CN103747011A - High-bandwidth network safety system - Google Patents
High-bandwidth network safety system Download PDFInfo
- Publication number
- CN103747011A CN103747011A CN201410031530.2A CN201410031530A CN103747011A CN 103747011 A CN103747011 A CN 103747011A CN 201410031530 A CN201410031530 A CN 201410031530A CN 103747011 A CN103747011 A CN 103747011A
- Authority
- CN
- China
- Prior art keywords
- server
- management
- load
- security gateway
- safety system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a high-bandwidth network safety system which comprises a management center, a security gateway, a core switch, a plurality of service switches, a plurality of load servers and a plurality of user terminals. The management center is connected with a wide area network sequentially by the security gateway and the core switch; the management center is used for implementing remote management on the plurality of load servers; each service switch is connected with the wide area network; each service switch is respectively connected with the load servers and the plurality of user terminals and is used for connecting the user terminal and the load server in each region to the wide area network; and the load servers are used for implementing management on the plurality of user terminals in the corresponding regions. The high-bandwidth network safety system has a multilevel management function, can implement load balancing and has high safety; the management center is provided with a center management master server and a center management secondary server so as to provide guarantee for continuous management ability of the load servers; and the multi-core security gateway can greatly improve data processing efficiency, promotes the system throughput, integrates with rich interfaces and has strong practicality.
Description
Technical field
The present invention relates to a kind of high bandwidth network safety system.
Background technology
Raising along with the penetration of information technology, enterprise, institutional settings or school all assembly internal network, network sets up, Information System configuration has brought a lot of facilities to these units, as resource-sharing, office automation and information transmission easily etc., has improved greatly operating efficiency.But along with the Opening degree of closed system improves, increasing information security issue is also appeared in one's mind out simultaneously.The features such as the opening that network has, sharing, make the information resources that are distributed in each server in a kind of high risk state, and these data are easy to be subject to the attack of the various malice such as illegal monitoring, bootlegging, unauthorized access.How effectively management information Internet resources, reasonably supervise their use, day by day become a major issue in information network application.
Existing network safety system is mainly by management server being set in control centre, by network, be connected to each user terminal, such system has the following disadvantages: once the management server of 1 network center breaks down, need to suspend management service, in use cannot reach the function of continuous service; 2, internal network does not generally arrange security gateway, and the safety in data exchange process can not get effective guarantee; 3, management server is directly connected to each user terminal by network, cannot realize multiple management.
Summary of the invention
The object of the invention is to overcome the deficiencies in the prior art, provide a kind of and there is multiple management function, can realize load balancing, safe high bandwidth network safety system, administrative center arranges centre management master server and centre management secondary server, for the sustainable management ability of load server provides guarantee; Security gateway adopts multinuclear security gateway, can increase substantially the treatment effeciency of data, elevator system throughput, and integrated abundant interface, practical.
The object of the invention is to be achieved through the following technical solutions: a kind of high bandwidth network safety system, it comprises administrative center, security gateway, core switch, a plurality of service switch, a plurality of load servers and a plurality of user terminal, administrative center is successively by security gateway and core switch connecting wan, administrative center is for realizing the telemanagement to a plurality of load servers, it is the control centre of whole network safety system, security gateway is for guaranteeing the safety of data interaction, core switch is for realizing being connected between administrative center and wide area network, complete exchanges data, each service switch connecting wan, each service switch is connected with a plurality of user terminals with load server respectively, each service switch is for being connected to wide area network by the user terminal in each region and load server, load server is for realizing the management of a plurality of user terminals of respective regions, user terminal is accepted the unified management of corresponding load server, receives strategy execution that corresponding load server issues.
A kind of high bandwidth network safety system also comprises a plurality of load management control desks, load management control desk is connected to service switch, interconnected between load management control desk and load server, coordinate with load server, realize the management of a plurality of user terminals of corresponding region.
Described administrative center comprises centre management master server and centre management secondary server, between centre management master server and centre management secondary server, interconnect, and be connected with security gateway respectively, centre management master server and centre management secondary server are all for a plurality of load servers of telemanagement, and centre management master server and centre management secondary server are when real work, only have a station server in running order, another is in resting state.
