CN103812867A - Self-adaption encryption and decryption security storage system and method based on ISCSI - Google Patents

Self-adaption encryption and decryption security storage system and method based on ISCSI Download PDF

Info

Publication number
CN103812867A
CN103812867A CN201410052455.8A CN201410052455A CN103812867A CN 103812867 A CN103812867 A CN 103812867A CN 201410052455 A CN201410052455 A CN 201410052455A CN 103812867 A CN103812867 A CN 103812867A
Authority
CN
China
Prior art keywords
state
load
target
encryption
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410052455.8A
Other languages
Chinese (zh)
Other versions
CN103812867B (en
Inventor
陈俭喜
刘景宁
冯丹
万全威
梅林军
郭雷
庄振龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201410052455.8A priority Critical patent/CN103812867B/en
Publication of CN103812867A publication Critical patent/CN103812867A/en
Application granted granted Critical
Publication of CN103812867B publication Critical patent/CN103812867B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于iSCSI的自适应加解密安全存储系统和方法,系统包括相连的启动端和目标端,启动端包括启动端负载计算器、启动端转换控制器和启动端加解密器;目标端包括目标端负载计算器、目标端转换器和目标端加解密器。负载计算器每隔ΔT1收集负载信息,计算负载值;启动端转换控制器收集启动端和目标端负载值,每隔ΔT2计算负载均值,根据两端负载均值判断是否进行状态转换,如果不进行转换则保持状态不变,如果进行状态转换则向目标端和启动端加解密器发送状态转换命令;加解密器对数据进行加解密并接受状态转换命令实现状态转换。本发明将加解密任务根据服务器负载进行合理分摊,从而大幅度提高iSCSI安全存储系统的性能。

The invention discloses an iSCSI-based self-adaptive encryption and decryption security storage system and method. The system includes a connected startup terminal and a target terminal, and the startup terminal includes a startup terminal load calculator, a startup terminal conversion controller and a startup terminal encryption and decryption device; The target side includes a target-side load calculator, a target-side converter, and a target-side encryptor. The load calculator collects load information every ΔT1, and calculates the load value; the starting end conversion controller collects the load values of the starting end and the target end, and calculates the average load value every ΔT2, and judges whether to perform state transition according to the average load value at both ends, if not. The state remains unchanged, and if the state transition is performed, a state transition command is sent to the target end and the initiator end encryptor; the encryptor decrypts the data and accepts the state transition command to realize the state transition. The invention reasonably allocates the encryption and decryption tasks according to the server load, thereby greatly improving the performance of the iSCSI secure storage system.

