CN103634167B - Security configuration check method and system for target hosts in cloud environment - Google Patents
Security configuration check method and system for target hosts in cloud environment Download PDFInfo
- Publication number
- CN103634167B CN103634167B CN201310665067.2A CN201310665067A CN103634167B CN 103634167 B CN103634167 B CN 103634167B CN 201310665067 A CN201310665067 A CN 201310665067A CN 103634167 B CN103634167 B CN 103634167B
- Authority
- CN
- China
- Prior art keywords
- node
- task
- report
- tasks carrying
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a security configuration check method and system for target hosts in a cloud environment. The method includes: after receiving a security configuration check task, a task scheduling node calculates, for each task execution node, capacity consumption of the task execution node executing the check task, according to the related target host network delay, bandwidth and packet arrival rate from the task execution node to the check task, total capacity and used capacity of the task execution node, and sum of capacities consumed for check items of the check task; the task scheduling node transmits the check task to the lowest capacity consumption task execution node to execute the check task. Through the application of the security configuration check method and system, the security configuration check task for mass target hosts in the cloud environment can be executed more efficiently.
Description
Technical field
The present invention relates to computer communication technology, particularly relate to destination host is pacified by a kind of cloud environment
The method and system of full configuration inspection.
Background technology
Cloud computing is developed by parallel computation, Distributed Calculation, network calculations, is a kind of emerging business
Industry computation model, i.e. services including infrastructure, platform i.e. services, software i.e. services, and relies on
The various technological trends of the Internet.
Along with the fast development of cloud computing, the data of cloud computing user and application safety, cloud computing service are put down
The safety of platform self, security issues become increasingly urgent, about cloud in the abuse three class cloud computing of cloud computing resources
Computational security increasingly comes into one's own.
At present, for the safety of cloud computing service platform self, prevent due to server or the network equipment
The loss caused Deng the configuration error of destination host, it is proposed that a kind of cloud environment using single node to dispose
The method that security configuration checks, each security configuration checkpoint of destination host can be checked by foundation
Test and appraisal script bank;Module identification measured target main frame is performed, from test and appraisal script bank by test and appraisal script bank
Select suitably to test and assess script, and performs this test and appraisal script;Return data analysis module by script will survey
Comment script to perform to return result to be analyzed forming evaluating result, and be stored in data base;Reported by test and appraisal
Accuse generation module and automatically generate the test and evaluation report of this destination host safety.
From above-mentioned, the method that the cloud environment security configuration that existing single node is disposed checks, use single
Node deployment, when multiple destination hosts performing security configuration and checking task, can only will check that task is suitable
Sequence team performs successively, no matter uses which kind of algorithm to be scheduling, and performs security configuration and checks that task expends
Time is long, inefficiency.
Summary of the invention
Embodiments provide a kind of method in cloud environment, destination host being carried out security configuration inspection
And system, in order to realize the destination host of magnanimity in cloud environment is carried out security configuration by distributed structure/architecture
Checking of task, promotes security configuration and checks the execution efficiency of task.
According to an aspect of the invention, it is provided a kind of cloud environment carries out security configuration inspection to destination host
Method, including: task scheduling node is after receiving the inspection task of security configuration, for each
Business perform node, according to this node to the network delay of destination host involved by this inspection task, bandwidth,
Bag arrival rate, and the overall performance ability of this tasks carrying node and the performance that taken, and this inspection
Look into the performance consumption sum of each check item in task, calculate this tasks carrying node and perform this inspection task
Performance consumption;The task that this inspection task is sent to performance consumption minimum by described task scheduling node is held
Row node carries out tasks carrying: receive the tasks carrying node of this inspection task, to equipment control subsystem
System asks authority and the system information of described destination host, and for each check item in this inspection task,
To the request of baseline management subsystem to should the detection module of check item;Afterwards, this tasks carrying node root
The authority of described destination host arrived according to request and system information, be separately operable each detection module and realize institute
State the security configuration inspection of each check item of destination host.
Further, the described network delay according to this node to the destination host involved by this inspection task,
Bandwidth, bag arrival rate, the overall performance ability of this tasks carrying node and the performance taken, and should
The performance consumption sum of each check item in inspection task, calculates this tasks carrying node and performs this inspection and appoint
Business performance consumption particularly as follows:
Calculate this tasks carrying node according to equation below 1 and perform the performance consumption of this inspection task:
Wherein, CjobThe performance consumption of this pending inspection task is performed for this tasks carrying node;Delay
Network delay for this tasks carrying node to the destination host involved by this pending inspection task;
CoccupiedThe performance taken for this tasks carrying node;CcapacityTotal for this tasks carrying node
Performance capability;Band is that this tasks carrying node is to the destination host involved by this pending inspection task
Bandwidth;Rate is this tasks carrying node arriving to the destination host involved by this pending inspection task
Reach rate;K is the numbering of check item in the inspection task that this is pending, is the natural number of 1~n;CkFor this
Tasks carrying node performs the performance consumption of kth check item;N is the inspection task check item that this is pending
Sum.
Further, described inspection task is to be joined by the administration interface of described task scheduling node by manager
Put in described task scheduling node;And
Described method also includes:
After described task scheduling node receives by the report analysis task of administrator configurations, according to this report
The required inspection result report total analyzed of analysis task, and the target involved by this report analysis task
The sum of main frame, calculates the performance consumption of this report analysis task;And
For each tasks carrying node, according to this node to each target involved by this report analysis task
The averaging network time delay of main frame, average bandwidth, average bag arrival rate, and this tasks carrying node is total
Performance capability and the performance taken, and the performance consumption of this report analysis task, calculate this
Business performs node and performs the performance consumption of this report analysis task;
This report analysis task is sent to perform the performance of this report analysis task by described task scheduling node
Consume minimum tasks carrying node and carry out tasks carrying:
Receive the tasks carrying node of this report analysis task, ask this report analysis to report storage subsystem
Each historical record checked involved by result report that required by task is analyzed;The historical record of request is carried out
Generate each of this report analysis task after analysis and check result report.
Further, described according to this node average to each destination host involved by this report analysis task
Network delay, average bandwidth, average bag arrival rate, and the overall performance ability of this tasks carrying node and
The performance taken, and the performance consumption of this report analysis task, calculate this tasks carrying node
Perform this report analysis task performance consumption particularly as follows:
Calculate this tasks carrying node according to equation below 3 and perform the performance consumption of this report analysis task:
Wherein, Cjob' the performance consumption of this pending report analysis task is performed for this tasks carrying node;
Delay' is this tasks carrying node net to the destination host involved by this pending report analysis task
Network time delay;CoccupiedThe performance taken for this tasks carrying node;CcapacityFor this tasks carrying
The overall performance ability of node;Band' is that this tasks carrying node is to involved by this pending report analysis task
And the bandwidth of destination host;Rate' is that this tasks carrying node is to this pending report analysis task institute
The arrival rate of the destination host related to;NjobPerformance consumption for this pending report analysis task.
