kind of brand-new information security theory.It upgrades to the active safety protection mode with passivating safe mode in the past, to ensure the safety of network and PC.
Windows communication infrastructure (WCF) is the application development interface by one group of data communication of Microsoft's development, core is to allow to realize communication by message between the teleprogram, be used for making up application program distributed, can be mutual, it adopts the architecture of SOA, inherit and developed the advantage of Web service, performance to distributed treatment is optimized, and is seamless integrated with Visual studio2005/2008, efficiently development DDB application.WCF follows service-oriented principle, in the WCF framework, all functions all are packaged into externally issue of service, service operation is among a certain host (service end), as external communication interface, end points is described with address (Address), binding (Binding) and contract (Contract) with end points.
Security status for the current data center, data center is the information exchange hinge that the multinomial network services such as Internet resources, server resource, the specialized trustship of main frame and broadband access are provided to the user, that information system resources is the most intensive, exchanges data is the most local, also be the multiple area of security incident, the careless omission in any protection will cause irreparable damage; In addition, day by day in-depth along with internet, applications, the data center's running environment just central server from legacy clients/server to network connection makes the transition, the relation of application program and hardware, network and operating system becomes and becomes increasingly complex, and these also introduce safely many uncertain factors for data center.The defensive measure of data center, Information Security Mechanism and security service all are faced with huge challenge.
Summary of the invention
The present invention seeks to: propose on the basis of conventional data centers safety precaution system in conjunction with the theory of cloud computing and " cloud security " under the new situation data center's security system to be conducted in-depth research, design has provided data center's safety precaution system of " cloud security " framework, and use correlation technique in laboratory environment, to carry out the Realization of Simulation, " cloud security " control centre can control the fail safe at data center by interface intuitively, and with " cloud security " submodule common guarantee and the safety at service data center of cooperating with each other.The object of the invention also is: propose a cover safety, take conventional data centers safety precaution system as framework, according to requirement and the characteristics of cloud computing, the framework that adopts " cloud security " is that the security system of data center has proposed a kind of new solution.
Technical scheme of the present invention is as follows: a kind of (enterprise) data center security system implementation method based on cloud computing, and the concrete steps of this method comprise:
Take the information security technology framework as the basis, requirement according to cloud computing, data center's safety precaution architectural framework of " cloud security " framework is: the data of an enterprise can be distributed in different cloud data center ends, each cloud data center framework " cloud security " submodule, and cloud computing data center of enterprise is provided with " cloud security " control centre; Implementation step is:
Step 1, " cloud security " control centre are responsible for monitoring the dynamic in real time of each cloud data center, and long-range prevention takes immediate steps when having the potential safety hazard event to occur;
Step 2, " cloud security " control centre also will formulate safety regulation and standard and be issued in " cloud security " submodule of each cloud data center;
The cooperate with each other safety at common maintaining enterprise calculated data center of step 3, " cloud security " control centre and " cloud security " submodule:
Enterprise data center's safety precaution architectural framework of " cloud security " framework, the design of " cloud security " control centre comprises that Control on Communication, Long-distance Control, telemonitoring, management arrange four module; Wherein communication control module comprises instant messaging and regulation management; Remote control module comprises host lock, terminal interface control and the control of host switch machine; Remote monitor module comprises the screenshotss demonstration of distance host and checks host information; Management arranges module and comprises user management and parameter setting; " cloud security " control centre utilizes the measures such as remote monitoring, can monitor fully cloud computing data center end main frame dynamically, when monitoring described main frame violation operation, " cloud security " control centre sends control command and in time locks main frame or memory interface is carried out Long-distance Control; Strengthened the safety of cloud data center.
