CN105656916A - Cloud data center service subnet security management method and system - Google Patents
Cloud data center service subnet security management method and system Download PDFInfo
- Publication number
- CN105656916A CN105656916A CN201610067589.6A CN201610067589A CN105656916A CN 105656916 A CN105656916 A CN 105656916A CN 201610067589 A CN201610067589 A CN 201610067589A CN 105656916 A CN105656916 A CN 105656916A
- Authority
- CN
- China
- Prior art keywords
- subnet
- virtual
- firewall
- described business
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a cloud data center service subnet security management method and system. The cloud data center service subnet security management method comprises the steps: according to service security requirements of each service subnet, determining a firewall rule corresponding to the service security requirements of each service subnet; by referring to the firewall rule corresponding to each service subnet, configuring a virtual firewall corresponding to each service subnet; by utilizing all configured virtual firewalls, performing security protection on access data of each service subnet; wherein the service security requirements of each service subnet are data access security requirements between a service subnet and another service subnet in a cloud data center. According to the cloud data center service subnet security management method and system, the virtual firewalls capable of being configured in the interior of a physical server are introduced; furthermore, each virtual firewall can be configured with the self corresponding firewall rule according to the service security requirements of different service subnets; therefore, a purpose that a security protection function is provided for different service subnets in the data center so as to improve the security of internal data in the cloud data center is implemented.
Description
Technical field
The present invention relates to cloud computing and Firewall technical field, particularly relate to a kind of cloud numberAccording to method for managing security and the system of center business subnet.
Background technology
At present, along with the develop rapidly at cloud computing and large-scale data center, more and more enterpriseIndustry and choice of Government are rented the service of cloud data center. Such as cloud data center is rented by, enterpriseService moves business event and deposits all business datums, and these business datums are related to enterpriseThe normal operation of industry even relates to the vital strategic secrets of enterprise, once the critical data of cloud data centerSuffer illegally to read or destroy, can cause the core business of enterprise normally not move, Jin ErhuiBring the loss that cannot retrieve to enterprise. Visible, this just gives the safety Design of cloud data centerBring huge challenge with management.
In actual applications, in cloud data center, number of services is numerous and varied, such as grindingSend out, finance and market etc. business, and different business requires to differ to demand for security rankCause, this just makes the numerous and different business subnet of corresponding business subnet have different communicationDemand for security. But, because traditional physical hardware fire wall can not (also claim at physical hostPhysical server) inner deployment, therefore it can only provide peace for the Web portal of cloud data centerFull protection, and can not be to function of safety protection is provided between different business subnet in data center, shadowThe security of Xiang Liao cloud data center internal data.
The more than challenge great complexity that has been the safety Design band of cloud data center, and thisThe existence of kind of contradiction has had a strong impact on the development of data center and enterprise to data center securityRequirement, become and need the urgent technical barrier solving, therefore need badly in a kind of new cloud dataThe method for managing security of heart business subnet, to solve an above-mentioned difficult problem.
Summary of the invention
In view of this, the invention provides the safety management side of a kind of cloud data center business subnetMethod and system, provide function of safety protection to be embodied as in data center between different business subnet,And then the object of the security of raising cloud data center internal data.
For solving the problems of the technologies described above, the invention provides the peace of a kind of cloud data center business subnetFull management method, the method comprises:
According to the service security demand of each described business subnet, determine each described business subnetThe firewall rule that service security demand is corresponding;
With reference to firewall rule corresponding to each described business subnet, configure each described business subnetCorresponding virtual firewall;
Utilize the virtual firewall after all configurations, to the visit data between each described business subnetCarry out security protection;
Wherein, the service security demand of each described business subnet is this business subnet and described cloudData access demand for security in data center between other business subnet.
In said method, preferably, in fire prevention corresponding to the each described business subnet of described referenceWall rule, before configuring the virtual firewall that each described business subnet is corresponding, also comprises:
Be defined as the virtual firewall that each described business subnet distributes.
In said method, preferably, also comprise:
Be defined as the virtual router that each described business subnet distributes, and utilize the institute of each distributionState virtual router and realize the routing operations of data access between each described business subnet.
In said method, preferably, at the described virtual firewall utilizing after all configurations, rightVisit data between each described business subnet also comprises after carrying out security protection:
According to the network load condition of each described business subnet, adjust each described business subnet correspondenceThe quantity of virtual firewall.