Description

A kind of self adaptation encryption and decryption safe storage system and method based on iSCSI
Technical field
Invention herein belongs to high-performance secure memory techniques field, is specifically related to a kind of self adaptation encryption and decryption safe storage system and method based on iSCSI.
Background technology
Along with the high speed development of computer technology and Internet technology, the data that produce in network are explosive growth, and how safely and efficiently access data becomes one of key issue of field of storage.
ISCSI (Internet Small Computer System Interface) agreement, i.e. internet small computer system interface agreement, is one of key pact in the network storage.ISCSI agreement is take TCP/IP (Transmission Control Protocol/Internet Protocol) agreement as basis, make SCSI (the Small Computer System Interface) agreement that originally can only transmit in bus, can between IP (Internet Protocol) network equipment, transmit.ISCSI storage system, with its with low cost, easy dilatation backup, higher transmission speed and the easy advantage such as installation and maintenance, is widely used in the network storage.
Because information is the most valuable resources of any entity or individual, once loss of data or leakage can cause serious consequence, particularly to having the unit of sensitive information as security bureau, army etc.The storage guaranteeing data security, need to be encrypted the data that will deposit in, is also difficult to obtain real information even if so directly steal data from storage medium, has just guaranteed in this way the high security of data storages.But current iSCSI storage system is all to carry out static encryption and decryption on start end server or destination end server, does not consider the loading condition at two ends.In the time data being carried out to senior encryption and decryption calculating, need very large amount of calculation, particularly in the situation that server itself externally provides service load very high, CPU is too busy, easily become bottleneck, cause whole iSCSI safe storage system performance degradation, affect stability and the storage system life-span of stores service.
Summary of the invention
For above defect or the Improvement requirement of prior art, the invention provides a kind of self adaptation encryption and decryption safe storage system and method based on iSCSI, from the angle of iSCSI storage system entirety adaptive load balancing, encryption and decryption task is carried out to dynamic assignment according to the loading condition of start end and destination end, the state of the load of assurance start end and destination end in relative equilibrium, thereby prevent load bottleneck, guaranteeing, under the prerequisite of data storage security, to improve the performance of encrypting and deciphering system.
The technical solution adopted for the present invention to solve the technical problems is, a kind of self adaptation encryption and decryption safe storage system based on iSCSI is provided, and described system comprises interconnected start end and destination end,
Described start end comprises the start end load calculator, start end switching controller and the start end encryption and decryption device that connect successively, and described start end load calculator, for collecting start end load information every the Δ T1 time, calculates start end load value; Described start end switching controller is for collecting the load value of start end and destination end, and every the load average at Δ T2 Time Calculation two ends, judge whether to carry out state conversion according to the load average at described two ends, if do not carry out state conversion, hold mode is constant, if carry out state conversion, sends state conversion command to destination end and start end encryption and decryption device; Described start end encryption and decryption device, for iSCSI data are carried out encryption and decryption and accepted described state conversion command, is realized state conversion, the migration of finishing the work;
Described destination end comprises the destination end load calculator, destination end transducer and the destination end encryption and decryption device that connect successively, and described destination end load calculator, for collecting destination end load information every the Δ T1 time, calculates destination end load value; Described destination end transducer, for destination end load value is sent to start end, receives described state conversion command and described state transitions order is sent to destination end encryption and decryption device; Described destination end encryption and decryption device, for iSCSI data are carried out encryption and decryption and accepted described state conversion command, is realized state conversion, the migration of finishing the work.
In the self adaptation encryption and decryption safe storage system based on iSCSI of the present invention, judge whether to carry out state conversion according to the load average at described two ends, deterministic process is followed following encryption and decryption state transition rules:
(1) if L (Initiator) differs and is less than Δ d with L (Target) load value, encryption and decryption task status remains unchanged;
(2) if L (Initiator) differs by more than Δ d with L (Target) load value, but two ends load value is all less than LTH, and encryption and decryption task status remains unchanged;
(3) if L (Initiator) differs by more than Δ d with L (Target) load value, but two ends load value is all greater than LTH, and encryption and decryption task status remains unchanged;
(4) if while not meeting (1) (2) (3) bar and L (Initiator) >L (Target):
Be state 2 if <1> is current, state conversion command is for to convert state 2 to state 1
Be state 3 if <2> is current, state conversion command is for to convert state 3 to state 1
Be state 4 if <3> is current, state conversion command is for to be converted to state 3 by state 4
Be state 1 if <4> is current, encryption and decryption task status remains unchanged
(5) if while not meeting (1) (2) (3) bar and L (Initiator) <L (Target):
Be state 1 if <1> is current, state conversion command is for to convert state 1 to state 2
Be state 2 if <2> is current, state conversion command is for to convert state 2 to state 4
Be state 3 if <3> is current, state conversion command is for to be converted to state 4 by state 3
Be state 4 if <4> is current, encryption and decryption task status remains unchanged
(6) if (1) (2) (3) (4) (5) situation in addition, encryption and decryption task status remains unchanged;
Δ d is start end and the poor threshold values of destination end load, and L (Initiator) is start end load average in the Δ T2 time, and L (Target) is Δ T2 time internal object end load average, and LTH is start end and destination end load threshold values;
Described state 1 be start end without task, destination end encryption and decryption; State 2 is encrypted for start end, and destination end is deciphered; State 3 is start end deciphering, and destination end is encrypted; State 4 is start end encryption and decryption, and destination end is without task.
In the self adaptation encryption and decryption safe storage system based on iSCSI of the present invention, described start end switching controller state of a control transfer process, and in Guarantee Status transfer process, transmit the strong consistency of data.
In the self adaptation encryption and decryption safe storage system based on iSCSI of the present invention, described start end load value, load average and destination end load value, load average obtain according to following load calculation model:
L &OverBar; ( CPU ) = { [ &Sigma; i = 1 k L i ( CPU ) ] / k } &times; 100 = { [ L 1 ( CPU ) + L 2 ( CPU ) + . . . + L k ( CPU ) ] / k } &times; 100
L &OverBar; ( M ) = [ C ( Used ) / C ( All ) ] &times; 100
L ( Server ) = L &OverBar; ( CPU ) &times; W ( CPU ) + L &OverBar; ( M ) &times; W ( M )
W(CPU)+W(M)=1
L &OverBar; ( Server ) = [ &Sigma; j = 1 n ( L j ( Server ) ) ] / n = [ L 1 ( Server ) + L 2 ( Server ) + . . . + L n ( Server ) ] / n
Figure BDA0000466353830000045
Described L (Server) is server overall load amount, and wherein k is the core amounts of CPU core in server,
Figure BDA0000466353830000046
for the average load amount of server CPU, C (Used) is the current internal memory use amount of server, C (All) is the physics size of all internal memories of server, W (CPU) accounts for the proportion of whole server load amount for cpu load amount, and W (M) accounts for the proportion of whole server load amount for memory negative carrying capacity;
Figure BDA0000466353830000047
for the average load amount of server in Δ T2, Δ T2 is the time interval that switching controller is changed judgement, and Δ T1 is the time interval that load calculator is collected server load, L j(Server) be server overall load amount in j Δ T1 time; Described server is start end server or destination end server.
Correspondingly, the present invention also provides a kind of self adaptation encryption and decryption method for secure storing based on iSCSI, and described method comprises the steps:
S1, iSCSI start end are collected start end server load information every Δ T1, calculates start end load value, and is passed to start end switching controller;
S2, iscsi target end are collected the load information of destination end server every Δ T1, calculate destination end load value, and passed to start end;
S3, iSCSI start end are obtained described start end load value and destination end load value, and every the Δ T2 time, calculate the load average of interior start end of Δ T2 time and destination end;
S4, iSCSI start end switching controller judge whether to carry out state conversion according to the load average at described two ends, if do not need state conversion, perform step S1; If need state conversion, send state conversion command to start end encryption and decryption device and destination end, carry out state conversion, make the encryption and decryption task of high capacity one end can partly or entirely move to low load one end.
In the self adaptation encryption and decryption method for secure storing based on iSCSI of the present invention, judge whether to carry out state conversion according to the load average at described two ends, deterministic process is followed following encryption and decryption state transition rules:
Judge whether to carry out state conversion according to the load average at described two ends, and generate state conversion command, its process is followed following encryption and decryption state transition rules:
(1) if L (Initiator) differs and is less than Δ d with L (Target) load value, encryption and decryption task status remains unchanged;
(2) if L (Initiator) differs by more than Δ d with L (Target) load value, but two ends load value is all less than LTH, and encryption and decryption task status remains unchanged;
(3) if L (Initiator) differs by more than Δ d with L (Target) load value, but two ends load value is all greater than LTH, and encryption and decryption task status remains unchanged;
(4) if while not meeting (1) (2) (3) bar and L (Initiator) >L (Target):
Be state 2 if <1> is current, state conversion command is for to convert state 2 to state 1
Be state 3 if <2> is current, state conversion command is for to convert state 3 to state 1
Be state 4 if <3> is current, state conversion command is for to be converted to state 3 by state 4
Be state 1 if <4> is current, encryption and decryption task status remains unchanged
(5) if while not meeting (1) (2) (3) bar and L (Initiator) <L (Target):
Be state 1 if <1> is current, state conversion command is for to convert state 1 to state 2