" cloud security " submodule is based on hierarchical model; Main consideration comprises that link and network security, application safety, physical environment reach safely computer system security 4 parts, and wherein, link and network security comprise the isolation of intrusion prevention design and network; Application safety comprises isolation, encryption and the contents such as protection and grading control of user's Authentication and authorization, data; Physical environment comprises safely device security and the standby management of calamity; Computer system security comprises operating system security and database security; " cloud security " submodule can not only cooperate to come with " cloud security " control centre the safety at service data center, and the design feature of himself has also further improved the fail safe of whole data center.
Specializing of step 1:
1) realize " cloud security " control centre monitor each cloud data center in real time dynamically: be subjected to program that is used for listening port and receive data bag of each cloud data center operation of prosecutor, and controlling party " cloud security " control centre sends packet for controlled square end mouth by self port; Ought to make up two systems according to former, one is controlling party " (cloud security " control centre), and another is to be subjected to prosecutor " (cloud security " submodule), be subjected to prosecutor to wait for that controlling party sends instruction and carries out corresponding operation;
2) the Windows communication infrastructure is that the process that WCF communication realizes is: at first client Client calls client requests Service Request from client Client to server end Service, server end Service begins executable operations, after operation is finished, Service shows at the Client end to feedback request Callback Request of Client transmission and with the result, Client can send a feedback request response Callback Response to the Service end after finishing Callback Request operation, Service receives and carries out follow-up operation after the Callback Response, and all operations rear Service that is finished can send server response Service Response to client Client.
3) the remotely monitor and control implementation procedure is: " cloud security " control centre and " cloud security " submodule have formed the remote monitoring module of native system, and " cloud security " control centre is controlling party, and " cloud security " submodule is to be subjected to prosecutor.Controlling party sends order, is subjected to the prosecutor fill order and the result is fed back to controlling party.
4) research " cloud security " submodule, " cloud security " submodule considers mainly that based on hierarchical model link and network security, application safety, physical environment reach safely computer system security 4 parts.
Beneficial effect of the present invention is as follows:
1. " cloud security " control centre utilizes the measures such as remote monitoring, can monitor the dynamic of cloud data center end main frame fully, when monitoring violation operation, " cloud security " control centre sends control command and in time locks main frame or memory interface is carried out Long-distance Control, has strengthened the safety of cloud data center.
2. " cloud security " submodule can not only cooperate to come with " cloud security " control centre the safety at service data center, and the design feature of himself has also further improved the fail safe of whole data center.
3, a cover safety that proposes, take conventional data centers safety precaution system as framework, requirement and characteristics according to cloud computing, the framework that adopts " cloud security " is that the security system of data center has proposed a kind of new solution, and use some key technologies that correlation module has been carried out the contrast under the laboratory environment according to the design of scheme and realize, can control the fail safe at data center by interface intuitively, ensured the safety of data center with this, and laid a good foundation for the from now on development of data center's security system.
Security status for the current data center, data center is the information exchange hinge that the multinomial network services such as Internet resources, server resource, the specialized trustship of main frame and broadband access are provided to the user, that information system resources is the most intensive, exchanges data is the most local, also be the multiple area of security incident, the careless omission in any protection will cause irreparable damage; In addition, day by day in-depth along with internet, applications, the data center's running environment just central server from legacy clients/server to network connection makes the transition, the relation of application program and hardware, network and operating system becomes and becomes increasingly complex, and these also introduce safely many uncertain factors for data center.The defensive measure of data center, Information Security Mechanism and security service all are faced with huge challenge.Therefore, the present invention proposes a cover safety, take conventional data centers safety precaution system as framework, requirement and characteristics according to cloud computing, the framework that adopts " cloud security " is that the security system of data center has proposed a kind of new solution, and use some key technologies that correlation module has been carried out the contrast under the laboratory environment according to the design of scheme and realize, can control the fail safe at data center by interface intuitively, ensured the safety of data center with this, and laid a good foundation for the from now on development of data center's security system.
Description of drawings
Fig. 1 is " cloud security " control centre framework.
Fig. 2 is " cloud security " submodule framework.