The present invention also provides the safety management system of a kind of cloud data center business subnet, and this isTurnkey is drawn together:
Firewall rule determining unit, for according to the service security need of each described business subnetAsk, determine the firewall rule corresponding to service security demand of each described business subnet;
Firewall rule dispensing unit, for fire wall corresponding to the each described business subnet of referenceRule, configures virtual firewall corresponding to each described business subnet;
Security protection unit, for utilizing the virtual firewall after all configurations, to each described industryVisit data between business subnet carries out security protection;
Wherein, the service security demand of each described business subnet is this business subnet and described cloudData access demand for security in data center between other business subnet.
In said system, preferably, also comprise:
Virtual firewall determining unit, for corresponding at the each described business subnet of described referenceFirewall rule, before configuring the virtual firewall that each described business subnet is corresponding, is defined as everyThe virtual firewall that individual described business subnet distributes.
In said system, preferably, also comprise:
Routing unit, the virtual router distributing for being defined as each described business subnet, andUtilize the described virtual router of each distribution to realize the route of data access between each described business subnetOperation.
In said system, preferably, also comprise:
Adjustment unit, at the described virtual firewall utilizing after all configurations, described in eachAfter visit data between business subnet carries out security protection, according to the net of each described business subnetNetwork loading condition, adjusts the quantity of the virtual firewall that each described business subnet is corresponding.
Above the method for managing security of a kind of cloud provided by the invention data center business subnet andIn system, first according to the service security demand of each described business subnet, determine each described businessThe firewall rule corresponding to service security demand of subnet, wherein, each described business subnetService security demand is the number between other business subnet in this business subnet and described cloud data centerAccording to access security demand; Then, with reference to firewall rule corresponding to each described business subnet,Configure virtual firewall corresponding to each described business subnet; Finally, utilize the void after all configurationsIntend fire wall, the visit data between each described business subnet is carried out to security protection. The present invention drawsEnter to be deployed in the virtual firewall of physical server inside, broken away from traditional physics hardThe restriction that part fire wall can not be disposed in physical server inside, and can be for different industryThe service security demand of business subnet configures corresponding fire wall separately on virtual firewall separatelyRule, has realized in data center and provides function of safety protection between different business subnet taking this,And then the object of the security of raising cloud data center internal data.
Brief description of the drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, belowTo the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described, aobvious andEasily insight, the accompanying drawing in the following describes is only embodiments of the invention, common for this areaTechnical staff, is not paying under the prerequisite of creative work, can also be attached according to what provideFigure obtains other accompanying drawing.
The safety management of a kind of cloud data center business subnet that Fig. 1 provides for the embodiment of the present inventionThe flow chart of method;
A kind of application scenarios schematic diagram that Fig. 2 provides for the embodiment of the present invention;
The another kind of application scenarios schematic diagram that Fig. 3 provides for the embodiment of the present invention;
The safety management of a kind of cloud data center business subnet that Fig. 4 provides for the embodiment of the present inventionThe structured flowchart schematic diagram of system.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, to the technical side in the embodiment of the present inventionCase is clearly and completely described, and obviously, described embodiment is only one of the present inventionDivide embodiment, instead of whole embodiment. Based on the embodiment in the present invention, this area is generalLogical technical staff is not making the every other embodiment obtaining under creative work prerequisite,All belong to the scope of protection of the invention.
Core of the present invention is to provide the method for managing security of a kind of cloud data center business subnetAnd system, between different business subnet, provide function of safety protection to be embodied as in data center, enterAnd the object of the security of raising cloud data center internal data.
In order to make those skilled in the art person understand better the present invention program, below in conjunction with accompanying drawingThe present invention is described in further detail with detailed description of the invention.
With reference to figure 1, a kind of cloud data center business that Fig. 1 shows that the embodiment of the present invention providesThe flow chart of the method for managing security of subnet, the method specifically can comprise the steps:
Step S100, according to the service security demand of each business subnet, determine each business subnetFirewall rule corresponding to service security demand.
In actual applications, enterprise cloud data center generally comprise market subnet, financial subnet,Research and development subnet and various such as background support parts such as database, FTP and WEB etc.,Consider every kind of demand for security difference that business is corresponding, in the present invention, the industry of each business subnetBusiness demand for security is the data access between other business subnet in this business subnet and cloud data centerDemand for security, such as, market subnet can be accessed as outer nets such as Internet, and financial subnetBelong to department's core, market subnet can not be accessed; Again such as, research and development subnet can not access outer netWith financial subnet, but it is allowed to VPN access, and access way is PPTP, user name passwordFor usertest:userpwd; For another example, financial subnet does not allow access research and development subnet and outer net,But it is allowed to accessing database. Etc..