Further, the inspection task of security configuration, or described are being received at described task scheduling node
After business scheduling node receives by the report analysis task of administrator configurations, also include:
Described task scheduling node using receive inspection task or report analysis task as pending task,
According to the priority that manager is the configuration of this pending task, by this pending task to storage to correspondence
In priority query;
Described task scheduling node, every each priority query of setting cycle poll, determines that storage needs to be held
The priority query of the limit priority of row task, and the priority query that will determine are stored at first
One pending task is taken out;And for each tasks carrying node, calculate this tasks carrying node and hold
The performance consumption of this pending task of row;
This pending task is sent to the tasks carrying node that performance consumption is minimum by described task scheduling node
Carry out tasks carrying.
Further, at described task scheduling node, this pending task is sent to minimum the appointing of performance consumption
Before business performs node, also include:
Described task scheduling node, for each tasks carrying node, has accounted for according to this tasks carrying node
Performance, and this tasks carrying node performs the performance consumption of this pending task, it is judged that this task
Whether execution node is in overload is closed on state;
If described task scheduling node judges that all of tasks carrying node closes on state all in overload, then etc.
Treat that one of them tasks carrying node, before completion for the task of its distribution, and is in non-overloaded and closes on shape
After state, this pending task is sent to this non-overloaded and closes on the tasks carrying node of state and carry out task and hold
OK.
Further, at described task scheduling node, this pending task is sent to minimum the appointing of performance consumption
After business execution node carries out tasks carrying, also include:
This tasks carrying node is after completing this pending task, and to described task scheduling node report, this is treated
Execution tasks carrying is complete;The property taken of described this tasks carrying node of task scheduling node updates
Energy;
Afterwards, the result of this pending task is stored described report storage subsystem by this tasks carrying node
System.
Further, the result of this pending task is stored described report by described tasks carrying node
Storage subsystem specifically includes:
Described tasks carrying node is after completing this pending task, to depositing of described report storage subsystem
Storage control centre sends report storage request;
Described storage control centre for each report memory node of described report storage subsystem, according to
This report memory node is to the network delay of this tasks carrying node, bandwidth, bag arrival rate, and this report
Accuse total memory space of memory node and taken up room, calculating this report memory node to this tasks carrying
The storage consumption of node;
Described storage control centre chooses the minimum report memory node of storage consumption as selected report storage
After node, return the network address information of selected report memory node to described tasks carrying node;
Described tasks carrying node is according to the network address information returned, to described selected report memory node
Transmit described result.
Further, at described tasks carrying node according to the network address information returned, applied for described
After accusing the memory node described result of transmission, also include:
Described storage control centre, according to the geographical location information of each report memory node, determines described quilt
Apply for accusing three class backup nodes of memory node: first kind backup node is for saving with described selected report storage
Point report memory node in same frame;Equations of The Second Kind backup node is and described selected report storage joint
Point report memory node on same machine room, different frames;3rd class backup node is selected with described
Report memory node is at the report memory node of different machine rooms;
For every class backup node, described storage control centre calculates each report in such backup node
Memory node is deposited to the storage consumption of described selected report memory node, the report choosing storage consumption minimum
Storage node is as the preferred selected backup node in such backup node;Described storage control centre notice
Described result is backuped in described three class backup nodes preferred by described selected report memory node respectively
Selected backup node in;
Described storage control centre, according to backup number set in advance and Redundancy concept, determines that every class is standby
The number of selected backup node in part node;If the number of selected backup node in one type backup node
More than 1, the most described storage control centre calculates each report memory node in such backup node to described
The storage consumption of preferred selected backup node, and by the storage consumption calculated order choosing from small to large
Take the report memory node of corresponding number as the selected backup node in such backup node;And notify to be somebody's turn to do
Described result is backuped in such backup node by the preferred selected backup node in class backup node
In other selected backup node;
Afterwards, described storage control centre by the filename of described result and file verification and and
Store the mark correspondence storage of the report memory node of described result and backup thereof.
According to another aspect of the present invention, additionally provide in one cloud environment and destination host is carried out safety
The system of configuration inspection, including: tasks carrying subsystem, the equipment management subsystem, baseline management subsystem
System;Wherein, described tasks carrying subsystem includes: task scheduling node and multiple tasks carrying node;
Described task scheduling node is for after receiving the inspection task of security configuration, for each tasks carrying
Node, arrives to the network delay of destination host involved by this inspection task, bandwidth, bag according to this node
Reach rate, and the overall performance ability of this tasks carrying node and the performance that taken, and this inspection is appointed
The performance consumption sum of each check item in business, calculates this tasks carrying node and performs the property of this inspection task
Can consume;This inspection task is sent to the tasks carrying joint that performance consumption is minimum by described task scheduling node
Point;Described tasks carrying node is for asking institute to the equipment management subsystem after receiving this inspection task
State authority and the system information of destination host, and for each check item in this inspection task, to baseline pipe
Reason subsystem request is to should the detection module of check item;Afterwards, this tasks carrying node arrives according to request
The authority of described destination host and system information, be separately operable each detection module and realize described target master
The security configuration inspection of each check item of machine.
It is preferred that described task scheduling node is additionally operable to receive by the report analysis task of administrator configurations
After, according to the inspection result report total analyzed needed for this report analysis task, and this report analysis is appointed
The sum of the destination host involved by business, calculates the performance consumption of this report analysis task;And
For each tasks carrying node, according to this node to each target involved by this report analysis task
The averaging network time delay of main frame, average bandwidth, average bag arrival rate, and this tasks carrying node is total
Performance capability and the performance taken, and the performance consumption of this report analysis task, calculate this
Business performs node and performs the performance consumption of this report analysis task;This report is divided by described task scheduling node
Analysis task is sent to perform the tasks carrying node of the performance consumption minimum of this report analysis task;
Described tasks carrying node is additionally operable to receive this report analysis task Back Report storage subsystem please
Seek the required each historical record checked involved by result report analyzed of this report analysis task;To request
Historical record generates each of this report analysis task and checks result report after being analyzed.
It is preferred that described task scheduling node is additionally operable to receiving inspection task or the report of security configuration
Accuse after analysis task, using the inspection task received or report analysis task as pending task, according to pipe
Reason person is the priority of this pending task configuration, by this pending task to storage to corresponding priority
In queue;
Described task scheduling node, every each priority query of setting cycle poll, determines that storage needs to be held
The priority query of the limit priority of row task, and the priority query that will determine are stored at first
One pending task is taken out;And for each tasks carrying node, calculate this tasks carrying node and hold
The performance consumption of this pending task of row;The task of this pending task being sent to performance consumption minimum is held
Row node carries out tasks carrying.
It is preferred that described system also includes: report storage subsystem;
Described tasks carrying node is additionally operable to after completing this pending task, to described task scheduling node
Report that this pending tasks carrying is complete;Afterwards, the result of this pending task is stored described
Report storage subsystem;The performance taken of described this tasks carrying node of task scheduling node updates.
It is preferred that described report storage subsystem specifically includes: storage control centre and multiple report storage
Node;
Described storage control centre is for receiving the report of the described result that tasks carrying node sends
After storage request, for each report memory node of described report storage subsystem, deposit according to this report
Storage node is to the network delay of this tasks carrying node, bandwidth, bag arrival rate, and this report storage saves
Point total memory space and taken up room, calculating this report memory node depositing to this tasks carrying node
Storage consumes;And choose the minimum report memory node of storage consumption as selected report memory node after, to
Described tasks carrying node returns the network address information of selected report memory node;
Described tasks carrying node is according to the network address information returned, to described selected report memory node
Transmit described result.