Embodiment:
Realization of the present invention mainly may further comprise the steps:
Step 1: realize " cloud security " control centre: be subjected to program that is used for listening port and receive data bag of prosecutor operation, and controlling party sends packet for controlled square end mouth by self port.Ought to make up two systems according to former, one is controlling party " (cloud security " control centre), and another is to be subjected to prosecutor " (cloud security " submodule), be subjected to prosecutor to wait for that controlling party sends instruction and carries out corresponding operation.
Step 2: realize WCF communication, at first Client calls Service Request from Client to Service, Service begins executable operations, after operation is finished, Service shows at the Client end to Callback Request of Client transmission and with the result, Client can send a Callback Response to the Service end after finishing Callback Request operation, Service receives and carries out follow-up operation after the Callback Response, and all operations rear Service that is finished can send Service Response to Client.
Step 3: the remotely monitor and control implementation procedure is: " cloud security " control centre and " cloud security " submodule have formed the remote monitoring module of native system, and " cloud security " control centre is controlling party, and " cloud security " submodule is to be subjected to prosecutor.Controlling party sends order, is subjected to the prosecutor fill order and the result is fed back to controlling party.
Step 4: consider that link and network security, application safety, physical environment reach safely computer system security, realize " cloud security " submodule.Wherein, link and network security comprise the isolation of intrusion prevention design and network; Application safety comprises isolation, encryption and the contents such as protection and grading control of user's Authentication and authorization, data; Physical environment comprises safely device security and the standby management of calamity; Computer system security comprises operating system security and database security.
Claims (2)
1. data center's security system implementation method based on cloud computing, it is characterized in that the requirement according to cloud computing, data center's safety precaution architectural framework of " cloud security " framework is: the data of an enterprise can be distributed in different cloud data center ends, each cloud data center framework " cloud security " submodule, and cloud computing data center of enterprise is provided with " cloud security " control centre; Implementation step is:
Step 1, " cloud security " control centre are responsible for monitoring the dynamic in real time of each cloud data center, and long-range prevention takes immediate steps when having the potential safety hazard event to occur;
Step 2, " cloud security " control centre also will formulate safety regulation and standard and be issued in " cloud security " submodule of each cloud data center;
The safety at step 3, " cloud security " control centre and the common maintaining enterprise calculated data of " cloud security " submodule center:
Enterprise data center's safety precaution architectural framework of " cloud security " framework, the design of " cloud security " control centre comprises that Control on Communication, Long-distance Control, telemonitoring, management arrange four module; Wherein communication control module comprises instant messaging and regulation management; Remote control module comprises host lock, terminal interface control and the control of host switch machine; Remote monitor module comprises the screenshotss demonstration of distance host and checks host information; Management arranges module and comprises user management and parameter setting; " cloud security " control centre utilizes the remote monitoring measure, monitor fully cloud computing data center end main frame dynamically, when monitoring described main frame violation operation, " cloud security " control centre sends control command and in time locks main frame or memory interface is carried out Long-distance Control; Strengthened the safety of cloud data center;
" cloud security " submodule is based on hierarchical model; Consider to comprise that link and network security, application safety, physical environment reach safely computer system security 4 parts; Wherein, link and network security comprise the isolation of intrusion prevention design and network; Application safety comprises isolation, encryption and the contents such as protection and grading control of user's Authentication and authorization, data; Physical environment comprises safely device security and the standby management of calamity; Computer system security comprises operating system security and database security; " cloud security " submodule can not only cooperate to come with " cloud security " control centre the safety at service data center, and the design feature of himself has also further improved the fail safe of whole data center.