Step S101, firewall rule corresponding to the each business subnet of reference, configure each businessNet corresponding virtual firewall.
Virtual firewall is that fire wall is realized in physical server with the form of virtual machine, canA fire wall is logically divided into many virtual fire walls, and each virtual firewall isSystem can be regarded as a completely independently firewall box, can have independently system moneySource, keeper, security strategy, user authentication data storehouse etc., effectively improve existing resource utilizationRate. It is the whole network that virtual firewall not only can be positioned over Web portal place as physics fire wallSafety guarantee is provided, can also on a physical server, moves as required one or moreVirtual firewall, for the different business of different subnets provides different firewall rules, this isTraditional physics fire wall cannot be realized. With reference to prior art, from die angle, voidIntending fire wall specifically can comprise: access control module, tactful FWSM, flow-controlModule, VPN module etc. The function of virtual firewall can comprise: packet filtering, and by wrappingFilter, fire wall can be realized and stop attacks, forbids outer/inner access certain site, and restriction is oftenThe flow of individual IP and linking number, transparent forwarding, access control, comprehensively daily record, centralized management,Flow-controls etc., have realized security and the availability of very strong self simultaneously and provide rightThe support of IPV6 has good extensibility.
Particularly, keeper can be according to the actual demand of business subnet security feature by dynamically selectingSelect and add or delete virtual firewall, and join on different virtual firewalls according to safety requirementsPut different firewall rules, to realize reinforcement and the security feature to data center's security performanceFine-grained management, enrich the function of network portion in system simultaneously and provide newly special to networkThe support of property. Therefore, be understandable that, need to first determine that keeper is each business subnetThe virtual firewall distributing, and then with reference to the each self-corresponding virtual fire prevention of firewall rule configurationWall.
In addition, in the present invention, in realizing data center, between different business subnet, provide safetyWhen safeguard function, keeper can also be that each business subnet distribution is each self-corresponding virtualRouter, the present invention first determines that keeper is the virtual router that each business subnet distributes, soThe rear routing operations that utilizes the virtual router of each distribution to realize data access between each business subnet.Wherein, virtual router is to realize in physical server with the form of virtual machine equally, according toNeed to provide many in data center, and it mainly provides the interconnection of different segment and for havingThe Intranet needing provides the function that connects public network.
Particularly, virtual router functionality is as follows: network interconnection, virtual route is supported variousLAN and Wide Area Network interface, be mainly used in the interconnection of LAN and wide area network, realizes different netsNetwork is communicated by letter mutually; Data processing, provide comprise forwarding of packets, priority, multiplexing, encrypt,The functions such as compression; Network management, provides and comprises configuration management, performance management, fault-tolerant managementWith flow-control etc. From die angle, virtual router specifically can comprise: route mouldPiece, NAT module, DHCP module, load balancing module etc. Wherein, routing module providesThe function identical with physical router, mainly as internet route; NAT module provides IntranetThe function of virtual machine access outer net and to external shield the structure of network internal; DHCP module isThe virtual machine dynamic assignment IP of Intranet, managing virtual machines IP address.
More than, by the combination of virtual route and virtual firewall, can meet network internal notUnder the prerequisite of same subnet, different business communication requirement, ensure between different sub-network, different businessSafety, simultaneously to there is good compatibility and can in the form operation of virtual machine and physical machineTransplantability, merges in consolidation system security protection with data center management platformEnriched the function of network, the support to network new features new technology, the flexibility of deployment provideGood operability, in theory and practice, have very high value.
Step S102, utilize the virtual firewall after all configurations, to the visit between each business subnetAsk that data carry out security protection.
In the present invention, due to the great portability of virtual firewall and design flexibility, managementMember can be added by Dynamic Selection or delete virtual according to the actual demand of business subnet security featureFire wall, therefore, at the virtual firewall utilizing after all configurations, between each business subnetAfter visit data carries out security protection, can be according to the network load condition of each business subnet,Adjust the quantity of the virtual firewall that each business subnet is corresponding, further to improve existing resource profitBy rate.