Be state 2 if <2> is current, state conversion command is for to convert state 2 to state 4
Be state 3 if <3> is current, state conversion command is for to be converted to state 4 by state 3
Be state 4 if <4> is current, encryption and decryption task status remains unchanged
(6) if (1) (2) (3) (4) (5) situation in addition, encryption and decryption task status remains unchanged;
Δ d is start end and the poor threshold values of destination end load, and L (Initiator) is start end load average in the Δ T2 time, and L (Target) is Δ T2 time internal object end load average, and LTH is start end and destination end load threshold values;
Described state 1 be start end without task, destination end encryption and decryption; State 2 is encrypted for start end, and destination end is deciphered; State 3 is start end deciphering, and destination end is encrypted; State 4 is start end encryption and decryption, and destination end is without task.
In the self adaptation encryption and decryption method for secure storing based on iSCSI of the present invention, described step S41 also comprises following sub-step:
If S41 need to carry out state conversion, start end switching controller sends state conversion command to start end encryption and decryption device, and waits for that start end encryption and decryption device state converts reply;
S42, start end encryption and decryption device receive after described state conversion command, first suspend and accept the I/O request that upper strata issues, and then judge the current I/O request of carrying out that whether has, and have the I/O request of carrying out if current, perform step S43; The I/O request of not carrying out if current, execution step S44;
There is the I/O carrying out to ask if S43 is current, wait for after it is finished and perform step S44;
S44, start end encryption and decryption device are corresponding state according to described state conversion command by current start end encryption and decryption task state transition;
After S45, start end encryption and decryption task state transition complete, start end encryption and decryption device sends to start end switching controller the reply that start end state converts; Start end switching controller receives after the reply that described start end state converts, and sends state conversion command, and wait for that destination end state converts reply to destination end transducer;
S46, destination end transducer receive after described state conversion command, send described state conversion command to destination end encryption and decryption device, and wait for that destination end encryption and decryption device state converts reply; Destination end encryption and decryption device receives after described state conversion command, is corresponding state according to described state conversion command by current encryption and decryption task state transition, and the reply converting to destination end transducer device transmission state;
S47, destination end transducer receive after the successful reply of destination end encryption and decryption device state conversion, the state information of modifying target end transducer, and convert reply to start end encryption and decryption switching controller transmission destination end state;
S48, start end encryption and decryption switching controller receive described destination end state and convert after reply, recover to receive the I/O request on upper strata, and send to start end switching controller the reply that recovers the I/O request that receives upper strata;
S49, start end switching controller receive the reply of the I/O request on described recovery reception upper strata, and now whole encryption and decryption task state transition all completes, execution step S1.
In the self adaptation encryption and decryption method for secure storing based on iSCSI of the present invention, described start end load value, load average and destination end load value, load average obtain according to following load calculation model:
L &OverBar; ( CPU ) = { [ &Sigma; i = 1 k L i ( CPU ) ] / k } &times; 100 = { [ L 1 ( CPU ) + L 2 ( CPU ) + . . . + L k ( CPU ) ] / k } &times; 100
L &OverBar; ( M ) = [ C ( Used ) / C ( All ) ] &times; 100
L ( Server ) = L &OverBar; ( CPU ) &times; W ( CPU ) + L &OverBar; ( M ) &times; W ( M )
W(CPU)+W(M)=1
L &OverBar; ( Server ) = [ &Sigma; j = 1 n ( L j ( Server ) ) ] / n = [ L 1 ( Server ) + L 2 ( Server ) + . . . + L n ( Server ) ] / n
Figure BDA0000466353830000081
Described L (Server) is server overall load amount, and wherein k is the core amounts of CPU core in server,
Figure BDA0000466353830000082
for the average load amount of server CPU, C (Used) is the current internal memory use amount of server, C (All) is the physics size of all internal memories of server, W (CPU) accounts for the proportion of whole server load amount for cpu load amount, and W (M) accounts for the proportion of whole server load amount for memory negative carrying capacity;
Figure BDA0000466353830000083
for the average load amount of server in Δ T2, Δ T2 is the time interval that switching controller is changed judgement, and Δ T1 is the time interval that load calculator is collected server load, L j(Server) be server overall load amount in j Δ T1 time; Described server is start end server or destination end server.
Therefore, the present invention can obtain following beneficial effect: according to the loading condition of iSCSI start end and destination end, dynamically carry out the combination of encryption and decryption task and state conversion, the encryption and decryption task of high capacity one end is partly or entirely moved to low load one end, amount of calculation is carried out to Cost Allocation according to loading condition, can eliminate like this performance bottleneck, increase substantially the performance of iSCSI safe storage system; Meanwhile, carry out having guaranteed when state is changed the strong consistency of transmission data in start end and destination end, thereby avoided the catastrophic effects such as data None-identified.
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the self adaptation encryption and decryption safe storage system structural representation that the present invention is based on iSCSI;
Fig. 2 is the self adaptation encryption and decryption method for secure storing workflow diagram that the present invention is based on iSCSI;
Fig. 3 the present invention is based on encryption and decryption task state transition rule schematic diagram in the self adaptation encryption and decryption method for secure storing of iSCSI;
Fig. 4 the present invention is based on encryption and decryption task switching flow figure in the self adaptation encryption and decryption method for secure storing of iSCSI;
Fig. 5 the present invention is based on data strong consistency in the self adaptation encryption and decryption method for secure storing of iSCSI to guarantee flow chart.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.In addition,, in each execution mode of described the present invention, involved technical characterictic just can combine mutually as long as do not form each other conflict.
Fig. 1 is the self adaptation encryption and decryption safe storage system structural representation that the present invention is based on iSCSI.As shown in Figure 1, the self adaptation encryption and decryption safe storage system that the present invention is based on iSCSI comprises iSCSI start end module and destination end module.Start end module comprises successively connected start end load calculator, start end switching controller and start end encryption and decryption device; Destination end module comprises successively connected destination end load calculator, destination end transducer and destination end encryption and decryption device.
Start end load calculator is collected start end load information every the Δ T1 time, calculates start end load value by load calculation model, as the tolerance of the current busy extent of start end place server.Then start end load value is passed to start end switching controller by start end load calculator.
Destination end load calculator is collected destination end load information every the Δ T1 time, calculates destination end load value by load calculation model, as the tolerance of the current busy extent of destination end place server.Then destination end load value is passed to destination end transducer by destination end load calculator, then be sent to start end switching controller by destination end transducer.
Start end switching controller is for collecting the load value of start end and destination end, and the load average at the two ends that calculate during this period of time every Δ T2 time basis, judges whether to carry out the conversion of encryption and decryption state according to encryption and decryption state transition rules.If needed, send state conversion command to start end encryption and decryption device and destination end; If do not needed, maintain the original state constant.The switching controller of start end is the decision-making maincenter of whole system, is most crucial module.Destination end transducer is only responsible for destination end load information to send to start end and receive the state conversion command that start end switching controller sends over.
The encryption and decryption device function of destination end and start end is identical.Start end encryption and decryption device, according to the state conversion command conversion encryption and decryption state that starts switching controller transmission, is carried out encryption and decryption task; The state conversion command conversion encryption and decryption state that destination end encryption and decryption device sends according to destination end transducer, carries out encryption and decryption task.
In the self adaptation encryption and decryption safe storage system based on iSCSI of the present invention, between start end switching controller and destination end transducer, connect and transmit load information and state conversion command by TCP.In a preferred embodiment of the invention, start end and destination end are disposed under linux system, between the switching controller of start end and destination end and encryption and decryption device, communicate by NetLink mechanism, encryption and decryption device is accepted the state conversion command of switching controller, and carries out state conversion.The encryption and decryption device of start end and the encryption and decryption device of destination end carry out the encryption and decryption of data by iSCSI agreement, guarantee that the data of final storage are ciphertexts.
Fig. 2 is the self adaptation encryption and decryption method for secure storing flow chart that the present invention is based on iSCSI.As shown in Figure 2, first start end and destination end carry out initialization, to build self adaptation iSCSI encrypting and deciphering system: by complete to hardware and systems soft ware configuration, iSCSI storage system can normally be moved, then load the modules of self adaptation encryption and decryption.In a preferred embodiment of the invention, suppose that encryption and decryption initial condition is state 1.
After initialization completes, carry out the performance optimization of iSCSI safe storage system, specifically comprise the following steps:
The load information that S1, iscsi target end are collected destination end server every Δ T1, calculates destination end server load value by load calculation model, and is passed to start end;
The load information that S2, iSCSI start end are collected start end server every Δ T1, calculates start end server load value by load calculation model, and is passed to start end switching controller;