It is preferred that described storage control centre is additionally operable to return the network address letter of selected report memory node
After breath, according to the geographical location information of each report memory node, determine described selected report memory node
Three class backup nodes: first kind backup node be with described selected report memory node in same frame
Report memory node;Equations of The Second Kind backup node is at same machine room with described selected report memory node,
Report memory node in different frames;3rd class backup node is to exist with described selected report memory node
The report memory node of different machine rooms;
For every class backup node, described storage control centre calculates each report in such backup node
Memory node is deposited to the storage consumption of described selected report memory node, the report choosing storage consumption minimum
Storage node is as the preferred selected backup node in such backup node;Described storage control centre notice
Described result is backuped in described three class backup nodes preferred by described selected report memory node respectively
Selected backup node in;
Described storage control centre, according to backup number set in advance and Redundancy concept, determines that every class is standby
The number of selected backup node in part node;If the number of selected backup node in one type backup node
More than 1, the most described storage control centre calculates each report memory node in such backup node to described
The storage consumption of preferred selected backup node, and by the storage consumption calculated order choosing from small to large
Take the report memory node of corresponding number as the selected backup node in such backup node;And notify to be somebody's turn to do
Described result is backuped in such backup node by the preferred selected backup node in class backup node
In other selected backup node;
Described storage control centre be additionally operable to by the filename of described result and file verification and and
Store the mark correspondence storage of the report memory node of described result and backup thereof.
It is preferred that described the equipment management subsystem specifically includes: equipment management center node and multiple equipment
Distribution node;
Described equipment management center node destination host in the described cloud environment receiving manager's typing
Physical address information, and after authority and system information, calculate this destination host to each equipment distribution joint
The storage consumption of point;Select the equipment distribution node of storage consumption minimum as preferably being distributed by optional equipment
Node;Authority and the system information of this destination host are backuped to described preferably by optional equipment distribution node
In;
Described equipment management center node is additionally operable to select n machine room, for the machine room of each selection, point
Do not calculate and described preferably disappeared by the storage of each equipment distribution node in optional equipment distribution node to this machine room
Consumption, chooses equipment distribution node being saved by optional equipment distribution as this machine room that the storage consumption of calculating is minimum
Point;Described equipment management center node notify described preferably by optional equipment distribution node by this destination host
Authority and system information backup to each machine room by optional equipment distribution node;Wherein, described n is pre-
If facility information backup number.
The technical scheme of the embodiment of the present invention, uses multiple tasks carrying Node distribution formula framework, can perform
The security configuration of magnanimity destination host checks task, owing to task can be checked with executed in parallel security configuration,
Therefore the technical scheme consuming time is short, and efficiency is high.
Accompanying drawing explanation
Fig. 1 be the embodiment of the present invention cloud environment in destination host carried out the system knot of security configuration inspection
Composition;
Fig. 2 is that the result of this pending task is stored by the tasks carrying node of the embodiment of the present invention
The method flow schematic diagram of report storage subsystem;
Fig. 3 be the embodiment of the present invention cloud environment in destination host carried out the method stream of security configuration inspection
Journey schematic diagram.
Detailed description of the invention
Below with reference to accompanying drawing, technical scheme is carried out clear, complete description, it is clear that
Described embodiment is only a part of embodiment of the present invention rather than whole embodiments.
Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work
All other embodiments obtained by under premise, broadly fall into the scope that the present invention is protected.
The term such as " module " used in this application, " system " is intended to include the entity relevant to computer,
Such as but not limited to hardware, firmware, combination thereof, software or executory software.Such as, mould
Block it may be that it is not limited to: on processor run process, processor, object, journey can be performed
Sequence, the thread of execution, program and/or computer.For example, application program calculating equipment run
Can be module with this calculating equipment.One or more modules may be located at an executory process and/
Or in thread, a module can also be positioned on a computer and/or be distributed in two or the calculating of more multiple stage
Between machine.
Embodiments provide a kind of method in cloud environment, destination host being carried out security configuration inspection
And system, using multiple tasks carrying Node distribution formula framework, the safety that can perform magnanimity destination host is joined
Put inspection task, owing to task, therefore technical scheme can be checked with executed in parallel security configuration
The consuming time is short, and efficiency is high.
Describe the technical scheme of the embodiment of the present invention below in conjunction with the accompanying drawings in detail.The cloud ring of the embodiment of the present invention
Destination host is carried out the system construction drawing of security configuration inspection by border, sees Fig. 1, including: tasks carrying
Subsystem 101, the equipment management subsystem 102, baseline management subsystem 103;Wherein,
Tasks carrying subsystem 101 uses distributed frame, efficiently to realize the safety of magnanimity destination host
Configuration inspection task;Including: task scheduling node 1011 and multiple tasks carrying node 1012;
Wherein, task scheduling node 1011 is for after receiving the inspection task of security configuration, for often
Individual tasks carrying node, according to the network delay of this node to the destination host involved by this inspection task,
Bandwidth, bag arrival rate, and the overall performance ability of this tasks carrying node and the performance that taken, with
And the performance consumption sum of each check item in this inspection task, calculate this tasks carrying node and perform this inspection
Look into the performance consumption of task, and using this inspection task as pending task, be sent to performance consumption minimum
Tasks carrying node;
Additionally, after task scheduling node 1011 is additionally operable to receive by the report analysis task of administrator configurations,
According to the inspection result report total analyzed needed for this report analysis task, and this report analysis task institute
The sum of the destination host related to, calculates the performance consumption of this report analysis task;And for each
Business performs node, according to the averaging network of this node to each destination host involved by this report analysis task
Time delay, average bandwidth, average bag arrival rate, and the overall performance ability of this tasks carrying node and
The performance taken, and the performance consumption of this report analysis task, calculate this tasks carrying node and perform
The performance consumption of this report analysis task;This report analysis task is held as waiting by described task scheduling node
Row task, is sent to perform the tasks carrying node of the performance consumption minimum of this report analysis task;
Tasks carrying node 1012, for after receiving inspection task, is asked to the equipment management subsystem 102
Ask authority and the system information of destination host, and for each check item in this inspection task, to baseline pipe
Reason subsystem 103 is asked should the detection module of check item;Afterwards, this tasks carrying node is according to asking
The authority of the destination host asked and system information, be separately operable each detection module and realize destination host
The security configuration inspection of each check item;
Tasks carrying node 1012 is additionally operable to receive the request of report analysis task Back Report storage subsystem
The required each historical record checked involved by result report analyzed of this report analysis task;Request is gone through
Records of the Historian record generates each of this report analysis task and checks result report after being analyzed.
Above-mentioned the equipment management subsystem 102 is also adopted by distributed frame, to realize magnanimity destination host
The management of relevant information, it specifically includes: equipment management center node 1021 and multiple equipment distribution joint
Point 1022;
Wherein, the equipment management center node 1021 target master in the cloud environment receiving manager's typing
After the physical address information of machine, and authority and system information, calculate this destination host and distribute to each equipment
The storage consumption of node;The equipment distribution node 1022 selecting storage consumption minimum sets as the most selected
Standby distribution node;Authority and the system information of this destination host are backuped to preferably by optional equipment distribution joint
In point 1022.Wherein, physical address information and the authority information of destination host includes: the system of target
Type, the inspection webmaster mode of goal systems, the username and password logged in, destination host are configured
Configuration inspection entry, the physical location information of goal systems, i.e. frame and computer room information etc..