To sum up, the present invention has introduced the virtual firewall that can be deployed in physical server inside,Having broken away from traditional physical hardware fire wall can not be at the inner restriction of disposing of physical server, screenCover the inconsistency of different vendor's hardware and configuration, and can be for different business subnetsService security demand on virtual firewall separately, configure separately corresponding firewall rule,Improve the high consistency that existing resource utilization rate realizes configuration simultaneously, realized as number taking thisAccording in provide function of safety protection between intracardiac different business subnet, and then improve in cloud data centerThe object of the security of portion's data.
Meanwhile, the present invention is by realizing in the form of many virtual firewalls of data center configurationTo the fine-grained management of data center's security feature, by the multi-service of cloud data center with how sonThe fine-grained management of net is in conjunction with traditional safety measure, level of security that can Shi Yun data centerGreatly improve, realize safety management by extensive transformation of making overall plans to refinement, entire and part,Greatly reducing the generation of Liao Yun data center security incident, is on a large scale should of cloud data centerWith favourable safety guarantee is provided, there is very high productive value and technological value.
Further, the present invention adopts virtual route based on virtual machine and the shape of virtual firewallFormula provides the security protection of the enterprise-level to data center, simultaneously by the mode of adding as requiredCan provide meticulous safety measure to the numerous subnets of cloud data center and numerous business, powerful propertyThe reliable guarantee of system stable operation can be provided, to new network new features as vxlan, ipv6Support provide very strong extensibility, abundant network function and powerful fault-tolerant abilityFor keeper provides multiple choices, the height one of configuration is straightforward and can effectively reduce data centerKeeper's work load, improves the efficiency of management, and the simplification of system upgrade is follow-up lastingSystem upgrade has been laid solid foundation.
Based on the disclosed technical scheme of the invention described above embodiment, in the present embodiment, based on realityApply for concreteness on border, with reference to a kind of application scenarios schematic diagram shown in figure 2, wherein,HOST is that physical host is physical server, and VM is the virtual machine operating on physical host,(VirtualRouter) &VF (VirtualFirewall) is virtual router and virtual anti-to VRWall with flues, the Microsoft Loopback Adapter that Veth is virtual machine, PG is port set, a PG represents a sonNet, the physical network card that eth is physical host. Little black surround in figure represents corresponding interface. PG1With PG2 be two different business subnets.
Particularly, virtual router VR provide between PG1 and two different sub-networks of PG2 mutuallyConnect and for PG1 and two subnets of PG2 provide the function of access wide area network, can be according to needSelect to enable, virtual route can be used as gateway, the support ipv6 of vxlan in network simultaneouslyThe support of routing function, has improved the extensibility of network.
Virtual firewall VF is responsible at Web portal place comprising in whole host being attached thereto and connectsThe network security of subnet, can configure the firewall rule between PG1 and PG2 simultaneously, protectsDemonstrate,prove the safety of network between inner different sub-network, improved greatly network internal different sub-network, noWith the flexibility of the security between business and configuration.
In data center, Router can arrange many and carry as required on different hostFor different functions, with reference to the another kind of application scenarios schematic diagram shown in figure 3, wherein, br isBridge (comprising br-ext), ovs-tunnel, ovs-manager are virtual switch.
In Fig. 3, host1 and host2 deploy virtual route and virtual firewall, host1On virtual route need to provide LAN to wide for subnet PG1 and PG2 according to managementThe interconnection of territory net, and be responsible for the virtual machine dynamic assignment IP under PG1 and PG2, configureWide area network has configured PG1 and PG2 to firewall rule, the while virtual firewall of LANBetween firewall rule (being access rule), by above-mentioned Configuration subnet PG1 withThe communication of virtual machine in subnet PG2, the intercommunication with wide area network, safety and the son of Web portalSafety between net.
When service traffics in subnet PG1 and subnet PG2 are large and service reliability requires specialWhen the demand of height and some route of PG3 and firewall functionality, can consider on host2Dispose virtual route and virtual firewall, in virtual route and the virtual fire prevention of host2 deployWhether whether wall can need to select to interconnect, interconnect with wide area network with PG1 subnet according to configurationDeng, can suitably reduce taking of resource according to the size of load in network simultaneously, arrive resourceMake full use of. Can select for the subnet that there is no virtual route and virtual firewall functional requirementSelect and do not dispose. Virtual firewall and virtual router are disposed powerful flexibly in network, toolThere is very strong practicality.