S3, iSCSI start end are obtained described start end server load value and destination end server load value, and it is stored into respectively in Liang Ge round-robin queue, wait for Treatment Analysis; Start end is every the Δ T2 time, from described Liang Ge round-robin queue, takes out Δ T2 time load value, calculates the load average of start end and destination end in the Δ T2 time;
Whether S4, start end need to carry out state conversion according to described load average and encryption and decryption task state transition rule judgment, if do not need to carry out state conversion, perform step S1; If need to carry out state conversion, according to encryption and decryption task state transition rule generation state conversion command, and this order is sent to destination end;
If S5, destination end do not receive state conversion command, perform step S1; If destination end receives state conversion command, carry out encryption and decryption task state transition;
After S6, destination end encryption and decryption task state transition finish, destination end state is converted to reply and send to start end, the return information of start end receiving target end, task state transition completes.
Wherein, in above-mentioned steps S1 and S2, start end load value, load average and destination end load value, load average obtain according to following load calculation model:
L &OverBar; ( CPU ) = { [ &Sigma; i = 1 k L i ( CPU ) ] / k } &times; 100 = { [ L 1 ( CPU ) + L 2 ( CPU ) + . . . + L k ( CPU ) ] / k } &times; 100
L &OverBar; ( M ) = [ C ( Used ) / C ( All ) ] &times; 100
L ( Server ) = L &OverBar; ( CPU ) &times; W ( CPU ) + L &OverBar; ( M ) &times; W ( M )
W(CPU)+W(M)=1
L &OverBar; ( Server ) = [ &Sigma; j = 1 n ( L j ( Server ) ) ] / n = [ L 1 ( Server ) + L 2 ( Server ) + . . . + L n ( Server ) ] / n
Figure BDA0000466353830000115
Described L (Server) is server overall load amount, and wherein k is the core amounts of CPU core in server,
Figure BDA0000466353830000116
for the average load amount of server CPU, C (Used) is the current internal memory use amount of server, C (All) is the physics size of all internal memories of server, W (CPU) accounts for the proportion of whole server load amount for cpu load amount, and W (M) accounts for the proportion of whole server load amount for memory negative carrying capacity;
Figure BDA0000466353830000117
for the average load amount of server in Δ T2, Δ T2 is the time interval that switching controller is changed judgement, and Δ T1 is the time interval that load calculator is collected server load, L j(Server) be server overall load amount in j Δ T1 time; Described server is start end server or destination end server.
Fig. 3 the present invention is based on encryption and decryption task state transition rule schematic diagram in the self adaptation encryption and decryption method for secure storing of iSCSI.As shown in Figure 3, the state that meets native system only has 4 kinds, and the state of self adaptation encrypting and deciphering system is necessary for one of them at any time.And the conversion of state must be changed according to the direction of arrow in figure, possible conversion direction has six kinds, need carry out conversion direction judgement according to the state of current system and loading condition.
Self adaptation encrypting and deciphering system state of the present invention is as follows:
Com(EDS)=(α,β)
α=(e,d)?α=(Φ,d)?α=(e,Φ)?α=(Φ,Φ)
β=(e,d)?β=(Φ,d)?β=(e,Φ)?β=(Φ,Φ)
Wherein, Com (EDS): the compound mode of iSCSI adaptive security storage system start end and destination end encryption and decryption
α: start end encryption and decryption task combination mode
β: destination end encryption and decryption task combination mode
E: cryptographic tasks
D: task of decryption
Φ: idle task
Table 1 Adaptable System encryption and decryption task combining form table
State Formalization representation Practical significance
State 1 Com(EDS)=((Φ,Φ),(e,d)) Start end is without task, destination end encryption and decryption
State 2 Com(EDS)=((e,Φ),(Φ,d)) Start end is encrypted, destination end deciphering
State 3 Com(EDS)=((Φ,d),(e,Φ)) Start end deciphering, destination end is encrypted
State 4 Com(EDS)=((e,d),(Φ,Φ)) Start end encryption and decryption, destination end is without task
In self adaptation encryption and decryption safe storage system, legal state only has 4 shown in table 1, and the state transition rules of switching controller is as follows:
(1) if L (Initiator) differs and is less than Δ d with L (Target) load value, encryption and decryption task status remains unchanged;
(2) if L (Initiator) differs by more than Δ d with L (Target) load value, but two ends load value is all less than LTH, and encryption and decryption task status remains unchanged;
(3) if L (Initiator) differs by more than Δ d with L (Target) load value, but two ends load value is all greater than LTH, and encryption and decryption task status remains unchanged;
(4) if while not meeting (1) (2) (3) bar and L (Initiator) >L (Target):
Be state 2 if <1> is current, state conversion command is for to convert state 2 to state 1
Be state 3 if <2> is current, state conversion command is for to convert state 3 to state 1
Be state 4 if <3> is current, state conversion command is for to be converted to state 3 by state 4
Be state 1 if <4> is current, encryption and decryption task status remains unchanged
(5) if while not meeting (1) (2) (3) bar and L (Initiator) <L (Target):
Be state 1 if <1> is current, state conversion command is for to convert state 1 to state 2
Be state 2 if <2> is current, state conversion command is for to convert state 2 to state 4
Be state 3 if <3> is current, state conversion command is for to be converted to state 4 by state 3
Be state 4 if <4> is current, encryption and decryption task status remains unchanged
(6) if (if 1) (2) (3) (4) (5) situation in addition, encryption and decryption task status remains unchanged;
Wherein, Δ d: start end and the poor threshold values of destination end load, be only greater than this threshold values and just likely carry out state conversion, can be according to practical application dynamic adjustments
L (Initiator): start end load average numeric representation
L (Target): destination end load average numeric representation
LTH: start end and destination end load threshold values, only have one end to be greater than this threshold values one end and be less than this threshold values and just likely carry out state conversion, can be according to practical application dynamic adjustments
The switching controller of start end and destination end carries out condition judgement according to above 6.By above encryption and decryption state transition rules, the encryption and decryption task of high capacity one end can partly or entirely move to low load one end, amount of calculation is carried out to Cost Allocation according to loading condition, can eliminate like this performance bottleneck, increase substantially the performance of iSCSI safe storage system.
Fig. 4 the present invention is based on encryption and decryption Task Switching flow chart in the self adaptation encryption and decryption method for secure storing of iSCSI.As shown in Figure 4, timer is every Δ T2 time excited state transfer function, and start end judges that whether the load value in round-robin queue is enough, if load value is enough, take out respectively the load value of n group start end and destination end from Liang Ge round-robin queue, and calculate the load average of start end and destination end.Start end switching controller carries out state conversion according to above-mentioned encryption and decryption task state transition rule to be judged, if need to carry out state conversion, generates state conversion command and is sent to start end encryption and decryption device and destination end transducer.
After start end encryption and decryption device state is changed successfully, the reply that generation start end state converts is also sent to start end switching controller, and start end switching controller is revised start end state information; After destination end encryption and decryption device state is changed successfully, the reply that generation destination end state converts is also sent to destination end transducer, then by destination end transducer modifying target end state information.Send or receive if the reply that in this process, state converts fails, system is carried out abnormality processing, and reset condition is constant separately to keep start end and destination end, and timer is set, and waits for that the next Δ T2 time re-starts state conversion and judges.
Fig. 5 the present invention is based on data consistency in the self adaptation encryption and decryption method for secure storing of iSCSI to guarantee flow chart, need guarantee the strong consistency of data in the time that start end and destination end are carried out state conversion, and data consistency guarantees to be divided into following two stages.
First stage is that start end converter controller determines whether to carry out state conversion according to the loading condition at two ends in the Δ T2 time and encryption and decryption state transition rules, if do not carry out state conversion, maintain the original state constant, if need to carry out state conversion, provide NextState, suppose that previous status is 1, the next state of changing is state 2.Then start end switching controller sends state conversion command to start end encryption and decryption device, start end encryption and decryption device is received after state conversion command, first suspend and receive the I/O request that levels is sent out, and after waiting for that the request having received is disposed, current state is revised as to state 2 from state 1.After modification, send and convert reply to start end switching controller, the first stage converts.
Second stage is that start end switching controller sends state conversion command to destination end transducer.Destination end transducer receives after state conversion command, send state conversion command to destination end encryption and decryption device, destination end encryption and decryption device is received after state conversion command, and current state is converted to state 2 from state 1, and sends and convert reply to destination end transducer.Destination end transducer receives after this reply, then converts reply to start end switching controller transmission destination end state.Start end switching controller receives that the state of destination end converts after reply, again send to start end encryption and decryption device the order that recovers to carry out upper strata I/O, start end encryption and decryption device is received the rear Recovery processing upper strata I/O of this order, and send to start end switching controller the reply that recovery runs succeeded, start end switching controller receives the rear modification system of this reply global information, and second stage converts.
In transfer process, if there is overtime etc. any abnormal, need state of termination conversion, and return to original state.Above-mentioned two stages have guaranteed the strong consistency of data in start end and destination end state conversion process, thereby avoid the catastrophic effects such as data None-identified.
Those skilled in the art will readily understand; the foregoing is only preferred embodiment of the present invention; not in order to limit the present invention, all any modifications of doing within the spirit and principles in the present invention, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.