Owing to equipment distribution node is carried out preferably, so that the equipment management subsystem 102 is to magnanimity mesh
The management of the relevant information of mark main frame more rationalizes.
Equipment management center node 1021 receives the power of the destination host that tasks carrying node 1012 sends
Limit and system information request after, to tasks carrying node 1012 return correspondence destination host authority and
System information.
More preferably, equipment management center node 1021 can also carry out multiple backup: equipment management center saves
Point 1021, after determining preferably by optional equipment distribution node 1022, selects n machine room further,
For the machine room of each selection, calculate described preferably by each in optional equipment distribution node to this machine room respectively
The storage consumption of equipment distribution node, chooses the equipment distribution node of storage consumption minimum of calculating as this
Machine room by optional equipment distribution node;Wherein, n is default facility information backup number.
Equipment management center node 1021 notice state preferably by optional equipment distribution node by this destination host
Authority and system information backup to each machine room by optional equipment distribution node.
Above-mentioned baseline management subsystem 103 specifically includes, and checks bar for storing the baseline of sorts of systems
Mesh and the detection module of correspondence.Baseline management subsystem 103 receives tasks carrying node 1012 and sends
Detection module request after, to tasks carrying node 1012 return correspondence detection module.
Further, system destination host carrying out security configuration inspection in cloud environment may also include that report
Storage subsystem 104.
Report storage subsystem 104 may be used without distributed frame, to improve magnanimity task result
Storage efficiency, specifically include: storage control centre 1041 and multiple report memory node 1042;
Above-mentioned tasks carrying node 1012 is additionally operable to complete by treating that task scheduling node 1011 sends
After execution task, complete to this pending tasks carrying of described task scheduling node report;Afterwards, should
The result of pending task stores report storage subsystem 104.
Task scheduling node 1011 updates the performance taken of this tasks carrying node.
Storage control centre 1041 is for receiving the report of the result that tasks carrying node 1012 sends
After accusing storage request, for reporting each report memory node of storage subsystem 104, according to this report
Memory node is to the network delay of this tasks carrying node, bandwidth, bag arrival rate, and this report storage
Total memory space of node and having taken up room, calculates this report memory node to this tasks carrying node
Storage consumption;And choose the minimum report memory node of storage consumption as selected report memory node after,
Tasks carrying node 1012 returns the network address information of selected report memory node;
Multiple report memory nodes 1042 perform, for store tasks, the result that node 1012 transmits.
Further, save about the task scheduling node 1011 in tasks carrying subsystem 101 and tasks carrying
The description of other function of point 1012 and storage control centre 1041 refers to the cloud of the embodiment of the present invention
Destination host is carried out the method flow of security configuration inspection by environment.
Fig. 2 be the embodiment of the present invention cloud environment in destination host carried out the method stream of security configuration inspection
Journey schematic diagram, specifically includes following steps:
S201: task scheduling node 1011 is after receiving task, using the task of receiving as pending
Task, and according to the priority that manager is the configuration of this pending task, by this pending task to storage
To corresponding priority query.
In this step, the task that task scheduling node 1011 receives includes: passed through task scheduling by manager
The administration interface of node is configured to the inspection task of the security configuration in task scheduling node and report analysis is appointed
Business.
Further, during administrator configurations task, the priority of task can be divided into 7 grades, priority level
From low to high, the grade of the highest priority treatment of progression is the highest, and generally, the priority of task is defaulted as 1 grade,
The principle acting on FIFO for being in the different task of the priority query of same rank carries out follow-up place
Reason.
After task scheduling node 1011 is by pending task to storage to corresponding priority query, continue
The continuous process carrying out following steps.
S202: task scheduling node 1011, every each priority query of setting cycle poll, determines storage
Have in the priority query of the limit priority of pending task, and the priority query that will determine at first
The pending task being stored in is taken out.
S203: task scheduling node 1011 for from highest-priority queue take out pending task,
Calculate each tasks carrying node and perform the performance consumption of this pending task.
Specifically, if the pending task taken out from the priority query of limit priority is security configuration
Inspection task, then task scheduling node 1011 calculates each tasks carrying node and performs this pending inspection
The detailed process of the performance consumption looking into task is: for each tasks carrying node, hold according to each task
Row node arrives to the network delay of destination host involved by this pending inspection task, bandwidth, bag
Rate, the overall performance ability of each tasks carrying node and the performance taken, and this pending inspection
Looking into the performance consumption sum of each check item in task, calculating each tasks carrying node, to perform this pending
The performance consumption of inspection task.
Wherein, tasks carrying node performs the performance consumption formula of this pending inspection task and is:
In formula 1,
CjobThe performance consumption of this pending inspection task is performed for tasks carrying node;
Delay is tasks carrying node to be prolonged to the network of the destination host involved by this pending inspection task
Time;
CoccupiedThe performance taken for tasks carrying node;
CcapacityOverall performance ability for tasks carrying node;
Band is the tasks carrying node bandwidth to the destination host involved by this pending inspection task;
Rate is the tasks carrying node arrival rate to the destination host involved by this pending inspection task;
K is the numbering of check item in the inspection task that this is pending, is the natural number of 1~n;
CkPerform the performance consumption of kth check item for this tasks carrying node, be the natural number of 1~n;
N is the inspection task check item sum that this is pending.
If the report that pending task is security configuration taken out from the priority query of limit priority divides
Analysis task, then task scheduling node 1011 calculates each tasks carrying node and performs this pending report and divide
The detailed process of the performance consumption of analysis task is: analyze according to this pending report analysis required by task
Check result report total, and the sum of this pending destination host involved by report analysis task,
Calculate the performance consumption of this this pending report analysis task;Meanwhile, save according to each tasks carrying
Point is to the averaging network time delay of this each destination host involved by pending report analysis task, average band
Bag arrival rate wide, average, the overall performance ability of each tasks carrying node and the performance taken, with
And the performance consumption of this pending report analysis task, calculate each tasks carrying node and perform this and treat
The performance consumption of the report analysis task performed.
Wherein, the formula of the performance consumption that report calculated analyzes business is:
Njob=Nreport×Nserver(formula 2)
In formula 2,
NjobPerformance consumption for this pending report analysis task;
NreportThe sum of the inspection result report for being analyzed;
NserverPlatform for tasks carrying node to the destination host involved by this pending report analysis task
Number.
The formula calculating the performance consumption that tasks carrying node performs this pending report analysis task is:
In formula 3,
Cjob' the performance consumption of this pending report analysis task is performed for tasks carrying node;
Delay' is that tasks carrying node is to the destination host involved by this pending report analysis task
Network delay;
CoccupiedThe performance taken for tasks carrying node;
CcapacityOverall performance ability for tasks carrying node;
Band' is that tasks carrying node is to the destination host involved by this pending report analysis task
Bandwidth;
Rate' is tasks carrying node arriving to the destination host involved by this pending report analysis task
Reach rate;
NjobPerformance consumption for this pending report analysis task.