The safety management of the cloud data center business subnet providing based on the invention described above embodimentMethod, the embodiment of the present invention also provides the safety management system of a kind of cloud data center business subnetSystem, with reference to figure 4, this system 400 can comprise following content:
Firewall rule determining unit 401, for according to the service security need of each business subnetAsk, determine the firewall rule corresponding to service security demand of each business subnet;
Firewall rule dispensing unit 402, for fire wall corresponding to the each business subnet of referenceRule, configures virtual firewall corresponding to each business subnet;
Security protection unit 403, for utilizing the virtual firewall after all configurations, to each industryVisit data between business subnet carries out security protection;
Wherein, the service security demand of each business subnet is this business subnet and cloud data centerData access demand for security between interior other business subnet.
In the present invention, said system 400 specifically can also comprise virtual firewall determining unit,For with reference to firewall rule corresponding to each business subnet, configure each business subnet correspondingBefore virtual firewall, be defined as the virtual firewall that each business subnet distributes.
In the present invention, said system 400 specifically can also comprise routing unit, for being defined asThe virtual router that each business subnet distributes, and utilize the virtual router of each distribution to realize eachThe routing operations of data access between business subnet.
In the present invention, said system 400 specifically can also comprise adjustment unit, for utilizingVirtual firewall after all configurations, carries out security protection to the visit data between each business subnetAfterwards, according to the network load condition of each business subnet, adjust corresponding virtual of each business subnetThe quantity of fire wall.
It should be noted that, each embodiment in this description all adopts the mode of going forward one by one to retouchState, what each embodiment stressed is and the difference of other embodiment, each enforcementBetween example identical similar part mutually referring to. For system class embodiment, due toIt is substantially similar to embodiment of the method, so describe fairly simplely, relevant part is referring to methodThe part explanation of embodiment.
Safety management side to a kind of cloud provided by the present invention data center business subnet aboveMethod and system are described in detail. Applied specific case herein to principle of the present invention andEmbodiment is set forth, and the explanation of above embodiment is just of the present invention for helping to understandMethod and core concept thereof. It should be pointed out that for those skilled in the art,Under the premise without departing from the principles of the invention, can also carry out some improvement and modification to the present invention,These improvement and modification also fall in the protection domain of the claims in the present invention.
Claims (8)
1. the method for managing security of a Zhong Yun data center business subnet, is characterized in that, shouldMethod comprises:
According to the service security demand of each described business subnet, determine each described business subnetThe firewall rule that service security demand is corresponding;
With reference to firewall rule corresponding to each described business subnet, configure each described business subnetCorresponding virtual firewall;
Utilize the virtual firewall after all configurations, to the visit data between each described business subnetCarry out security protection;
Wherein, the service security demand of each described business subnet is this business subnet and described cloudData access demand for security in data center between other business subnet.
2. the method for claim 1, is characterized in that, in the each institute of described referenceState the firewall rule that business subnet is corresponding, configure virtual fire prevention corresponding to each described business subnetBefore wall, also comprise:
Be defined as the virtual firewall that each described business subnet distributes.
3. the method for claim 1, is characterized in that, also comprises:
Be defined as the virtual router that each described business subnet distributes, and utilize the institute of each distributionState virtual router and realize the routing operations of data access between each described business subnet.
4. the method as described in claims 1 to 3 any one, is characterized in that, in instituteState the virtual firewall utilizing after all configurations, the visit data between each described business subnet is enteredAfter row security protection, also comprise:
According to the network load condition of each described business subnet, adjust each described business subnet correspondenceThe quantity of virtual firewall.
5. the safety management system of a Zhong Yun data center business subnet, is characterized in that, shouldSystem comprises:
Firewall rule determining unit, for according to the service security need of each described business subnetAsk, determine the firewall rule corresponding to service security demand of each described business subnet;
Firewall rule dispensing unit, for fire wall corresponding to the each described business subnet of referenceRule, configures virtual firewall corresponding to each described business subnet;
Security protection unit, for utilizing the virtual firewall after all configurations, to each described industryVisit data between business subnet carries out security protection;
Wherein, the service security demand of each described business subnet is this business subnet and described cloudData access demand for security in data center between other business subnet.
6. system as claimed in claim 5, is characterized in that, also comprises:
Virtual firewall determining unit, for corresponding at the each described business subnet of described referenceFirewall rule, before configuring the virtual firewall that each described business subnet is corresponding, is defined as everyThe virtual firewall that individual described business subnet distributes.