Claims (8)

1.一种基于iSCSI的自适应加解密安全存储系统,其特征在于,所述系统包括互相连接的启动端和目标端,1. A self-adaptive encryption and decryption security storage system based on iSCSI, characterized in that, the system includes an interconnected starting end and a target end, 所述启动端包括依次连接的启动端负载计算器、启动端转换控制器和启动端加解密器,所述启动端负载计算器用于每隔ΔT1时间收集启动端负载信息,计算启动端负载值;所述启动端转换控制器用于收集启动端和目标端的负载值,并每隔ΔT2时间计算两端的负载均值,根据所述两端的负载均值判断是否进行状态转换,如果不进行状态转换则保持状态不变,如果进行状态转换则向目标端和启动端加解密器分别发送状态转换命令,使得高负载一端的加解密任务可以部分或全部迁移到低负载一端;所述启动端加解密器用于对iSCSI数据进行加解密并接受所述状态转换命令,实现状态转换,完成任务迁移;The starting terminal includes a starting terminal load calculator, a starting terminal conversion controller and a starting terminal encryption decryptor connected in sequence, and the starting terminal load calculator is used to collect the starting terminal load information every ΔT1 time, and calculate the starting terminal load value; The start-end conversion controller is used to collect the load values of the start-end and the target end, and calculate the average load value at both ends every ΔT2 time, judge whether to perform state transition according to the load average value at both ends, and keep the state if no state transition is performed. If the state transition is performed, state transition commands are sent to the target end and the initiator end encryption device respectively, so that the encryption and decryption tasks at the high load end can be partially or completely migrated to the low load end; the initiator end encryption decryptor is used for iSCSI The data is encrypted and decrypted and the state transition command is accepted to realize the state transition and complete the task migration; 所述目标端包括依次连接的目标端负载计算器、目标端转换器和目标端加解密器,所述目标端负载计算器用于每隔ΔT1时间收集目标端负载信息,计算目标端负载值;所述目标端转换器用于将目标端负载值发送至启动端,接收所述状态转换命令并将所述状态转移命令发送至目标端加解密器;所述目标端加解密器用于对iSCSI数据进行加解密并接受所述状态转换命令,实现状态转换,完成任务迁移。The target end includes a target end load calculator, a target end converter, and a target end encryption decryptor connected in sequence, and the target end load calculator is used to collect target end load information every ΔT1 time, and calculate the target end load value; The target end converter is used to send the target end load value to the initiator, receives the state transition command and sends the state transition command to the target end encryption and decryption device; the target end encryption and decryption device is used to encrypt iSCSI data Decrypt and accept the state transition command to realize state transition and complete task migration. 2.如权利要求1所述的基于iSCSI的自适应加解密安全存储系统,其特征在于,根据所述两端的负载均值判断是否进行状态转换,并生成状态转换命令,其过程遵循如下加解密状态转换规则:2. The iSCSI-based self-adaptive encryption and decryption secure storage system according to claim 1, characterized in that, according to the average load value at both ends, it is judged whether to perform state transition, and a state transition command is generated, and the process follows the encryption and decryption state Conversion rules: (1)若L(Initiator)与L(Target)负载值相差小于Δd,则加解密任务状态保持不变;(1) If the load value difference between L(Initiator) and L(Target) is less than Δd, the state of the encryption and decryption task remains unchanged; (2)若L(Initiator)与L(Target)负载值相差大于Δd,但两端负载值均小于LTH,则加解密任务状态保持不变;(2) If the difference between the load values of L(Initiator) and L(Target) is greater than Δd, but the load values at both ends are less than LTH, the state of the encryption and decryption task remains unchanged; (3)若L(Initiator)与L(Target)负载值相差大于Δd,但两端负载值均大于LTH,则加解密任务状态保持不变;(3) If the load value difference between L(Initiator) and L(Target) is greater than Δd, but the load values at both ends are greater than LTH, the encryption and decryption task status remains unchanged; (4)若不满足(1)(2)(3)条且L(Initiator)>L(Target)时:(4) If (1) (2) (3) is not satisfied and L(Initiator)>L(Target): <1>如果当前为状态2,则状态转换命令为将状态2转换成状态1<1> If the current state is 2, the state transition command is to convert state 2 to state 1 <2>如果当前为状态3,则状态转换命令为将状态3转换成状态1<2> If the current state is 3, the state transition command is to convert state 3 to state 1 <3>如果当前为状态4,则状态转换命令为将状态4转换为状态3<3> If the current state is 4, the state transition command is to convert state 4 to state 3 <4>如果当前为状态1,则加解密任务状态保持不变<4> If the current state is 1, the state of the encryption and decryption task remains unchanged (5)若不满足(1)(2)(3)条且L(Initiator)<L(Target)时:(5) If (1) (2) (3) is not satisfied and L(Initiator)<L(Target): <1>如果当前为状态1,则状态转换命令为将状态1转换成状态2<1> If the current state is 1, the state transition command is to convert state 1 to state 2 <2>如果当前为状态2,则状态转换命令为将状态2转换成状态4<2> If the current state is 2, the state transition command is to convert state 2 to state 4 <3>如果当前为状态3,则状态转换命令为将状态3转换为状态4<3> If the current state is 3, the state transition command is to convert state 3 to state 4 <4>如果当前为状态4,则加解密任务状态保持不变<4> If the current state is 4, the state of the encryption and decryption task remains unchanged (6)若为(1)(2)(3)(4)(5)以外的情况,加解密任务状态保持不变;(6) In cases other than (1) (2) (3) (4) (5), the status of the encryption and decryption task remains unchanged; Δd为启动端和目标端负载差的阀值,L(Initiator)为ΔT2时间内启动端负载均值,L(Target)为ΔT2时间内目标端负载均值,LTH为启动端和目标端负载阀值;Δd is the threshold of the load difference between the initiator and the target, L (Initiator) is the average load of the initiator within ΔT2, L (Target) is the average load of the target within ΔT2, and LTH is the load threshold between the initiator and the target; 所述状态1为启动端无任务,目标端加解密;状态2为启动端加密,目标端解密;状态3为启动端解密,目标端加密;状态4为启动端加解密,目标端无任务。The state 1 is that the initiator has no task, and the target is encrypted and decrypted; the state 2 is that the initiator is encrypted, and the target is decrypted; the state 3 is that the initiator is decrypted, and the target is encrypted; and state 4 is that the initiator is encrypted and decrypted, and the target has no task. 3.如权利要求1所述的基于iSCSI的自适应加解密安全存储系统,其特征在于,所述启动端转换控制器控制状态转换过程,且保证状态转换过程中传输数据的强一致性。3. The iSCSI-based self-adaptive encryption and decryption secure storage system according to claim 1, characterized in that, the boot-end transition controller controls the state transition process and ensures the strong consistency of the transmitted data during the state transition process. 4.如权利要求1所述的基于iSCSI的自适应加解密安全存储系统,其特征在于,所述启动端负载值、负载均值和目标端负载值、负载均值根据如下负载计算模型得到:4. the iSCSI-based self-adaptive encryption and decryption safe storage system as claimed in claim 1, is characterized in that, described starting end load value, load mean value and target end load value, load mean value obtain according to following load calculation model: LL &OverBar;&OverBar; (( CPUCPU )) == {{ [[ &Sigma;&Sigma; ii == 11 kk LL ii (( CPUCPU )) ]] // kk }} &times;&times; 100100 == {{ [[ LL 11 (( CPUCPU )) ++ LL 22 (( CPUCPU )) ++ .. .. .. ++ LL kk (( CPUCPU )) ]] // kk }} &times;&times; 100100 LL &OverBar;&OverBar; (( Mm )) == [[ CC (( UsedUsed )) // CC (( Allall )) ]] &times;&times; 100100 LL (( ServerServer )) == LL &OverBar;&OverBar; (( CPUCPU )) &times;&times; WW (( CPUCPU )) ++ LL &OverBar;&OverBar; (( Mm )) &times;&times; WW (( Mm )) W(CPU)+W(M)=1W(CPU)+W(M)=1 LL &OverBar;&OverBar; (( ServerServer )) == [[ &Sigma;&Sigma; jj == 11 nno (( LL jj (( ServerServer )) )) ]] // nno == [[ LL 11 (( ServerServer )) ++ LL 22 (( ServerServer )) ++ .. .. .. ++ LL nno (( ServerServer )) ]] // nno