S204: task scheduling node 1011 judges whether each tasks carrying node is in overload and closes on state;
If all of tasks carrying node closes on state all in overload, then perform step S208;If this task is held
Row node is in non-overloaded and closes on state, then perform step S205.
Specifically, the performance taken according to each tasks carrying node, and each tasks carrying joint
Point performs the performance consumption of this pending task, if task scheduling node 1011 judges that this tasks carrying saves
Point is in non-overloaded and closes on state, then perform step S205;If task scheduling node 1011 judges own
Tasks carrying node close on state all in overload, then perform step S208: wait one of them task
Perform node before completion for the task of its distribution, and judge to be in after non-overloaded closes on state, execution
Step S205.
Wherein, performance consumption and this tasks carrying joint of this pending task is performed when this tasks carrying node
When the performance sum that point has currently taken is more than the overall performance ability of this tasks carrying node, then can assert
It is in overload for this tasks carrying node and closes on state;When this tasks carrying node performs this pending task
The performance sum that taken of performance consumption and this tasks carrying node less than this tasks carrying node
Overall performance ability time, then can regard as this tasks carrying node and be in non-overloaded and close on state.
The task that this pending task is sent to performance consumption minimum by S205: task scheduling node 1011 is held
Row node carries out tasks carrying.
Specifically, if the pending task taken out from the priority query of limit priority is security configuration
Inspection task, then the tasks carrying node that performance consumption is minimum performs the detailed process of this task and is: connect
Receive the tasks carrying node 1012 of this pending inspection task, ask to the equipment management subsystem 102
The authority of described destination host and system information, and for each check item in this pending inspection task,
Ask should the detection module of check item to baseline management subsystem 103;Afterwards, this tasks carrying joint
The authority of the destination host that point arrives according to request and system information, be separately operable each detection module and realize mesh
The security configuration inspection of each check item of mark main frame.So, by the tasks carrying node that performance consumption is minimum
Perform this task thus further improve tasks carrying efficiency.
If the report that pending task is security configuration taken out from the priority query of limit priority divides
Analysis task, then the tasks carrying node that performance consumption is minimum performs the detailed process of this task and is: receive
The tasks carrying node 1012 of this pending report analysis task, asks to report storage subsystem 102
The required each historical record checked involved by result report analyzed of this report analysis task;Request is gone through
Records of the Historian record generates each of this pending report analysis task and checks result report after being analyzed.
After the tasks carrying node that performance consumption is minimum carries out tasks carrying, perform step S206.
S206: this tasks carrying node, after completing this pending task, is reported to task scheduling node 1011
Accusing this pending tasks carrying complete, task scheduling node then updates having taken of this tasks carrying node
Performance.
The result of this pending task is stored report storage subsystem by S207: this tasks carrying node
System 104.
Specifically, the result of this pending task is stored report storage by this tasks carrying node
The method flow of system 104, as it is shown on figure 3, include following flow process:
S301: tasks carrying node is after completing this pending task, to report storage subsystem 104
Storage control centre 1041 sends report storage request.
S302: store the control centre 1041 each report memory node for report storage subsystem 104,
Calculate this report memory node storage consumption to this tasks carrying node.
Specifically, storage control centre 1041 is for each report storage joint of report storage subsystem 104
Point, according to the network delay of this report memory node to this tasks carrying node, bandwidth, arrival rate, with
And total memory space of this report memory node and having taken up room, calculate this report memory node to this
Business performs the storage consumption of node.
Wherein, calculating this report memory node to the formula of the storage consumption of this tasks carrying node is:
In formula 4,
SmetricStorage consumption for this report memory node to this tasks carrying node;
Delay " it is this report memory node network delay to this tasks carrying node;
SoccupiedThe memory space taken for this report memory node;
ScapacityTotal memory space for this report memory node;
Band " it is this report memory node bandwidth to this tasks carrying node;
Rate " it is this report memory node arrival rate to this tasks carrying node.
S303: storage control centre 1041 chooses the minimum report memory node of storage consumption as being applied for
After accusing memory node, return the network address information of selected report memory node to tasks carrying node 1012.
S304: tasks carrying node 1012 is according to the network address information returned, to selected report storage joint
Point transmits result.
In this step, save to the report storage that the storage consumption of this tasks carrying node is minimum owing to preferably going out
Point, thus tasks carrying node is to the report memory node of the storage consumption minimum to this tasks carrying node
Transmit result and can improve the storage efficiency of system further.
S305: storage control centre 1041, according to the geographical location information of each report memory node, determines
Three class backup nodes of selected report memory node.
In this step, storage control centre 1041 by with selected report memory node report in same frame
Accuse memory node as first kind backup node;Will be different with selected report memory node at same machine room
Report memory node in frame is as Equations of The Second Kind backup node;Will be from selected report memory node different
The report memory node of machine room is as the 3rd class backup node.
S306: for every class backup node, chooses the minimum report memory node of storage consumption as such
Preferred selected backup node in backup node.
Specifically, for every class backup node, such backup is calculated according to by storage control centre 1041
Each report memory node in node, to the storage consumption of selected report memory node, chooses storage consumption
Minimum report memory node is as the preferred selected backup node in such backup node.
Wherein, report calculated memory node to the formula of the storage consumption of selected report memory node is:
In formula 5,
Smetric' for reporting the memory node storage consumption to selected report memory node;
Delay " ' for reporting the memory node network delay to selected report memory node;
Soccupied' for reporting the memory space that memory node has taken;
Scapacity' for reporting total memory space of memory node;
Band " ' for reporting the memory node bandwidth to selected report memory node;
Rate " ' for reporting the memory node arrival rate to selected report memory node.
S307: storage control centre 1041 notifies that result is backuped to by selected report memory node respectively
In three class backup nodes in preferred selected backup node.
S308: storage control centre 1041, according to backup number set in advance and Redundancy concept, determines
The number of selected backup node in every class backup node.
In this step, storage control centre 1041 can arrange different backup numbers according to different demands
And Redundancy concept, such as, if the backup number arranged is 3, then, storage control centre 1041 can first
Choose one with this report storage node node in same frame, choose one afterwards and deposit with this report
Storage node is not in same frame, but at the storage node of same machine room, finally chooses one with this node not
At the storage node of same machine room, and in this, as the Redundancy concept of report memory node;If arrange is standby
Part number is 4, then,
Storage control centre 1041 can first choose two with this report storage node knot in same frame
Point, chooses one with this report storage node afterwards not in same frame, but at the storage knot of same machine room
Point, finally chooses one with this node not at the storage node of same machine room, and in this, as report storage
The Redundancy concept of node.
In the embodiment of the present invention, the backup number of setting is n, then, storage control centre 1041 can first
Choose the individual node with this report storage node in same frame of n-1, choose one afterwards and deposit with this report
Storage node is not in same frame, but at the storage node of same machine room, finally chooses one with this node not
At the storage node of same machine room, and in this, as the Redundancy concept of report memory node.So, when one
Memory node in individual machine room breaks down when causing storing corrupted data, can be by being stored in other machine
Backup in room recovers this storage result, and backup scenario is the most reasonable, and that effectively resists in cloud environment is hard
Part fault.