7. system as claimed in claim 5, is characterized in that, also comprises:
Routing unit, the virtual router distributing for being defined as each described business subnet, andUtilize the described virtual router of each distribution to realize the route of data access between each described business subnetOperation.
8. the system as described in claim 5 to 7 any one, is characterized in that, also bagDraw together:
Adjustment unit, at the described virtual firewall utilizing after all configurations, described in eachAfter visit data between business subnet carries out security protection, according to the net of each described business subnetNetwork loading condition, adjusts the quantity of the virtual firewall that each described business subnet is corresponding.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610067589.6A CN105656916A (en) | 2016-01-29 | 2016-01-29 | Cloud data center service subnet security management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610067589.6A CN105656916A (en) | 2016-01-29 | 2016-01-29 | Cloud data center service subnet security management method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105656916A true CN105656916A (en) | 2016-06-08 |
Family
ID=56488147
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610067589.6A Pending CN105656916A (en) | 2016-01-29 | 2016-01-29 | Cloud data center service subnet security management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105656916A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106878302A (en) * | 2017-02-14 | 2017-06-20 | 武汉烽火信息服务有限公司 | A kind of cloud platform system and method to set up |
| CN106980789A (en) * | 2017-03-02 | 2017-07-25 | 中国信息安全测评中心 | Business diagnosis method and device, the appraisal procedure of service security and system |
| CN107104966A (en) * | 2017-04-25 | 2017-08-29 | 刘正达 | A kind of home wireless network security mechanism dynamically adjusted based on network structure |
| CN108650162A (en) * | 2018-03-19 | 2018-10-12 | 山东云安通信息技术有限公司 | A kind of mobile application gateway and comprehensive office system |
| CN109218280A (en) * | 2017-06-30 | 2019-01-15 | 瞻博网络公司 | Implement micro- partition strategy of the physics and virtual application component in data center |
| CN109361675A (en) * | 2018-10-30 | 2019-02-19 | 深信服科技股份有限公司 | A kind of method of information safety protection, system and associated component |
| CN112104492A (en) * | 2020-09-07 | 2020-12-18 | 紫光云(南京)数字技术有限公司 | Networking structure of cloud computing data center |
| CN114338153A (en) * | 2021-12-28 | 2022-04-12 | 杭州迪普科技股份有限公司 | IPSec negotiation method and device |
| CN115277231A (en) * | 2022-07-31 | 2022-11-01 | 招商局金融科技有限公司 | Firewall security configuration method and device, computer equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060095579A1 (en) * | 2004-10-28 | 2006-05-04 | Cisco Technology, Inc. | One arm data center topology with layer 4 and layer 7 services |
| CN103095701A (en) * | 2013-01-11 | 2013-05-08 | 中兴通讯股份有限公司 | Open flow table security enhancement method and device |
| US20130312056A1 (en) * | 2011-07-12 | 2013-11-21 | Cisco Technology, Inc. | Zone-Based Firewall Policy Model for a Virtualized Data Center |
| CN103746997A (en) * | 2014-01-10 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | Network security solution for cloud computing center |
| CN104023035A (en) * | 2014-06-26 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Method for protecting flow among virtual machines in same security domain |
| CN104092565A (en) * | 2014-06-24 | 2014-10-08 | 复旦大学 | Multi-tenant policy-driven type software-defined networking method for cloud data center |
| US20150281178A1 (en) * | 2014-03-31 | 2015-10-01 | Nicira, Inc. | Configuring interactions with a firewall service virtual machine |
-
2016
- 2016-01-29 CN CN201610067589.6A patent/CN105656916A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060095579A1 (en) * | 2004-10-28 | 2006-05-04 | Cisco Technology, Inc. | One arm data center topology with layer 4 and layer 7 services |
| US20130312056A1 (en) * | 2011-07-12 | 2013-11-21 | Cisco Technology, Inc. | Zone-Based Firewall Policy Model for a Virtualized Data Center |
| CN103095701A (en) * | 2013-01-11 | 2013-05-08 | 中兴通讯股份有限公司 | Open flow table security enhancement method and device |
| CN103746997A (en) * | 2014-01-10 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | Network security solution for cloud computing center |
| US20150281178A1 (en) * | 2014-03-31 | 2015-10-01 | Nicira, Inc. | Configuring interactions with a firewall service virtual machine |
| CN104092565A (en) * | 2014-06-24 | 2014-10-08 | 复旦大学 | Multi-tenant policy-driven type software-defined networking method for cloud data center |