2. the data center's security system implementation method based on cloud computing according to claim 1 is characterized in that specializing of step 1:
1) realize " cloud security " control centre monitor each cloud data center in real time dynamically: be subjected to program that is used for listening port and receive data bag of each cloud data center operation of prosecutor, and controlling party " cloud security " control centre sends packet for controlled square end mouth by self port; Ought to make up two systems according to former, one is controlling party " cloud security " control centre, and another is to be subjected to prosecutor " cloud security " submodule, is subjected to prosecutor to wait for that controlling party sends instruction and carries out corresponding operation;
2) the Windows communication infrastructure is that the process that WCF communication realizes is: at first client Client calls client requests Service Request from client Client to server end Service, server end Service begins executable operations, after operation is finished, Service shows at the Client end to feedback request Callback Request of Client transmission and with the result, Client can send a feedback request response Callback Response to the Service end after finishing Callback Request operation, Service receives and carries out follow-up operation after the Callback Response, and all operations rear Service that is finished can send server response Service Response to client Client;
3) the remotely monitor and control implementation procedure is: " cloud security " control centre and " cloud security " submodule have formed the remote monitoring module of native system, and " cloud security " control centre is controlling party, and " cloud security " submodule is to be subjected to prosecutor; Controlling party sends order, is subjected to the prosecutor fill order and the result is fed back to controlling party.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104313453A CN102932453A (en) | 2012-10-31 | 2012-10-31 | Method for achieving data center security system based on cloud computation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104313453A CN102932453A (en) | 2012-10-31 | 2012-10-31 | Method for achieving data center security system based on cloud computation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102932453A true CN102932453A (en) | 2013-02-13 |
Family
ID=47647150
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012104313453A Pending CN102932453A (en) | 2012-10-31 | 2012-10-31 | Method for achieving data center security system based on cloud computation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102932453A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103152362A (en) * | 2013-03-28 | 2013-06-12 | 胡祥义 | Cloud-computing-based encrypted transmission method for large data files |
| CN104216902A (en) * | 2013-05-31 | 2014-12-17 | 西门子公司 | Paging data loading method, device and system based on server paging |
| CN105162641A (en) * | 2014-05-28 | 2015-12-16 | 中兴通讯股份有限公司 | Monitoring method and device for cloud desktop |
| CN105871876A (en) * | 2016-05-05 | 2016-08-17 | 云神科技投资股份有限公司 | Smart city cloud security architecture building method |
| CN106713356A (en) * | 2017-01-24 | 2017-05-24 | 网宿科技股份有限公司 | Multi-data center management method and system |
| CN107317827A (en) * | 2017-08-23 | 2017-11-03 | 合肥中盈信息工程有限公司 | A kind of big data cloud booth data safety takes precautions against supervisory systems |
| CN108449352A (en) * | 2018-03-28 | 2018-08-24 | 江苏财会职业学院 | A method of the protection computer system security based on cloud computing |
| CN110022371A (en) * | 2019-04-16 | 2019-07-16 | 山东超越数控电子股份有限公司 | One kind managing platform and its working method towards the cloud security of " side Yun Xietong " Yun Zhongxin |
| US11882155B1 (en) | 2021-06-09 | 2024-01-23 | State Farm Mutual Automobile Insurance Company | Systems and methods for cybersecurity analysis and control of cloud-based systems |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065122A (en) * | 2010-11-11 | 2011-05-18 | 上海海事大学 | Ship network construction method based on radio frequency identification and cloud computing |
| CN202004790U (en) * | 2011-03-18 | 2011-10-05 | 蓝盾信息安全技术股份有限公司 | Network security detection and monitoring auditing system |
-
2012