S309: judge that in one type backup node, whether the number of selected backup node is more than 1;If wherein
In one class backup node, the number of selected backup node is not more than 1, then perform step S212;If wherein one
In class backup node, the number of selected backup node is more than 1, then perform step S210;
S310: storage control centre 1041 is by the report memory node storage consumption calculated from small to large
Order chooses the report memory node of corresponding number as the selected backup node in such backup node.
S311: notify that result is backuped to this by the preferred selected backup node in such backup node
In class backup node in other selected backup node.
S312: store control centre 1041 and by filename and the file verification of result and and store
The mark correspondence storage of the report memory node of result and backup thereof.
In technical scheme, use multiple tasks carrying Node distribution formula framework, magnanimity can be performed
The security configuration of destination host checks task, owing to can check task with executed in parallel security configuration, therefore
It is short that technical scheme expends the time, and efficiency is high;
Further, after task scheduling node receives inspection task, by task the highest for priority level
As pending inspection task, by calculating the tasks carrying node performance consumption to this inspection task, by
Performance consumption is minimum and is in the tasks carrying node of non-overloaded state and performs this inspection task;Thus more enter
One step improves tasks carrying efficiency;
After tasks carrying node performs inspection task, storage control centre calculates each report memory node and arrives
The storage consumption of this tasks carrying node, is stored to the report that storage consumption is minimum by this tasks carrying node
Node transmits result, further improves the storage efficiency of system;And memory node is carried out
Three class backups so that backup scenario is the most reasonable, it is simple to after some memory node fault, uses backup
Recover storage result.At whole tasks carrying with report storing process, tasks carrying node is deposited with report
The scheduling of storage node is more efficient flexibly.
The above is only the preferred embodiment of the present invention, it is noted that general for the art
For logical technical staff, under the premise without departing from the principles of the invention, it is also possible to make some improvement and profit
Decorations, these improvements and modifications also should be regarded as protection scope of the present invention.
Claims (16)
1. the method in a cloud environment, destination host being carried out security configuration inspection, it is characterised in that bag
Include:
Task scheduling node is after receiving the inspection task of security configuration, for each tasks carrying node,
According to this node to the network delay of destination host involved by this inspection task, bandwidth, bag arrival rate,
And the overall performance ability of this tasks carrying node and the performance that taken, and each in this inspection task
The performance consumption sum of check item, calculates this tasks carrying node and performs the performance consumption of this inspection task;
The tasks carrying node that this inspection task is sent to performance consumption minimum by described task scheduling node enters
Row tasks carrying:
Receive the tasks carrying node of this inspection task, ask described target master to the equipment management subsystem
The authority of machine and system information, and for each check item in this inspection task, to baseline management subsystem
Ask should the detection module of check item;Afterwards, the described mesh that this tasks carrying node arrives according to request
The authority of mark main frame and system information, be separately operable each detection module and realize each inspection to described destination host
Look into the security configuration inspection of item.
2. the method for claim 1, described according to this node to the mesh involved by this inspection task
The mark network delay of main frame, bandwidth, bag arrival rate, the overall performance ability of this tasks carrying node and
The performance consumption sum of each check item in the performance taken, and this inspection task, calculates this task and holds
Row node perform this inspection task performance consumption particularly as follows:
Calculate this tasks carrying node according to equation below 1 and perform the performance consumption of this inspection task:
Wherein, CjobThe performance consumption of this pending inspection task is performed for this tasks carrying node;Delay
Network delay for this tasks carrying node to the destination host involved by this pending inspection task;
CoccupiedThe performance taken for this tasks carrying node;CcapacityTotal for this tasks carrying node
Performance capability;Band is that this tasks carrying node is to the destination host involved by this pending inspection task
Bandwidth;Rate is this tasks carrying node arriving to the destination host involved by this pending inspection task
Reach rate;K is the numbering of check item in the inspection task that this is pending, is the natural number of 1~n;CkFor this
Tasks carrying node performs the performance consumption of kth check item;N is the inspection task check item that this is pending
Sum.
3. the method for claim 1, it is characterised in that described inspection task is to be led to by manager
The administration interface crossing described task scheduling node is configured in described task scheduling node;And
Described method also includes:
After described task scheduling node receives by the report analysis task of administrator configurations, according to this report
The required inspection result report total analyzed of analysis task, and the target involved by this report analysis task
The sum of main frame, calculates the performance consumption of this report analysis task;And
For each tasks carrying node, according to this node to each target involved by this report analysis task
The averaging network time delay of main frame, average bandwidth, average bag arrival rate, and this tasks carrying node is total
Performance capability and the performance taken, and the performance consumption of this report analysis task, calculate this
Business performs node and performs the performance consumption of this report analysis task;
This report analysis task is sent to perform the performance of this report analysis task by described task scheduling node
Consume minimum tasks carrying node and carry out tasks carrying:
Receive the tasks carrying node of this report analysis task, ask this report to report storage subsystem
The required each historical record checked involved by result report analyzed of analysis task;Historical record to request
Generate each of this report analysis task after being analyzed and check result report.
4. method as claimed in claim 3, it is characterised in that described divide to this report according to this node
The averaging network time delay of each destination host involved by analysis task, average bandwidth, average bag arrival rate, with
And the overall performance ability of this tasks carrying node and the performance that taken, and this report analysis task
Performance consumption, calculate this tasks carrying node perform this report analysis task performance consumption particularly as follows:
Calculate this tasks carrying node according to equation below 3 and perform the performance consumption of this report analysis task:
Wherein, Cjob' the performance consumption of this pending report analysis task is performed for this tasks carrying node;
Delay' is this tasks carrying node net to the destination host involved by this pending report analysis task
Network time delay;CoccupiedThe performance taken for this tasks carrying node;CcapacityFor this tasks carrying
The overall performance ability of node;Band' is that this tasks carrying node is to involved by this pending report analysis task
And the bandwidth of destination host;Rate' is that this tasks carrying node is to this pending report analysis task institute
The arrival rate of the destination host related to;NjobPerformance consumption for this pending report analysis task.
5. method as claimed in claim 3, it is characterised in that receiving at described task scheduling node
To the inspection task of security configuration, or described task scheduling node receives and is divided by the report of administrator configurations
After analysis task, also include:
Described task scheduling node using receive inspection task or report analysis task as pending task,
According to the priority that manager is the configuration of this pending task, by this pending task to storage to correspondence
In priority query;
Described task scheduling node, every each priority query of setting cycle poll, determines that storage needs to be held
The priority query of the limit priority of row task, and the priority query that will determine are stored at first
One pending task is taken out;And for each tasks carrying node, calculate this tasks carrying node and hold
The performance consumption of this pending task of row;
This pending task is sent to the tasks carrying node that performance consumption is minimum by described task scheduling node
Carry out tasks carrying.