Described security gateway is multinuclear security gateway.Multinuclear security gateway comprises polycaryon processor, security module, ethernet controller, USB controller, serial communication interface, SPI interface and web search coprocessor, security module is connected with polycaryon processor, ethernet controller is connected with polycaryon processor by bus, by ethernet controller, expand a plurality of Ethernet interfaces, USB controller is connected with polycaryon processor by bus, by USB controller, expand a plurality of USB interface, web search coprocessor is connected with polycaryon processor by LA bus, be used for assisting polycaryon processor to complete needs real-time, the relatively-stationary operation of function, complete quick table lookup function, serial communication interface is connected with polycaryon processor respectively with SPI interface.
Described multinuclear security gateway also comprises wireless communication module, and wireless communication module is connected with polycaryon processor by bus.
The invention has the beneficial effects as follows:
(1) server comprises the center management server that is positioned at administrative center and the load server that is positioned at each region, meet a plurality of keepers in different location respectively the user terminal to different grouping manage, and realized the function of multiple management;
(2) be positioned at the server of administrative center as the management platform of other load servers, can carry out United Dispatching and management to load server, can carry out according to the loading condition of each load server the distribution of user terminal;
(3) administrative center is provided with two-server, be centre management master server and centre management secondary server, for the sustainable management ability of load server provides guarantee, once centre management master server breaks down, centre management secondary server can proceed to operating state from resting state automatically;
(4) be provided with security gateway, can effectively guarantee the safety of data interaction, improve the security performance of whole network safety system;
(5) security gateway adopts multinuclear security gateway, by polycaryon processor, realizes data processing, can increase substantially the treatment effeciency of data, elevator system throughput; Be provided with web search coprocessor, the work of tabling look-up is transferred to web search coprocessor and is completed from polycaryon processor, can significantly promote the performance of network safety system; Integrated abundant interface, practical.
Accompanying drawing explanation
Fig. 1 is theory diagram of the present invention;
Fig. 2 is the theory diagram of security gateway.
Embodiment
Below in conjunction with accompanying drawing, technical scheme of the present invention is described in further detail, but protection scope of the present invention is not limited to the following stated.
As shown in Figure 1, a kind of high bandwidth network safety system, it comprises administrative center, security gateway, core switch, a plurality of service switch, a plurality of load server and a plurality of user terminal, administrative center is successively by security gateway and core switch connecting wan, administrative center is for realizing the telemanagement to a plurality of load servers, it is the control centre of whole network safety system, security gateway is for guaranteeing the safety of data interaction, core switch, for realizing being connected between administrative center and wide area network, completes exchanges data; Each service switch is arranged on different regions, and difference connecting wan, each service switch is connected with a plurality of user terminals with load server respectively, each service switch is for being connected to wide area network by the user terminal in each region and load server, load server is for realizing the management of a plurality of user terminals of respective regions, user terminal is accepted the unified management of corresponding load server, receives strategy execution that corresponding load server issues.
A kind of high bandwidth network safety system also comprises a plurality of load management control desks, each load management control desk is arranged on different regions, load management control desk is connected to the service switch of respective regions, interconnected between load management control desk and load server, coordinate with load server, realize the management of a plurality of user terminals of corresponding region.Load management control desk provides good interface for man-machine interaction.
Described administrative center comprises centre management master server and centre management secondary server, between centre management master server and centre management secondary server, interconnect, and be connected with security gateway respectively, centre management master server and centre management secondary server are all for a plurality of load servers of telemanagement, and centre management master server and centre management secondary server are when real work, only have a station server in running order, another is in resting state.Between centre management master server and centre management secondary server, hold mode is communicated by letter, once centre management master server breaks down, centre management secondary server can initiatively proceed to operating state from resting state, load server is managed, thereby guaranteed the continuous and effective operation of network safety system.
Described security gateway is multinuclear security gateway.As shown in Figure 2, multinuclear security gateway comprises polycaryon processor, security module, wireless communication module, ethernet controller, USB controller, serial communication interface, SPI interface and web search coprocessor, and integrated SDRAM and NAND FLASH, security module is connected with polycaryon processor, realize enciphering and deciphering algorithm, ethernet controller is connected with polycaryon processor by bus, by ethernet controller, expand a plurality of Ethernet interfaces, USB controller is connected with polycaryon processor by bus, by USB controller, expand a plurality of USB interface, web search coprocessor is connected with polycaryon processor by LA bus, be used for assisting polycaryon processor to complete needs real-time, the relatively-stationary operation of function, complete quick table lookup function, serial communication interface is connected with polycaryon processor respectively with SPI interface, polycaryon processor connects external equipment by serial communication interface, SPI interface is used for realizing external 10GE ethernet port.Wireless communication module is connected with polycaryon processor by bus, realizes the function of radio communication.