Figure FDA0000466353820000039
Figure FDA0000466353820000039
 所述L(Server)为服务器整体负载量,其中k为服务器中CPU内核的核心数量,
Figure FDA0000466353820000036
为服务器CPU的平均负载量,C(Used)为服务器当前内存使用量,C(All)为服务器所有内存的物理大小,W(CPU)为CPU负载量占整个服务器负载量的比重,W(M)为内存负载量占整个服务器负载量的比重;
Figure FDA0000466353820000037
为服务器在ΔT2内的平均负载量,ΔT2为转换控制器进行转换判断的时间间隔,ΔT1为负载计算器收集服务器负载的时间间隔,Lj(Server)为第j个ΔT1时间内服务器整体负载量;所述服务器为启动端服务器或目标端服务器。Said L (Server) is the overall load capacity of the server, wherein k is the number of cores of the CPU core in the server,
Figure FDA0000466353820000036
is the average CPU load of the server, C (Used) is the current memory usage of the server, C (All) is the physical size of all the memory of the server, W (CPU) is the ratio of the CPU load to the entire server load, W (M ) is the ratio of the memory load to the entire server load;
Figure FDA0000466353820000037
is the average load of the server within ΔT2, ΔT2 is the time interval for the conversion controller to judge the conversion, ΔT1 is the time interval for the load calculator to collect the server load, L j (Server) is the overall load of the server within the jth ΔT1 time ; The server is the initiator server or the target server. 5.一种基于iSCSI的自适应加解密安全存储方法,其特征在于,所述方法包括如下步骤:5. An iSCSI-based adaptive encryption and decryption safe storage method, characterized in that the method comprises the steps of: S1、iSCSI启动端每隔ΔT1收集启动端服务器的负载信息,计算启动端负载值,并将其传递给启动端转换控制器;S1. The iSCSI initiator collects the load information of the server at the initiator every ΔT1, calculates the load value of the initiator, and transmits it to the conversion controller of the initiator; S2、iSCSI目标端每隔ΔT1收集目标端服务器的负载信息,计算目标端负载值,并将其传给启动端;S2. The iSCSI target collects the load information of the target server every ΔT1, calculates the load value of the target, and transmits it to the initiator; S3、iSCSI启动端获取所述启动端负载值和目标端负载值,并每隔ΔT2时间,计算ΔT2时间内启动端和目标端的负载均值;S3. The iSCSI initiator obtains the load value of the initiator and the load value of the target, and calculates the average load value of the initiator and the target within ΔT2 every time ΔT2; S4、iSCSI启动端转换控制器根据所述两端的负载均值判断是否进行状态转换,如果不需要执行状态转换,则执行步骤S1;如果需要状态转换,则向启动端加解密器和目标端发送状态转换命令,进行状态转换,使得高负载一端的加解密任务可以部分或全部迁移到低负载一端。S4. The iSCSI initiator transition controller judges whether to perform state transition according to the average load value at both ends. If no state transition is required, perform step S1; if state transition is required, send the state to the initiator encryptor and target end. Convert commands to perform state transitions, so that the encryption and decryption tasks at the high-load end can be partially or completely migrated to the low-load end. 6.如权利要求5所述的基于iSCSI的自适应加解密安全存储方法,其特征在于,根据所述两端的负载均值判断是否进行状态转换,并生成状态转换命令,其过程遵循如下加解密状态转换规则:6. The iSCSI-based adaptive encryption and decryption secure storage method according to claim 5, characterized in that, according to the average load value at both ends, it is judged whether to perform state transition, and a state transition command is generated, and the process follows the encryption and decryption state Conversion rules: (1)若L(Initiator)与L(Target)负载值相差小于Δd,则加解密任务状态保持不变;(1) If the load value difference between L(Initiator) and L(Target) is less than Δd, the state of the encryption and decryption task remains unchanged; (2)若L(Initiator)与L(Target)负载值相差大于Δd,但两端负载值均小于LTH,则加解密任务状态保持不变;(2) If the difference between the load values of L(Initiator) and L(Target) is greater than Δd, but the load values at both ends are less than LTH, the state of the encryption and decryption task remains unchanged; (3)若L(Initiator)与L(Target)负载值相差大于Δd,但两端负载值均大于LTH,则加解密任务状态保持不变;(3) If the load value difference between L(Initiator) and L(Target) is greater than Δd, but the load values at both ends are greater than LTH, the encryption and decryption task status remains unchanged; (4)若不满足(1)(2)(3)条且L(Initiator)>L(Target)时:(4) If (1) (2) (3) is not satisfied and L(Initiator)>L(Target): <1>如果当前为状态2,则状态转换命令为将状态2转换成状态1<1> If the current state is 2, the state transition command is to convert state 2 to state 1 <2>如果当前为状态3,则状态转换命令为将状态3转换成状态1<2> If the current state is 3, the state transition command is to convert state 3 to state 1 <3>如果当前为状态4,则状态转换命令为将状态4转换为状态3<3> If the current state is 4, the state transition command is to convert state 4 to state 3 <4>如果当前为状态1,则加解密任务状态保持不变<4> If the current state is 1, the state of the encryption and decryption task remains unchanged (5)若不满足(1)(2)(3)条且L(Initiator)<L(Target)时:(5) If (1) (2) (3) is not satisfied and L(Initiator)<L(Target): <1>如果当前为状态1,则状态转换命令为将状态1转换成状态2<1> If the current state is 1, the state transition command is to convert state 1 to state 2 <2>如果当前为状态2,则状态转换命令为将状态2转换成状态4<2> If the current state is 2, the state transition command is to convert state 2 to state 4 <3>如果当前为状态3,则状态转换命令为将状态3转换为状态4<3> If the current state is 3, the state transition command is to convert state 3 to state 4 <4>如果当前为状态4,则加解密任务状态保持不变<4> If the current state is 4, the state of the encryption and decryption task remains unchanged (6)若为(1)(2)(3)(4)(5)以外的情况,加解密任务状态保持不变;(6) In cases other than (1) (2) (3) (4) (5), the status of the encryption and decryption task remains unchanged; Δd为启动端和目标端负载差的阀值,L(Initiator)为ΔT2时间内启动端负载均值,L(Target)为ΔT2时间内目标端负载均值,LTH为启动端和目标端负载阀值;Δd is the threshold of the load difference between the initiator and the target, L (Initiator) is the average load of the initiator within ΔT2, L (Target) is the average load of the target within ΔT2, and LTH is the load threshold between the initiator and the target; 所述状态1为启动端无任务,目标端加解密;状态2为启动端加密,目标端解密;状态3为启动端解密,目标端加密;状态4为启动端加解密,目标端无任务。The state 1 is that the initiator has no task, and the target is encrypted and decrypted; the state 2 is that the initiator is encrypted, and the target is decrypted; the state 3 is that the initiator is decrypted, and the target is encrypted; and state 4 is that the initiator is encrypted and decrypted, and the target has no task. 7.