6. method as claimed in claim 5, it is characterised in that this is treated at described task scheduling node
Before execution task is sent to the tasks carrying node that performance consumption is minimum, also include:
Described task scheduling node, for each tasks carrying node, has accounted for according to this tasks carrying node
Performance, and this tasks carrying node performs the performance consumption of this pending task, it is judged that this task
Whether execution node is in overload is closed on state;
If described task scheduling node judges that all of tasks carrying node closes on state all in overload,
Then wait that one of them tasks carrying node, before completion for the task of its distribution, and is in non-overloaded and faces
After nearly state, this pending task is sent to this non-overloaded and closes on the tasks carrying node of state and carry out appointing
Business performs.
7. method as claimed in claim 5, it is characterised in that this is treated at described task scheduling node
Execution task is sent to after the minimum tasks carrying node of performance consumption carries out tasks carrying, also include:
This tasks carrying node is after completing this pending task, and to described task scheduling node report, this is treated
Execution tasks carrying is complete;The property taken of described this tasks carrying node of task scheduling node updates
Energy;
Afterwards, the result of this pending task is stored described report storage by this tasks carrying node
Subsystem.
8. method as claimed in claim 7, it is characterised in that this is waited to hold by described tasks carrying node
The result of row task stores described report storage subsystem and specifically includes:
Described tasks carrying node is after completing this pending task, to depositing of described report storage subsystem
Storage control centre sends report storage request;
Described storage control centre for each report memory node of described report storage subsystem, according to
This report memory node is to the network delay of this tasks carrying node, bandwidth, bag arrival rate, and this report
Accuse total memory space of memory node and taken up room, calculating this report memory node to this tasks carrying
The storage consumption of node;
Described storage control centre chooses the minimum report memory node of storage consumption as selected report storage
After node, return the network address information of selected report memory node to described tasks carrying node;
Described tasks carrying node is according to the network address information returned, to described selected report memory node
Transmit described result.
9. method as claimed in claim 8, it is characterised in that at described tasks carrying node according to returning
The network address information returned, after described selected report memory node transmits described result, also includes:
Described storage control centre, according to the geographical location information of each report memory node, determines described quilt
Apply for accusing three class backup nodes of memory node: first kind backup node is for saving with described selected report storage
Point report memory node in same frame;Equations of The Second Kind backup node is and described selected report storage joint
Point report memory node on same machine room, different frames;3rd class backup node is selected with described
Report memory node is at the report memory node of different machine rooms;
For every class backup node, described storage control centre calculates each report in such backup node
Memory node is deposited to the storage consumption of described selected report memory node, the report choosing storage consumption minimum
Storage node is as the preferred selected backup node in such backup node;Described storage control centre notice
Described result is backuped in described three class backup nodes preferred by described selected report memory node respectively
Selected backup node in;
Described storage control centre, according to backup number set in advance and Redundancy concept, determines that every class is standby
The number of selected backup node in part node;If the number of selected backup node in one type backup node
More than 1, the most described storage control centre calculates each report memory node in such backup node to described
The storage consumption of preferred selected backup node, and by the storage consumption calculated order choosing from small to large
Take the report memory node of corresponding number as the selected backup node in such backup node;And notify to be somebody's turn to do
Described result is backuped in such backup node by the preferred selected backup node in class backup node
In other selected backup node;
Afterwards, described storage control centre by the filename of described result and file verification and and
Store the mark correspondence storage of the report memory node of described result and backup thereof.
10. destination host is carried out configuring the system of safety inspection by a cloud environment, it is characterised in that
Including: tasks carrying subsystem, the equipment management subsystem, baseline management subsystem;Wherein, described
Business executive subsystem includes: task scheduling node and multiple tasks carrying node;
Described task scheduling node is for after receiving the inspection task of security configuration, for each task
Perform node, according to this node to the network delay of destination host involved by this inspection task, bandwidth,
Bag arrival rate, and the overall performance ability of this tasks carrying node and the performance that taken, and this inspection
Look into the performance consumption sum of each check item in task, calculate this tasks carrying node and perform this inspection task
Performance consumption;The task that this inspection task is sent to performance consumption minimum by described task scheduling node is held
Row node;
Described tasks carrying node is for asking institute to the equipment management subsystem after receiving this inspection task
State authority and the system information of destination host, and for each check item in this inspection task, to baseline pipe
Reason subsystem request is to should the detection module of check item;Afterwards, this tasks carrying node arrives according to request
The authority of described destination host and system information, be separately operable each detection module and realize described target master
The security configuration inspection of each check item of machine.
11. systems as claimed in claim 10, it is characterised in that
After described task scheduling node is additionally operable to receive by the report analysis task of administrator configurations, according to
The required inspection result report total analyzed of this report analysis task, and involved by this report analysis task
The sum of destination host, calculate the performance consumption of this report analysis task;And
For each tasks carrying node, according to this node to each target involved by this report analysis task
The averaging network time delay of main frame, average bandwidth, average bag arrival rate, and this tasks carrying node is total
Performance capability and the performance taken, and the performance consumption of this report analysis task, calculate this
Business performs node and performs the performance consumption of this report analysis task;This report is divided by described task scheduling node
Analysis task is sent to perform the tasks carrying node of the performance consumption minimum of this report analysis task;
Described tasks carrying node is additionally operable to receive this report analysis task Back Report storage subsystem please
Seek the required each historical record checked involved by result report analyzed of this report analysis task;To request
Historical record generates each of this report analysis task and checks result report after being analyzed.
12. systems as claimed in claim 11, it is characterised in that
Inspection task or report analysis that described task scheduling node is additionally operable to receiving security configuration are appointed
After business, using the inspection task received or report analysis task as pending task, according to manager for should
The priority of pending task configuration, by this pending task to storage to corresponding priority query;
Described task scheduling node, every each priority query of setting cycle poll, determines that storage needs to be held
The priority query of the limit priority of row task, and the priority query that will determine are stored at first
One pending task is taken out;And for each tasks carrying node, calculate this tasks carrying node and hold
The performance consumption of this pending task of row;The task of this pending task being sent to performance consumption minimum is held
Row node carries out tasks carrying.
13. systems as claimed in claim 12, it is characterised in that also include: report storage subsystem;
Described tasks carrying node is additionally operable to after completing this pending task, to described task scheduling node
Report that this pending tasks carrying is complete;Afterwards, the result of this pending task is stored described
Report storage subsystem;The performance taken of described this tasks carrying node of task scheduling node updates.
14. systems as claimed in claim 13, it is characterised in that described report storage subsystem is concrete
Including: storage control centre and multiple report memory node;
Described storage control centre is for receiving the report of the described result that tasks carrying node sends
After storage request, for each report memory node of described report storage subsystem, deposit according to this report
Storage node is to the network delay of this tasks carrying node, bandwidth, bag arrival rate, and this report storage saves
Point total memory space and taken up room, calculating this report memory node depositing to this tasks carrying node
Storage consumes;And choose the minimum report memory node of storage consumption as selected report memory node after, to
Described tasks carrying node returns the network address information of selected report memory node;
Described tasks carrying node is according to the network address information returned, to described selected report memory node
Transmit described result.