Claims (6)
1. a high bandwidth network safety system, it is characterized in that: it comprises administrative center, security gateway, core switch, a plurality of service switch, a plurality of load server and a plurality of user terminal, administrative center is successively by security gateway and core switch connecting wan, administrative center is for realizing the telemanagement to a plurality of load servers, it is the control centre of whole network safety system, security gateway is for guaranteeing the safety of data interaction, core switch, for realizing being connected between administrative center and wide area network, completes exchanges data; Each service switch connecting wan, each service switch is connected with a plurality of user terminals with load server respectively, each service switch is for being connected to wide area network by the user terminal in each region and load server, load server is for realizing the management of a plurality of user terminals of respective regions, user terminal is accepted the unified management of corresponding load server, receives strategy execution that corresponding load server issues.
2. a kind of high bandwidth network safety system according to claim 1, it is characterized in that: it also comprises a plurality of load management control desks, load management control desk is connected to service switch, interconnected between load management control desk and load server, coordinate with load server, realize the management of a plurality of user terminals of corresponding region.
3. a kind of high bandwidth network safety system according to claim 1, it is characterized in that: described administrative center comprises centre management master server and centre management secondary server, between centre management master server and centre management secondary server, interconnect, and be connected with security gateway respectively, centre management master server and centre management secondary server are all for a plurality of load servers of telemanagement, and centre management master server and centre management secondary server are when real work, only have a station server in running order, another is in resting state.
4. a kind of high bandwidth network safety system according to claim 1, is characterized in that: described security gateway is multinuclear security gateway.
5. a kind of high bandwidth network safety system according to claim 4, it is characterized in that: described multinuclear security gateway comprises polycaryon processor, security module, ethernet controller, USB controller, serial communication interface, SPI interface and web search coprocessor, security module is connected with polycaryon processor, ethernet controller is connected with polycaryon processor by bus, by ethernet controller, expand a plurality of Ethernet interfaces, USB controller is connected with polycaryon processor by bus, by USB controller, expand a plurality of USB interface, web search coprocessor is connected with polycaryon processor by LA bus, be used for assisting polycaryon processor to complete needs real-time, the relatively-stationary operation of function, complete quick table lookup function, serial communication interface is connected with polycaryon processor respectively with SPI interface.
6. according to a kind of high bandwidth network safety system described in claim 4 or 5, it is characterized in that: described multinuclear security gateway also comprises wireless communication module, and wireless communication module is connected with polycaryon processor by bus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410031530.2A CN103747011A (en) | 2014-01-23 | 2014-01-23 | High-bandwidth network safety system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410031530.2A CN103747011A (en) | 2014-01-23 | 2014-01-23 | High-bandwidth network safety system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103747011A true CN103747011A (en) | 2014-04-23 |
Family
ID=50503998
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410031530.2A Pending CN103747011A (en) | 2014-01-23 | 2014-01-23 | High-bandwidth network safety system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103747011A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109862553A (en) * | 2017-11-30 | 2019-06-07 | 华为技术有限公司 | Terminal and communication means |
| CN110505115A (en) * | 2019-07-30 | 2019-11-26 | 网宿科技股份有限公司 | A kind of method and apparatus that monitoring interchanger runs high risk |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1728663A (en) * | 2004-07-30 | 2006-02-01 | 神州亿品科技(北京)有限公司 | Mobile access controller, mobile locak area network and metropolitan area network, and access method |
| CN101136778A (en) * | 2006-08-02 | 2008-03-05 | 美国凹凸微系有限公司 | Policy based vpn configuration for firewall/vpn security gateway appliance |
| US20090006602A1 (en) * | 2007-06-27 | 2009-01-01 | Shinya Takeuchi | Multi-host management server in storage system, program for the same and path information management method |