如权利要求5所述的基于iSCSI的自适应加解密安全存储方法,其特征在于,所述步骤S4还包括以下子步骤:7. The iSCSI-based adaptive encryption and decryption secure storage method according to claim 5, wherein said step S4 further comprises the following sub-steps: S41、如果需要进行状态转换,则启动端转换控制器向启动端加解密器发送状态转换命令,并等待启动端加解密器状态转换完成回复;S41. If state transition is required, the initiator conversion controller sends a state transition command to the initiator encryptor and decryptor, and waits for the initiator encryptor to complete the state transition and reply; S42、启动端加解密器接收到所述状态转换命令后,首先暂停处理上层下发的I/O请求,然后判断当前是否有正在执行的I/O请求,如果当前有正在执行的I/O请求,则执行步骤S43;如果当前没有正在执行的I/O请求,执行步骤S44;S42. After receiving the state transition command, the encryption and decryption device at the starting end first suspends processing the I/O request issued by the upper layer, and then judges whether there is an I/O request currently being executed. If there is an I/O request currently being executed request, then execute step S43; if there is no currently executing I/O request, execute step S44; S43、如果当前有正在执行的I/O请求,等待其执行完毕后执行步骤S44;S43. If there is currently an I/O request being executed, execute step S44 after waiting for the execution to be completed; S44、启动端加解密器根据所述状态转换命令将启动端当前加解密任务状态转换为相应状态;S44. The encryption and decryption device at the starting end converts the current encryption and decryption task state of the starting end into a corresponding state according to the state transition command; S45、启动端加解密任务状态转换完成后,启动端加解密器向启动端转换控制器发送启动端状态转换完成的回复;启动端转换控制器接收到所述启动端状态转换完成的回复后,向目标端转换器发送状态转换命令,并等待目标端状态转换完成回复;S45. After the state transition of the encryption and decryption task at the initiation end is completed, the encryption and decryption device at the initiation end sends a reply that the state transition of the initiation end is completed to the initiation end transition controller; after the initiation end transition controller receives the reply that the state transition of the initiation end is completed, Send a state transition command to the target-side converter, and wait for the target-side state transition to complete the reply; S46、目标端转换器接收到所述状态转换命令后,向目标端加解密器发送所述状态转换命令,并等待目标端加解密器状态转换完成回复;目标端加解密器接收到所述状态转换命令后,根据所述状态转换命令将当前加解密任务状态转换为相应状态,并向目标端转换器发送状态转换完成的回复;S46. After receiving the state transition command, the target end converter sends the state transition command to the target end encryptor and decryptor, and waits for the state transition completion reply of the target end encryptor/decryptor; the target end encryptor/decryptor receives the state After the conversion command, convert the current encryption and decryption task state into a corresponding state according to the state conversion command, and send a reply that the state conversion is completed to the target converter; S47、目标端转换器接收到目标端加解密器状态转换成功的回复后,修改目标端转换器的状态信息,并向启动端转换控制器发送目标端状态转换完成回复;S47. After receiving the reply that the state transition of the target encryptor decryptor is successful, the target end converter modifies the state information of the target end converter, and sends a target end state transition completion reply to the initiator transition controller; S48、启动端转换控制器接收到所述目标端状态转换完成回复后,向启动端加解密器发送恢复处理上层I/O请求的命令;启动端加解密器接收到所述命令后,恢复处理上层的I/O请求,并向启动端转换控制器发送完成恢复处理上层的I/O请求的回复;S48. After receiving the response from the completion of the state transition of the target end, the initiator conversion controller sends a command to the initiator encryption decryptor to resume processing the upper layer I/O request; after the initiator encryption decryptor receives the command, resumes the processing The I/O request of the upper layer, and send a reply to the I/O request of the upper layer to the conversion controller of the starting end to resume processing; S49、启动端转换控制器接收所述完成恢复处理上层的I/O请求的回复,此时整个加解密任务状态转换全部完成,执行步骤S1。S49. The switching controller at the starting end receives the reply of the I/O request of the upper layer of the completion of recovery processing, at this time, the state transition of the entire encryption and decryption task is completed, and step S1 is executed. 8.如权利要求5所述的基于iSCSI的自适应加解密安全存储方法,其特征在于,所述启动端负载值、负载均值和目标端负载值、负载均值根据如下负载计算模型得到:8. The iSCSI-based self-adaptive encryption and decryption safe storage method as claimed in claim 5, characterized in that, said starting end load value, load average value and target end load value, load average value are obtained according to the following load calculation model: LL &OverBar;&OverBar; (( CPUCPU )) == {{ [[ &Sigma;&Sigma; ii == 11 kk LL ii (( CPUCPU )) ]] // kk }} &times;&times; 100100 == {{ [[ LL 11 (( CPUCPU )) ++ LL 22 (( CPUCPU )) ++ .. .. .. ++ LL kk (( CPUCPU )) ]] // kk }} &times;&times; 100100 LL &OverBar;&OverBar; (( Mm )) == [[ CC (( UsedUsed )) // CC (( Allall )) ]] &times;&times; 100100 LL (( ServerServer )) == LL &OverBar;&OverBar; (( CPUCPU )) &times;&times; WW (( CPUCPU )) ++ LL &OverBar;&OverBar; (( Mm )) &times;&times; WW (( Mm )) W(CPU)+W(M)=1W(CPU)+W(M)=1 LL &OverBar;&OverBar; (( ServerServer )) == [[ &Sigma;&Sigma; jj == 11 nno (( LL jj (( ServerServer )) )) ]] // nno == [[ LL 11 (( ServerServer )) ++ LL 22 (( ServerServer )) ++ .. .. .. ++ LL nno (( ServerServer )) ]] // nno
Figure FDA0000466353820000065
Figure FDA0000466353820000065
 所述L(Server)为服务器整体负载量,其中k为服务器中CPU内核的核心数量,
Figure FDA0000466353820000066
为服务器CPU的平均负载量,C(Used)为服务器当前内存使用量,C(All)为服务器所有内存的物理大小,W(CPU)为CPU负载量占整个服务器负载量的比重,W(M)为内存负载量占整个服务器负载量的比重;
Figure FDA0000466353820000071
为服务器在ΔT2内的平均负载量,ΔT2为转换控制器进行转换判断的时间间隔,ΔT1为负载计算器收集服务器负载的时间间隔,Lj(Server)为第j个ΔT1时间内服务器整体负载量;所述服务器为启动端服务器或目标端服务器。Said L (Server) is the overall load capacity of the server, wherein k is the number of cores of the CPU core in the server,
Figure FDA0000466353820000066
is the average CPU load of the server, C (Used) is the current memory usage of the server, C (All) is the physical size of all the memory of the server, W (CPU) is the ratio of the CPU load to the entire server load, W (M ) is the ratio of the memory load to the entire server load;
Figure FDA0000466353820000071
is the average load of the server within ΔT2, ΔT2 is the time interval for the conversion controller to judge the conversion, ΔT1 is the time interval for the load calculator to collect the server load, L j (Server) is the overall load of the server within the jth ΔT1 time ; The server is the initiator server or the target server.
CN201410052455.8A 2014-02-17 2014-02-17 Self-adaption encryption and decryption security storage system and method based on ISCSI Active CN103812867B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410052455.8A CN103812867B (en) 2014-02-17 2014-02-17 Self-adaption encryption and decryption security storage system and method based on ISCSI