15. systems as claimed in claim 14, it is characterised in that
After described storage control centre is additionally operable to return the network address information of selected report memory node, root
According to the geographical location information of each report memory node, determine that three classes of described selected report memory node are standby
Part node: first kind backup node is to deposit with the report in same frame of the described selected report memory node
Storage node;Equations of The Second Kind backup node is at same machine room with described selected report memory node, different frames
On report memory node;3rd class backup node is at different machine rooms from described selected report memory node
Report memory node;
For every class backup node, described storage control centre calculates each report in such backup node
Memory node is deposited to the storage consumption of described selected report memory node, the report choosing storage consumption minimum
Storage node is as the preferred selected backup node in such backup node;Described storage control centre notice
Described result is backuped in described three class backup nodes preferred by described selected report memory node respectively
Selected backup node in;
Described storage control centre, according to backup number set in advance and Redundancy concept, determines that every class is standby
The number of selected backup node in part node;If the number of selected backup node in one type backup node
More than 1, the most described storage control centre calculates each report memory node in such backup node to described
The storage consumption of preferred selected backup node, and by the storage consumption calculated order choosing from small to large
Take the report memory node of corresponding number as the selected backup node in such backup node;And notify to be somebody's turn to do
Described result is backuped in such backup node by the preferred selected backup node in class backup node
In other selected backup node;
Described storage control centre be additionally operable to by the filename of described result and file verification and and
Store the mark correspondence storage of the report memory node of described result and backup thereof.
16. systems as described in claim 10-15 is arbitrary, it is characterised in that described equipment control subsystem
System specifically includes: equipment management center node and multiple equipment distribution node;
Described equipment management center node destination host in the described cloud environment receiving manager's typing
Physical address information, and after authority and system information, calculate this destination host to each equipment distribution joint
The storage consumption of point;Select the equipment distribution node of storage consumption minimum as preferably being distributed by optional equipment
Node;Authority and the system information of this destination host are backuped to described preferably by optional equipment distribution node
In;
Described equipment management center node is additionally operable to select n machine room, for the machine room of each selection, point
Do not calculate and described preferably disappeared by the storage of each equipment distribution node in optional equipment distribution node to this machine room
Consumption, chooses equipment distribution node being saved by optional equipment distribution as this machine room that the storage consumption of calculating is minimum
Point;Described equipment management center node notify described preferably by optional equipment distribution node by this destination host
Authority and system information backup to each machine room by optional equipment distribution node;Wherein, described n is pre-
If facility information backup number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310665067.2A CN103634167B (en) | 2013-12-10 | 2013-12-10 | Security configuration check method and system for target hosts in cloud environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310665067.2A CN103634167B (en) | 2013-12-10 | 2013-12-10 | Security configuration check method and system for target hosts in cloud environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103634167A CN103634167A (en) | 2014-03-12 |
| CN103634167B true CN103634167B (en) | 2017-01-11 |
Family
ID=50214819
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310665067.2A Active CN103634167B (en) | 2013-12-10 | 2013-12-10 | Security configuration check method and system for target hosts in cloud environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103634167B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105245392A (en) * | 2014-06-27 | 2016-01-13 | 北京新媒传信科技有限公司 | Method and device for base line checking and repairing |
| CN105592015B (en) * | 2014-10-24 | 2019-05-24 | 中国移动通信集团广东有限公司 | Safety detection method and device under cloud environment |
| CN107196781B (en) * | 2017-01-06 | 2021-03-19 | 北京神州泰岳信息安全技术有限公司 | Security configuration checking task allocation method and device |
| CN111901214B (en) * | 2020-07-22 | 2022-03-18 | 积成电子股份有限公司 | Power monitoring serial communication method and system based on optimized polling mechanism |
| CN111970147B (en) * | 2020-07-29 | 2022-05-06 | 苏州浪潮智能科技有限公司 | Method for processing large-scale host faults of cloud platform |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1855841A (en) * | 2005-04-27 | 2006-11-01 | 华为技术有限公司 | Configuration of distributive telecommunication system |
| CN101632262A (en) * | 2007-03-14 | 2010-01-20 | Nxp股份有限公司 | Node of a distributed communication system, node and monitoring device coupled to such communication system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003083693A1 (en) * | 2002-04-03 | 2003-10-09 | Fujitsu Limited | Task scheduler in distributed processing system |
| US20150033235A1 (en) * | 2012-02-09 | 2015-01-29 | Telefonaktiebolaget L M Ericsson (Publ) | Distributed Mechanism For Minimizing Resource Consumption |
-
2013
- 2013-12-10 CN CN201310665067.2A patent/CN103634167B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1855841A (en) * | 2005-04-27 | 2006-11-01 | 华为技术有限公司 | Configuration of distributive telecommunication system |
| CN101632262A (en) * | 2007-03-14 | 2010-01-20 | Nxp股份有限公司 | Node of a distributed communication system, node and monitoring device coupled to such communication system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103634167A (en) | 2014-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhou et al. | On cloud service reliability enhancement with optimal resource usage | |
| CN103634167B (en) | Security configuration check method and system for target hosts in cloud environment | |
| CN103890714B (en) | It is related to the system and method that the main frame of the resource pool based on cluster perceives resource management | |
| Xia et al. | Stochastic modeling and performance analysis of migration-enabled and error-prone clouds | |
| CN103547994B (en) | The method and system across cloud computing for capacity management and disaster recovery | |
| Amoon | A fault-tolerant scheduling system for computational grids | |
| CN103617067A (en) | Electric power software simulation system based on cloud computing | |
| CN109614227A (en) | Task resource concocting method, device, electronic equipment and computer-readable medium | |
| Andrade et al. | Performability evaluation of a cloud-based disaster recovery solution for IT environments | |
| CN111181774A (en) | High-availability method, system, terminal and storage medium for MapReduce task | |
| Li et al. | Service reliability modeling and evaluation of active-active cloud data center based on the IT infrastructure | |
| Cai et al. | Experience availability: tail-latency oriented availability in software-defined cloud computing | |
| CN116701043B (en) | Heterogeneous computing system-oriented fault node switching method, device and equipment | |
| Zhou et al. | FTCloudSim: support for cloud service reliability enhancement simulation | |
| CN105471986B (en) | A kind of Constructing data center Scale Revenue Ratio method and device | |
| CN107426012A (en) | A kind of fault recovery method and its device based on super fusion architecture | |
| Sansottera et al. | Consolidation of multi-tier workloads with performance and reliability constraints | |
| Torquato et al. | A hierarchical model for virtualized data center availability evaluation | |
| Mahato et al. | Reliability modeling and analysis for deadline-constrained grid service | |
| Wang et al. | Performability analysis for iaas cloud data center | |
| CN106571969B (en) | A kind of cloud service usability evaluation method and system | |
| Lu et al. | A fault tolerant strategy in hybrid cloud based on QPN performance model | |
| Araújo et al. | Performability modeling of electronic funds transfer systems | |
| Shu et al. | A simulation-based reliability analysis approach of the fault-tolerant web services | |
| CN104883273A (en) | Method and system for processing service influence model in virtualized service management platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: Room 1308, 13th floor, East Tower, 33 Fuxing Road, Haidian District, Beijing 100036 Patentee after: China Telecom Digital Intelligence Technology Co.,Ltd. Address before: Room 413, block a, Qingya building, South ninth floor, No. 8, wenhuiyuan North Road, Haidian District, Beijing 100088 Patentee before: CHINA TELECOM GROUP SYSTEM INTEGRATION Co.,Ltd. |
|
| CP03 | Change of name, title or address |