| CN101500022A (en) * | 2009-03-09 | 2009-08-05 | 北大方正集团有限公司 | Data access resource allocation method, system and equipment therefor |
| CN101958937A (en) * | 2009-07-17 | 2011-01-26 | 中国移动通信集团公司 | Query method of analysis system, number domain name system server and system |
| CN102331923A (en) * | 2011-10-13 | 2012-01-25 | 西安电子科技大学 | Multi-core and multi-threading processor-based functional macropipeline implementing method |
| CN103209119A (en) * | 2013-03-11 | 2013-07-17 | 苏州汉辰数字科技有限公司 | Low-power-consumption embedding type cloud intelligent gateway |
-
2014
- 2014-01-23 CN CN201410031530.2A patent/CN103747011A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1728663A (en) * | 2004-07-30 | 2006-02-01 | 神州亿品科技(北京)有限公司 | Mobile access controller, mobile locak area network and metropolitan area network, and access method |
| CN101136778A (en) * | 2006-08-02 | 2008-03-05 | 美国凹凸微系有限公司 | Policy based vpn configuration for firewall/vpn security gateway appliance |
| US20090006602A1 (en) * | 2007-06-27 | 2009-01-01 | Shinya Takeuchi | Multi-host management server in storage system, program for the same and path information management method |
| CN101500022A (en) * | 2009-03-09 | 2009-08-05 | 北大方正集团有限公司 | Data access resource allocation method, system and equipment therefor |
| CN101958937A (en) * | 2009-07-17 | 2011-01-26 | 中国移动通信集团公司 | Query method of analysis system, number domain name system server and system |
| CN102331923A (en) * | 2011-10-13 | 2012-01-25 | 西安电子科技大学 | Multi-core and multi-threading processor-based functional macropipeline implementing method |
| CN103209119A (en) * | 2013-03-11 | 2013-07-17 | 苏州汉辰数字科技有限公司 | Low-power-consumption embedding type cloud intelligent gateway |
Non-Patent Citations (1)
| Title |
|---|
| 宫彦婷 等: "《安全网关技术在医院内网安全中的研究与应用》", 《中国医学装备》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109862553A (en) * | 2017-11-30 | 2019-06-07 | 华为技术有限公司 | Terminal and communication means |
| CN109862553B (en) * | 2017-11-30 | 2022-07-12 | 华为技术有限公司 | Terminal and communication method |
| US11487910B2 (en) | 2017-11-30 | 2022-11-01 | Huawei Technologies Co., Ltd. | Terminal and communication method |
| CN110505115A (en) * | 2019-07-30 | 2019-11-26 | 网宿科技股份有限公司 | A kind of method and apparatus that monitoring interchanger runs high risk |
| CN110505115B (en) * | 2019-07-30 | 2021-07-13 | 网宿科技股份有限公司 | Method and device for monitoring switch running-up risk |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108564471B (en) | Energy Internet safety intelligent transaction system based on block chain technology and method thereof | |
| CN107888613B (en) | Management system based on cloud platform | |
| CN104578422B (en) | Remote maintenance method for transformer substation telecontrol forwarding table | |
| CN105827485A (en) | Node communication state monitoring method based on PRP (Parallel Redundancy Protocol) and HSR (High-availability Seamless Redundancy) networks | |
| CN104767741A (en) | Calculation service separating and safety protecting system based on light virtual machine | |
| CN101860024A (en) | Implementation method for integrating provincial dispatch organization PAS system and local-level dispatch organization PAS systems in electric power system | |
| CN103747011A (en) | High-bandwidth network safety system | |
| CN104113434B (en) | A kind of data center network redundancy control apparatus using multiple cases group system | |
| CN203225789U (en) | virtual desktop terminal system | |
| CN109214540A (en) | Reserve shared office management system | |
| CN208063238U (en) | Data encryption security ViGap | |
| CN103747439A (en) | Wireless controller equipment, wireless authentication processing method, system and networking technique | |
| CN106487718A (en) | A kind of independently controlled router controls exchange system | |
| CN206258875U (en) | A kind of encryption equipment | |
| CN207354339U (en) | A kind of power station integrated data processing system | |
| CN202475483U (en) | Safety isolation system | |
| CN204859202U (en) | Information security type intelligence house gateway | |
| CN204118858U (en) | A kind of transformer station dispatching automation uniting and adjustment system | |
| CN103336931A (en) | Computer-networking information-safety application system | |
| CN103810553A (en) | Building construction enterprise project management system | |
| CN108134778B (en) | Multipurpose cryptosystem based on cryptosystem virtualization slice | |
| CN205453789U (en) | Embedded type safety in terminal inserts module | |
| CN205754425U (en) | A kind of system of internet of things equipment access network | |
| CN202995793U (en) | Project management system of construction enterprise | |
| CN205829703U (en) | The big data platform of power scheduling based on collective and distributive type Cloud Server group |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20180105 |