| CN104023035A (en) * | 2014-06-26 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Method for protecting flow among virtual machines in same security domain |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106878302A (en) * | 2017-02-14 | 2017-06-20 | 武汉烽火信息服务有限公司 | A kind of cloud platform system and method to set up |
| CN106980789A (en) * | 2017-03-02 | 2017-07-25 | 中国信息安全测评中心 | Business diagnosis method and device, the appraisal procedure of service security and system |
| CN107104966A (en) * | 2017-04-25 | 2017-08-29 | 刘正达 | A kind of home wireless network security mechanism dynamically adjusted based on network structure |
| CN107104966B (en) * | 2017-04-25 | 2020-07-17 | 刘正达 | Method for realizing household wireless network safety based on network structure dynamic adjustment |
| CN109218280B (en) * | 2017-06-30 | 2021-07-23 | 瞻博网络公司 | Implementing differential segment policies for physical and virtual application components in a data center |
| CN109218280A (en) * | 2017-06-30 | 2019-01-15 | 瞻博网络公司 | Implement micro- partition strategy of the physics and virtual application component in data center |
| US11457043B2 (en) | 2017-06-30 | 2022-09-27 | Juniper Networks, Inc. | Enforcing micro-segmentation policies for physical and virtual application components in data centers |
| CN108650162A (en) * | 2018-03-19 | 2018-10-12 | 山东云安通信息技术有限公司 | A kind of mobile application gateway and comprehensive office system |
| CN109361675B (en) * | 2018-10-30 | 2021-08-13 | 深信服科技股份有限公司 | Information security protection method, system and related components |
| CN109361675A (en) * | 2018-10-30 | 2019-02-19 | 深信服科技股份有限公司 | A kind of method of information safety protection, system and associated component |
| CN112104492A (en) * | 2020-09-07 | 2020-12-18 | 紫光云(南京)数字技术有限公司 | Networking structure of cloud computing data center |
| CN114338153A (en) * | 2021-12-28 | 2022-04-12 | 杭州迪普科技股份有限公司 | IPSec negotiation method and device |
| CN114338153B (en) * | 2021-12-28 | 2023-07-25 | 杭州迪普科技股份有限公司 | IPSec negotiation method and device |
| CN115277231A (en) * | 2022-07-31 | 2022-11-01 | 招商局金融科技有限公司 | Firewall security configuration method and device, computer equipment and storage medium |
| CN115277231B (en) * | 2022-07-31 | 2024-02-06 | 招商局金融科技有限公司 | Firewall security configuration method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105656916A (en) | Cloud data center service subnet security management method and system | |
| US10523514B2 (en) | Secure cloud fabric to connect subnets in different network domains | |
| US9712624B2 (en) | Secure virtual network platform for enterprise hybrid cloud computing environments | |
| CN103621046B (en) | Network communication method and device | |
| US11089021B2 (en) | Private network layering in provider network environments | |
| EP2569902B1 (en) | Interconnecting members of a virtual network | |
| RU2382398C2 (en) | Generation of virtual network topology | |
| CN106789367A (en) | The construction method and device of a kind of network system | |
| US10652280B2 (en) | User interface features for enterprise security management | |
| CN105991738B (en) | Method and system across security domain resource-sharing in a kind of cloud resource pond | |
| US20180309788A1 (en) | Enterprise security management tool | |
| US20190097940A1 (en) | Network system and method for cross region virtual private network peering | |
| WO2016180181A1 (en) | Service function deployment method and apparatus | |
| CN103944768A (en) | Providing logical networking functionality for managed computer networks | |
| CN104506670A (en) | Method, device and system for establishing online game connection | |
| CN106789527A (en) | The method and system that a kind of private line network is accessed | |
| CN105704042A (en) | Message processing method, BNG and BNG cluster system | |
| US10841340B2 (en) | Custom node and profile classifications for enterprise security management tool | |
| US10979455B2 (en) | Solution definition for enterprise security management | |
| US10158674B2 (en) | Multi-level affinitization for enterprise security management | |
| CN105939267A (en) | Out-of-band management method and device | |
| CN103200030A (en) | Network management device and method | |
| CN105721487A (en) | Information processing method and electronic equipment | |
| CN108933702A (en) | A method of remote service is provided | |
| CN106059888A (en) | IP (Internet Protocol) address assignment method and device based on open network operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160608 |
|
| RJ01 | Rejection of invention patent application after publication |