- 2012-10-31 CN CN2012104313453A patent/CN102932453A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065122A (en) * | 2010-11-11 | 2011-05-18 | 上海海事大学 | Ship network construction method based on radio frequency identification and cloud computing |
| CN202004790U (en) * | 2011-03-18 | 2011-10-05 | 蓝盾信息安全技术股份有限公司 | Network security detection and monitoring auditing system |
Non-Patent Citations (1)
| Title |
|---|
| 张水平等: "基于云计算的数据中心安全体系研究与实现", 《计算机工程与设计》, vol. 32, no. 12, 31 December 2011 (2011-12-31) * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103152362A (en) * | 2013-03-28 | 2013-06-12 | 胡祥义 | Cloud-computing-based encrypted transmission method for large data files |
| CN103152362B (en) * | 2013-03-28 | 2015-09-16 | 胡祥义 | Based on the large data files encrypted transmission method of cloud computing |
| CN104216902A (en) * | 2013-05-31 | 2014-12-17 | 西门子公司 | Paging data loading method, device and system based on server paging |
| CN104216902B (en) * | 2013-05-31 | 2018-10-02 | 西门子公司 | A kind of paged data stowage, device and system based on server paging |
| CN105162641A (en) * | 2014-05-28 | 2015-12-16 | 中兴通讯股份有限公司 | Monitoring method and device for cloud desktop |
| CN105871876A (en) * | 2016-05-05 | 2016-08-17 | 云神科技投资股份有限公司 | Smart city cloud security architecture building method |
| CN106713356A (en) * | 2017-01-24 | 2017-05-24 | 网宿科技股份有限公司 | Multi-data center management method and system |
| CN106713356B (en) * | 2017-01-24 | 2020-03-31 | 网宿科技股份有限公司 | Multi-data center management method and system |
| CN107317827A (en) * | 2017-08-23 | 2017-11-03 | 合肥中盈信息工程有限公司 | A kind of big data cloud booth data safety takes precautions against supervisory systems |
| CN108449352A (en) * | 2018-03-28 | 2018-08-24 | 江苏财会职业学院 | A method of the protection computer system security based on cloud computing |
| CN110022371A (en) * | 2019-04-16 | 2019-07-16 | 山东超越数控电子股份有限公司 | One kind managing platform and its working method towards the cloud security of " side Yun Xietong " Yun Zhongxin |
| US11882155B1 (en) | 2021-06-09 | 2024-01-23 | State Farm Mutual Automobile Insurance Company | Systems and methods for cybersecurity analysis and control of cloud-based systems |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102932453A (en) | Method for achieving data center security system based on cloud computation | |
| Tran et al. | SCADA as a service approach for interoperability of micro-grid platforms | |
| CN204350029U (en) | Data interaction system | |
| KR20220160549A (en) | Cluster access method, apparatus, electronic equipment and media | |
| CN109690491A (en) | Execute remote command | |
| CN102196027A (en) | System and method for implementing mobile cloud service | |
| CN105577677A (en) | Remote login method and system based on J2EE | |
| CN116011590A (en) | Federal learning method, device and system | |
| CN113674455A (en) | Intelligent door lock remote control method, device, system, equipment and storage medium | |
| CN101854359A (en) | Access control method based on virtualized calculation | |
| CN108170510A (en) | A kind of managing computing resources system based on virtualization technology | |
| US11947640B2 (en) | Adaptive, multi-channel, embedded application programming interface (API) | |
| CN110189440A (en) | A kind of smart lock monitoring equipment and its method based on block chain | |
| CN113946816A (en) | Cloud service-based authentication method and device, electronic equipment and storage medium | |
| CN112448909A (en) | Electronic lock management method, device, system and storage medium | |
| CN115296866B (en) | Access method and device for edge node | |
| CN103581202B (en) | The trade company of identity-based authentication platform makes board cross-certification method | |
| CN116095671A (en) | Resource sharing method based on meta universe and related equipment thereof | |
| Xu et al. | Security interaction of web services in heterogeneous platforms | |
| CN110266477B (en) | Dynamic encryption method for UDP communication | |
| CN115222392A (en) | Service access method, device, medium and electronic equipment based on block chain | |
| CN113434904A (en) | Data processing method and device, computer equipment and storage medium | |
| CN112367297A (en) | Service control method and device | |
| US12028315B2 (en) | Methods, devices, and computer program products for authenticating peripheral device | |
| CN115297019B (en) | Management method of Internet of things application platform, internet of things system, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130213 |