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410052455.8A CN103812867B (en) 2014-02-17 2014-02-17 Self-adaption encryption and decryption security storage system and method based on ISCSI

Publications (2)

Publication Number Publication Date
CN103812867A true CN103812867A (en) 2014-05-21
CN103812867B CN103812867B (en) 2017-04-19

Family

ID=50709068

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410052455.8A Active CN103812867B (en) 2014-02-17 2014-02-17 Self-adaption encryption and decryption security storage system and method based on ISCSI

Country Status (1)

Country Link
CN (1) CN103812867B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852502A (en) * 2006-05-29 2006-10-25 杭州华为三康技术有限公司 Method for realizing load uniform in clustering system, system and storage controller
CN102984080A (en) * 2012-12-31 2013-03-20 无锡城市云计算中心有限公司 Load balance method used for cloud computation system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852502A (en) * 2006-05-29 2006-10-25 杭州华为三康技术有限公司 Method for realizing load uniform in clustering system, system and storage controller
CN102984080A (en) * 2012-12-31 2013-03-20 无锡城市云计算中心有限公司 Load balance method used for cloud computation system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吕从东: "基于透明加解密的iSCSI安全存储系统设计与实现", 《技术天地》 *

Also Published As

Publication number Publication date
CN103812867B (en) 2017-04-19

Similar Documents

Publication Publication Date Title
CN104516767B (en) The method and system of the re-transmission time of applications client during setting virtual machine (vm) migration
US10067810B2 (en) Performing transactions between application containers
CN103593242B (en) Resource sharing control system based on Yarn frameworks
CN106341375B (en) Method and system for realizing encrypted access of resources
CN104156255B (en) A kind of virtual machine migration method, virtual machine (vm) migration device and source physical host
KR20160139493A (en) Method and apparatus for managing encryption keys for cloud service
CN112000598B (en) Processor for federal learning, heterogeneous processing system and private data transmission method
WO2020042798A1 (en) Cryptographic operation and working key creation method and cryptographic service platform and device
CN102984080A (en) Load balance method used for cloud computation system
CN111625496A (en) Method, device and equipment for deploying distributed file system in virtual machine environment
CN104199912B (en) A kind of method and device of task processing
CN102662723A (en) A virtual machine internal storage migration method based on down time threshold
US20200341812A1 (en) Aggregated virtualized compute accelerators
CN111625497A (en) Deployment method, device, equipment and storage medium of distributed file system
WO2017054536A1 (en) Disaster recovery method, device, and system
CN103414764A (en) A cloud platform elastic storage system and its implementation method for elastic storage
US10565020B2 (en) Adjustment of the number of central processing units to meet performance requirements of an I/O resource
CN112799851B (en) Data processing method and related device in multiparty security calculation
CN115858667A (en) Method, apparatus, device and storage medium for synchronizing data
CN105591964A (en) Device and method for overload protection for Internet system
US11805109B1 (en) Data transfer encryption offloading using session pairs
CN103812867A (en) Self-adaption encryption and decryption security storage system and method based on ISCSI
CN105812327B (en) Composite type multipurpose communication method and system
CN117332831A (en) Distributed neural network accelerator system
CN115237843B (en) Trusted computing system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant