CN106330575A - Safety service platform and safety service deployment method - Google Patents

Safety service platform and safety service deployment method Download PDF

Info

Publication number
CN106330575A
CN106330575A CN201610980266.6A CN201610980266A CN106330575A CN 106330575 A CN106330575 A CN 106330575A CN 201610980266 A CN201610980266 A CN 201610980266A CN 106330575 A CN106330575 A CN 106330575A
Authority
CN
China
Prior art keywords
security service
management module
information
module
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610980266.6A
Other languages
Chinese (zh)
Inventor
林永辉
岳海涛
江均勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Cloud Information Technology Co Ltd
Original Assignee
Shanghai Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Cloud Information Technology Co Ltd filed Critical Shanghai Cloud Information Technology Co Ltd
Priority to CN201610980266.6A priority Critical patent/CN106330575A/en
Publication of CN106330575A publication Critical patent/CN106330575A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/22Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Human Computer Interaction (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention embodiment discloses a safety platform and a safety service deployment method. The safety service platform comprises a lifecycle management module, a safety service image management module and a graphical display interface, wherein the lifecycle management module is used for providing configuration interface for the users, which acquires deployed configuration information of safety service required by the users through configuration interface, and deploys safety service in the targeted cloud platform based on the configuration information; communication of safety service image management module and lifecycle management module is under connection, which is used for providing ate least one image information of safety service for lifecycle management module; graphical display interface is used for graphical display of lifecycle management module and safety service image management module. The safety platform and safety service deployment method implementation provides unified operation platform for safety service deployment by adopting the above technical scheme, easy for operation, low-priced, and is convenient for the related technicians to implement unified deployment and maintenance for different safety services through the platform, to improve maintenance efficiency.

Description

A kind of safety service platform and security service dispositions method
Technical field
The present embodiments relate to field of cloud computer technology, particularly relate to a kind of safety service platform and security service is disposed Method.
Background technology
Along with fast development and the foundation of industrial chain in cloud computing market, on cloud, business is fast-developing, and cloud security the most more comes More it is subject to people's attention.When protecting business, traditional safety protection technique is generally based on hardware box, every time During deployment secure product, it is required for applying to purchase in advance and the network planning, after treating that security hardware buys, then carries out hardware box Installation and deployment, configuration and the service debugging etc. of son, this flow process is the veryest long, and is carrying out follow-up business dilatation, Or when the fault of safety equipment occurs, then need again to apply to purchase, for increasing or replace current hardware security product, expend Financial resources and manpower.
At present, security service provider conventional security protect on the basis of, it is provided that security service product on cloud, user according to Demand, disposes the service of security service provider in the cloud platform specified, thus reaches to protect the effect of business on cloud.Due to user Business be typically distributed across on different clouds, for the business on different clouds is carried out security protection, user need to be at different clouds On deployment of secure services one by one, and there may be different clouds there is different operation interfaces so that user operation is complicated, behaviour Making difficulty big, have a strong impact on the experience of user, meanwhile, when security service is broken down, operation maintenance personnel need to log in difference Cloud platform carry out the replacement of security service, maintenance efficiency is low.
Summary of the invention
The embodiment of the present invention provides a kind of safety service platform and security service dispositions method, to solve prior art in portion During administration's security service, the technological deficiency that cost is high, operation is complicated and maintenance efficiency is low.
First aspect, embodiments provides a kind of safety service platform, including:
Life cycle management module, security service mirror image management module and graphic software platform interface;
Described life cycle management module is used for providing the user configuration interface, obtains user institute by described configuration interface Need the configuration information of the security service disposed, and manage mould according to described configuration information and user at described security service mirror image The Mirror Info selected in block disposes described security service in target cloud platform, and wherein, described configuration information includes: security service Information, target cloud platform information, target service information and the specification information of described security service;
Described security service mirror image management module communicates to connect with described life cycle management module, is used for as described life Cycle management module provides the Mirror Info of at least one security service, and receives the Mirror Info that user selects;
Described graphic software platform interface is for managing module by described life cycle management mould and described security service mirror image It is patterned display.
Second aspect, the embodiment of the present invention additionally provides the dispositions method of a kind of security service, including:
Obtain user by graphic software platform interface and open the operation of life cycle management module, and open life cycle pipe Reason module, shows configuration interface;
The configuration information of user's security service to be disposed, wherein, described configuration letter is obtained by described configuration interface Breath includes: security service information, target cloud platform information, target service information and the specification information of described security service;
Generate configuring request by described life cycle management module according to described configuration information, and receive user in safety The Mirror Info of the described security service selected in service mirror image management module;
By described life cycle management module according to described configuring request and described Mirror Info, put down at described target cloud The target cloud platform that station information is corresponding disposes described security service.
The technical scheme that the embodiment of the present invention provides, provides the user configuration interface by life cycle management module, logical Cross configuration interface and obtain the configuration information of the required security service disposed of user, and according to configuration information in target cloud platform portion Administration's security service;The mirror of at least one security service is provided for life cycle management module by security service mirror image management module As information;By graphic software platform interface, life cycle management mould and security service mirror image are managed module and be patterned aobvious Show.The embodiment of the present invention is by using technique scheme, it is provided that the unified operation platform of deployment of secure services, passes through figure Change the configuration information of the patterned operation interface acquisition user such as display interface and configuration interface security service to be disposed, i.e. Can dispose corresponding security service in target cloud platform, process of disposing is simple, low cost, and it is logical to be easy to person skilled Cross this platform and different security services is carried out unified plan and maintenance, improve maintenance efficiency.
Accompanying drawing explanation
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, institute in the embodiment of the present invention being described below The accompanying drawing used is needed to be briefly described, it should be apparent that, the accompanying drawing in describing below is only some enforcements of the present invention Example, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to implements according to the present invention The content of example and these accompanying drawings obtain other accompanying drawing.
The structural framing schematic diagram of a kind of safety service platform that Fig. 1 provides for the embodiment of the present invention one;
The structural framing schematic diagram of a kind of safety service platform that Fig. 2 provides for the embodiment of the present invention two;
The structural framing schematic diagram of a kind of safety service platform that Fig. 3 provides for the embodiment of the present invention three;
The structural framing schematic diagram of a kind of safety service platform that Fig. 4 provides for the embodiment of the present invention four;
The schematic flow sheet of a kind of security service dispositions method that Fig. 5 provides for the embodiment of the present invention five.
Detailed description of the invention
The present invention is described in further detail with embodiment below in conjunction with the accompanying drawings.It is understood that this place is retouched The specific embodiment stated is used only for explaining the present invention, rather than limitation of the invention.It also should be noted that, in order to just Part related to the present invention is illustrate only rather than entire infrastructure in description, accompanying drawing.
It should be mentioned that, some exemplary embodiments are described as before being discussed in greater detail exemplary embodiment The process described as flow chart or method.Although flow chart each step is described as order process, but many of which Step can be implemented concurrently, concomitantly or simultaneously.Additionally, the order of each step can be rearranged.When it operates When completing, described process can be terminated, it is also possible to have the additional step being not included in accompanying drawing.Described process is permissible Corresponding to method, function, code, subroutine, subprogram etc..
Embodiment one
The structural framing schematic diagram of a kind of safety service platform that Fig. 1 provides for the embodiment of the present invention one.This platform is suitable for Situation in deployment of secure services.This safety service platform can be realized by software and/or hardware, can perform deployment of secure services Method.As it is shown in figure 1, the safety service platform 1 that the present embodiment provides may include that life cycle management module 101, safety clothes Business mirror image management module 102 and graphic software platform interface 103.
Wherein, life cycle management module 101 is used for providing the user configuration interface, obtains user institute by configuration interface Need the configuration information of the security service disposed, and select in security service mirror image management module according to configuration information and user Mirror Info in target cloud platform deployment of secure services, wherein, configuration information may include that security service information, target cloud Platform information, target service information and the specification information of security service;Security service mirror image management module 102 and life cycle pipe Reason module 101 communicates to connect, for providing the Mirror Info of at least one security service for life cycle management module 101, and Receive the Mirror Info that user selects;Graphic software platform interface 103 is for by life cycle management mould 101 and security service mirror image Management module 102 is patterned display.
Exemplary, security service information refers to the specifying information of the security service that user is to be disposed, and can include peace The type of full service, as antivirus services, the service of Web application firewall, anti-distributed traffic attack service or security audit clothes Business etc..Target cloud platform refers to the platform of deployment of secure services, and target service refers to the business that security service is to be protected, safety The specification information of service refers to the load capacity of security service, the service traffics that can carry such as the security service disposed or use In the disposal ability etc. of the central processing unit of security protection, concrete, a certain security service can be to 100,000,000 service traffics information Protect.
Exemplary, the life cycle of security service can be managed by user by life cycle management module 101, Such as security service can be created, delete, change or check.In security service mirror image management module 102, storage has peace The image file of full service, user can also upload the image file information of security service and manage module to security service mirror image In 102.Life cycle management module 101 and security service mirror image can be managed module 102 to scheme by graphic software platform interface 103 Target form shows.
Exemplary, the safety service platform 1 in the present embodiment can externally provide an open interface, makes user log in This safety service platform, as user inputs the IP address information that this safety service platform is externally announced, enters safety service platform Log-in interface, user inputs identification information and logs in, and enters the graphic software platform interface 103 of this safety service platform, use The icon of life cycle management module 101 correspondence can be clicked in family, then there will be security service and create, delete, change and check Icon, click on corresponding icon and then can perform to operate accordingly, such as, click on establishment, then configuration circle of security service occurs Face, security service to be disposed can be named in this interface, determine security service information and input mesh by user Mark cloud platform information, target service information and the specification information of security service.
It is understood that the safety service platform provided by the present embodiment, user can be all to disposed Security service is managed, and clicks on the deletion icon of security service, then can select needs in life cycle management module 101 The security service deleted, and confirm to delete;Any security service that this user then can be disposed by click change icon is carried out Change, such as, change the configuration information of security service;Click on and check all security services that this user then can be disposed by icon Information check.
Concrete, during creating security service, when determining the information of security service, life cycle management module 101 can communicate with security service mirror image management module 102, and the configuration interface of security service can link to security service The interface of mirror image management module 102, in display security service mirror image management module 102, all security service Mirror Infos are corresponding Icon, now, it is that is available that icon corresponding for security service to be disposed is drawn to life cycle management module 101 by user User select Mirror Info, configuration information confirm after, click determines, then can dispose in target cloud platform select Security service, this security service can carry out security protection to target service.
Further, when for target service deployment of secure services, can be by security service mirror image management module 102 Icon corresponding to multiple security services is drawn to life cycle management module 101, thus disposes multiple peace for target service simultaneously Full service, user can arrange the protection order of each security service, target in the configuration interface of life cycle management module 101 The service traffics of business can pass sequentially through each security service according to the protection order of user setup, it is achieved carries out target service The security protection of number of different types.
Prior art is when protecting multiple business, and usual multiple service traffics enter deployment from same entrance Security service, in fact it could happen that the intersection of security service is attacked by business, and security service as corresponding with business B in business A is respectively Security service A and security service B, in fact it could happen that business A attacks security service B, business B attacks the situation of security service A, if industry Being engaged in the most, then attack the most complicated, the security service of deployment is the most destroyed, and the safety service platform 1 that the present embodiment provides can The network technology provided by bottom deployment of secure services platform, such as software defined network (software define Network, SDN) technology, set up incidence relation between target service and the security service disposed, get through target service and institute Tunnel between the security service disposed, makes target service be merely able to by specific entrance corresponding to this target service through this tunnel Pass through disposed security service, be prevented effectively between different business the intersection to security service and attack so that the safety of deployment Service can provide the isolation of service layer, it is ensured that the reliability of the security service of deployment.
The technical scheme that the present embodiment provides, provides the user configuration interface by life cycle management module, by joining Put interface and obtain the configuration information of the required security service disposed of user, and dispose peace according to configuration information in target cloud platform Full service;The mirror image of at least one security service is provided to believe by security service mirror image management module for life cycle management module Breath;By graphic software platform interface, life cycle management module and security service mirror image are managed module and be patterned display. The present embodiment is by using technique scheme, it is provided that the unified operation platform of deployment of secure services, passes through graphic software platform The information of the security service that the patterned operation interface acquisition user such as interface and configuration interface is to be disposed, can be at target cloud Platform upper affixes one's name to corresponding security service, and process of disposing is simple, low cost, and is easy to person skilled by this platform pair Different security services carries out unified plan and maintenance, improves maintenance efficiency.
Further, when user disposes newly-increased security service, it is only necessary to obtain the mirror image letter of corresponding security service Breath, and it is uploaded to security service mirror image management module, it becomes possible to dispose this security service by this security platform, and to this safety Service is managed.This mode, before comparing, new one new security service of deployment needs through very long buying, network rule Draw, for the stage such as hardware installation and deployment, not only the used time is short, and can utilize the characteristic of bottom cloud platform, reduces and disposes Cost.And once upload according to cloud platform Mirror Info, nonexpondable characteristic, when other business of user have this safety clothes During the demand being engaged in, then this security service Mirror Info that directly use has been uploaded carries out security service configuration, puts down in security service For needing this security service of service deployment of protection on platform, lower deployment cost is low, and speed is fast.
On the basis of above-described embodiment, above-mentioned safety service platform 1 can also include: security service scheduler module;Peace Full service dispatch module communicates to connect with life cycle management module;Security service scheduler module is used for obtaining at least one cloud and puts down The resource information of platform, determines target cloud platform information according to resource information, and sends target cloud platform information to life cycle Management module 101.
Exemplary, when deployment of secure services, it is understood that there may be multiple optional cloud platforms are used for deployment of secure services, example Such as cloud platform 1, cloud platform 2 and cloud platform 3, in such a scenario, the security service scheduler module that the present embodiment provides can obtain Take the resource information of all optional cloud platforms, for example, it is possible to obtain the residual memory space information of each cloud platform, and according to respectively The resource information of cloud platform determines the cloud platform of deployment of secure services, i.e. target cloud platform.
Concrete, the resource information that security service scheduler module obtains can be: the residual memory space of cloud platform 1 is 1G, the residual memory space of cloud platform 2 is 2G, and the residual memory space of cloud platform 3 is 1.5G, then security service scheduler module will Cloud platform 2 is defined as target cloud platform, and sends address information available in cloud platform 2 to life cycle management module 101, As preferred target cloud platform information, so that security service is deployed in the cloud platform that surplus resources is more.
Embodiment two
The structural framing schematic diagram of a kind of safety service platform that Fig. 2 provides for the embodiment of the present invention two.The present embodiment exists It is optimized on the basis of above-described embodiment, adds expert system module.As in figure 2 it is shown, the safety clothes that the present embodiment provides Business platform 2 may include that life cycle management module 101, security service mirror image manage module 102, graphic software platform interface 103 With expert system module 201.
Wherein, life cycle management module 101 and security service mirror image manage module 102 and offer in above-described embodiment Function corresponding to each module is identical, does not repeats them here.
Expert system module 201 is used for providing the user interactive interface, is obtained the demand for security of user by interactive interface Information, and generate at least one security service masterplate according to demand for security information, select for user, and the peace that user is selected Full service masterplate sends to life cycle management module 101, so that life cycle management module 101 is according to security service masterplate portion Administration's security service;Graphic software platform interface 103 is for by life cycle management mould 101, security service mirror image management module 102 and Expert system module 201 is patterned display.
Exemplary, expert system module 201 can provide interactive interface to engage in the dialogue with user, obtains user to safety The demand of service, the demand of security service can include the type of the security service that needs dispose and need to carry out security protection The scale etc. of business, wherein, the scale of business can be the total flow of business, and expert system module 201 can be entered as required The scale of the business of row security protection recommends the security service of respective numbers, and dialogic operation can be that the mutual form of pen friends also may be used Think the form of interactive voice, be not especially limited at this.
Concrete, after user logs in, enter the graphic software platform interface 103 of this safety service platform 2, click on specialist system The icon of module 201 correspondence, hence into interactive interface, interactive interface can include the problem relevant to configuration security service, As " business scale that you dispose is much?", it is also possible to provide the user corresponding option;For another example " the COS that you need What is?" can provide the option to be: the service of antivirus services, Web application firewall, anti-distributed traffic attack service and safety Auditing service etc..After user answers corresponding problem, click on and be correlated with button, then expert system module 201 can according to The relevant information that family is given is that user recommends at least one security service template, and user can select a kind of security service template, Can also be determined operation according to " based on the template establishment security service " icon arranged, then expert system module 201 can Template user chosen sends to life cycle management mould 101, and life cycle management module 101 can be chosen according to user Template is automatically chosen Mirror Info corresponding to the security service in masterplate and disposes corresponding security service.
The technical scheme that the present embodiment provides, provides a user with interactive interface by expert system module 201, by alternately Interface obtains the demand for security information of user, and generates at least one security service masterplate according to demand for security information, for Family selects, and security service masterplate user selected sends to life cycle management module, by life cycle management module 101 According to security service masterplate deployment of secure services.Prior art mostly relies on the specialty of person skilled when deployment of secure services Knowledge, the present embodiment passes through expert system module 201, can not only provide the security service of customization, business is carried out specialty Protection, it is ensured that the reliability of security service, additionally it is possible to reduce the skill set requirements of the technical staff to deployment of secure services, certain journey The training cost of the technical staff to deployment of secure services can be reduced on degree, significantly facilitate the operation of person skilled, carry The versatility of high safety service platform.
Embodiment three
The structural framing schematic diagram of a kind of safety service platform that Fig. 3 provides for the embodiment of the present invention three, the present embodiment exists It is optimized on the basis of above-described embodiment, adds elastic telescopic module and fault transferring module.As it is shown on figure 3, this enforcement The safety service platform 3 that example provides may include that life cycle management module 101, security service mirror image management module 102, figure Shape display interface 103, elastic telescopic module 301 and fault transferring module 302.
Wherein, life cycle management module 101, security service mirror image management module 102, graphic software platform interface 103 with Function corresponding to each module provided in above-described embodiment is identical, does not repeats them here.It should be noted that can also basis Use demand disposes elastic telescopic module 301 or fault transferring module 302.
Elastic telescopic module 301 communicates to connect with life cycle management module 101;Elastic telescopic module 301 is for basis The specification information of the security service disposed in target cloud platform, sends security service to life cycle management module 101 and adjusts letter Breath;
Fault transferring module 302 communicates to connect with life cycle management module 101;Fault transferring module 302 is for basis The status information of the security service disposed in target cloud platform, it is judged that the security service disposed is the most abnormal, if disposed Security service is abnormal, then send the information redeploying security service to life cycle management module 101;
Exemplary, after security service is deployed to target cloud platform, this security service can monitor protected industry Business flow, if service traffics are beyond the load capacity of this security service, when i.e. exceeding the specification of this security service, this security service The relevant information that service traffics exceed then feeds back to elastic telescopic module 301, and elastic telescopic module 301 is then to life cycle pipe Reason module 101 sends security service adjustment information.
Concrete, it is that service traffics exceed when elastic telescopic module 301 receives the security service feedack of deployment Time, elastic telescopic module 301 then sends increases the information of security service to life cycle management module 101, life cycle management It is complete that module 101 increases at least one newly according to the relevant configuration information of this security service of record in data base in target cloud platform The service traffics of former security service are shared in exactly the same security service.
Exemplary, after security service is deployed to target cloud platform, fault transferring module 302 can actively monitor this Security service is the most abnormal, and such as monitoring is disposed the virtual machine of this security service and the most normally worked, or by these safety clothes Business sends heartbeat message and judges that this security service is the most abnormal, if this security service is abnormal, then fault transferring module 302 is to life Life cycle management module 101 sends the information redeploying this security service, and life cycle management module 101 obtains in data base The configuration information of this security service, disposes this security service in target cloud platform again, and the security service redeployed can connect Manage all service traffics information of former security service, business is persistently protected.
The technical scheme that the present embodiment provides, obtains the security service disposed in target cloud platform by elastic telescopic module Service traffics information, it is judged that whether the service traffics of the security service of deployment exceed the specification of this security service, and to Life Cycle Period management module sends security service adjustment information;The safety clothes disposed in target cloud platform are judged by fault transferring module The state of business is the most abnormal, if the security service disposed is abnormal, then sends to life cycle management module and redeploys safety The information of service.Make, in the case of service traffics exceed or security service is abnormal, all to pass through corresponding Regulation mechanism Make security service automatically recover normal, improve the continued reliability of security service, provide optimal security service for target service, Being normally carried out of guarantee business.
Embodiment four
The structural framing schematic diagram of a kind of safety service platform that Fig. 4 provides for the embodiment of the present invention four, the present embodiment exists It is optimized on the basis of above-described embodiment, adds authority management module, Operation Log module, resource pool module and cloud platform Adaptive management module.As shown in Figure 4, the safety service platform 4 that the present embodiment provides may include that life cycle management module 101, the management of security service mirror image module 102, graphic software platform interface 103, security service scheduler module 104, specialist system mould Block 201, elastic telescopic module 301, fault transferring module 302, authority management module 401, Operation Log module 402, resource pool Module 403 and cloud platform adaptation management module 404.
Wherein, life cycle management module 101, security service mirror image management module 102, security service scheduler module 104, Expert system module 201, elastic telescopic module 301, function and the corresponding mould of offer in above-described embodiment of fault transferring module 302 The function of block is identical, does not repeats them here.It should be noted that can also set in safety service platform according to the demand of use Put appointing in authority management module 401, Operation Log module 402, resource pool module 403 and cloud platform adaptation management module 404 Anticipate one or more module, to realize the corresponding function of each module.
Graphic software platform interface 103 is for by life cycle management module 101, security service mirror image management module 102, specially Family's system module 201 and Operation Log module 402 are patterned display.
Authority management module 401, for the identity information according to user, determines the operating right of user.
Exemplary, when the manager of security platform creates account for user, user can be carried out identity, identity Identification information may determine that the identity of user, and the identity of user can include manager and operation maintenance personnel etc..User need to input account Number and password login safety service platform, if logging in successfully, then authority management module 401 can determine according to the account information of user The identity of user, so that it is determined that the identity of user, and open corresponding operating right for user, it is to be appreciated that user The operating right of identity and user there is certain corresponding relation.
In prior art, when the business that the service deployment of user is in different cloud platforms and different all has safety anti- In the case of protecting demand, safe operation maintenance personnel needs to use the login account of user to log in different cloud platforms one by one and pacifies The management of full service, operation complexity, and there is the risk that user account is revealed.The safety service platform that the present embodiment provides carries The authority management module of confession, it is possible to the user of different identity is carried out the operation maintenance personnel of rights management, such as safety service platform Only safeguard, manage the function of security service life cycle, do not reach the account information of bottom cloud platform, thus prevent cloud from putting down The leakage of account number, it is ensured that the account number safety of user.
The Operation Log module 402 all operations information in record security service platform.
Exemplary, Operation Log module is able to record that in safety service platform all of operation carried out so that When safety service platform occurs abnormal during there is exception or deployment of secure services, user can clicking operation log pattern Corresponding icon, checks all operations record on safety service platform 4, thus reviews abnormal problem, accurately look into Look for abnormal cause, the position of location generation problem.
Resource pool module 403 is used for log history security service configuration information, and according to history security service configuration information, Standby virtual machine is created in target cloud platform.
Exemplary, can select when deployment of secure services enable or do not enable resource pool.Disposing a certain safety During service, it usually needs create the virtual machine that this security service is corresponding, i.e. pull-up in target cloud platform in target cloud platform One virtual machine based on this security service.If enabling resource pool, then resource pool is able to record that the configuration of security service of deployment Information, and according to the configuration information of history security service, target cloud platform is pre-created standby virtual machine, above-mentioned standby void Plan machine refers to dispose the virtual machine of security service according to the configuration information of history security service, but not to the standby void created The target service needing protection specified by plan machine.It is understood that predetermined number can be created according to security service deployment strategy Standby virtual machine.
Concrete, when disposing multiple security service, it usually needs create the virtual machine that each security service is corresponding successively, directly To having disposed all of security service.The resource pool module 403 that the present embodiment provides, it is possible to according to the configuration of history security service Information creates a number of standby virtual machine in target cloud platform in advance so that when for a certain service deployment security service, Directly standby virtual machine and this business can be set up incidence relation, by standby virtual machine, this business can be carried out safety and prevent Protect, thus greatly speed up the speed of deployment of secure services, promote the experience of user.
Cloud platform adaptation management module 404 is for changing configuration information according to the preset rules of target cloud platform.
Exemplary, when deployment of secure services, it is understood that there may be multiple optional cloud platforms are used for deployment of secure services, as Cloud platform 1 shown in Fig. 4, cloud platform 2 and cloud platform 3, owing to the data-interface of different cloud platforms is different, in different cloud platforms Deployment of secure services, then need the information of deployment of secure services and the cloud platform disposing this security service carried out adaptation, such as, Cloud platform 1 has the rule information requirement of this platform, and the safety service platform that the present embodiment provides and cloud platform 1 carry out information friendship Time mutually, interactive information need to meet the rule information requirement of cloud platform 1, can successfully interact with cloud platform 1, make cloud platform 1 performs corresponding operation according to interactive information.This safety service platform can be made compatible by cloud platform adaptation management module 404 The exploitation cloud platform of any interface, to carry out information mutual with various cloud platforms, it is achieved safety service platform and different cloud platforms Adaptation, allows users to be managed collectively the safety service in different cloud platforms by this safety service platform simultaneously, Avoid the differentiation operation of security service on different cloud, simple to operate, convenient, promote the experience of user.
The technical scheme that the present embodiment provides, determines the operating right of user, to different user by authority management module Carry out rights management, it is possible to prevent the leakage of cloud platform account, it is ensured that the account number safety of user;Permissible by Operation Log module Check all operations information in safety service platform, thus abnormal problem is reviewed, accurately search abnormal cause, location The position of generation problem;Standby virtual machine can be created in target cloud platform in advance so that for a certain by resource pool module During service deployment security service, directly standby virtual machine can be set up incidence relation with the business needing protection, will create The standby virtual machine building up security service is associated with in the business needing protection, by this standby virtual machine industry to needing protection Business carries out security protection, thus greatly speeds up the speed of deployment of secure services, promotes the experience of user;Fitted by cloud platform Configuration information can be changed by pipe arrangement reason module 404 according to the preset rules of target cloud platform so that makes this security service The exploitation cloud platform of the compatible any interface of platform, to carry out information mutual with various cloud platforms, it is achieved safety service platform is from different The adaptation of cloud platform, allows users to, by this safety service platform, safety service on different clouds is unified pipe simultaneously Reason, it is to avoid the differentiation operation of security service on different clouds, simple to operate, convenient, promote the experience of user.
Embodiment five
The schematic flow sheet of a kind of security service dispositions method that Fig. 5 provides for the embodiment of the present invention five, the method is suitable for In the situation of deployment of secure services, the safety service platform that can be provided by above-described embodiment performs.As it is shown in figure 5, the method tool Body may include steps of:
Step 501, obtained user by graphic software platform interface and open the operation of life cycle management module, and open life Life cycle management module, shows configuration interface;
Step 502, being obtained the configuration information of user's security service to be disposed by configuration interface, wherein, configuration is believed Breath includes: security service information, target cloud platform information, target service information and the specification information of security service;
Step 503, generate configuring request by life cycle management module according to configuration information, and receive user at mirror image The Mirror Info of the security service selected in management module;
Step 504, by life cycle management module according to configuring request and Mirror Info, in target cloud platform information pair The target cloud platform deployment of secure services answered.
The technical scheme that the present embodiment provides, can open life cycle management module by graphic software platform interface, aobvious Show configuration interface;Obtained the configuration information of user's security service to be disposed by configuration interface, generate according to configuration information Configuring request, and receive the Mirror Info of the security service that user selects in security service mirror image management module;According to configuration Request and Mirror Info, in the target cloud platform deployment of secure services that target cloud platform information is corresponding.The embodiment of the present invention is passed through Use technique scheme, it is provided that the unified operation platform of deployment of secure services, obtained by patterned operation interface and use The configuration information of the security service that family is to be disposed, can dispose corresponding security service in target cloud platform, disposes process Simply, low cost, and be easy to person skilled, by this platform, different security services carried out unified plan and maintenance.
Optionally, said method can also include: provides the user interactive interface by expert system module, by alternately Interface obtains the demand for security information of user, and generates at least one security service masterplate according to demand for security information, for Family selects;The security service masterplate selected according to user by life cycle management module, disposes corresponding security service.
Optionally, by life cycle management module according to configuring request and Mirror Info, in target cloud platform information pair After the target cloud platform deployment of secure services answered, it is also possible to including: adjust according to the security service that elastic telescopic module provides Information, adjusts the security service disposed by life cycle management module;Disposed peace is determined by fault transferring module Full service is the most abnormal, if the security service disposed is abnormal, then redeploys security service by life cycle management module.
Optionally, obtained the configuration information of user's security service to be disposed by configuration interface before, may include that Obtained the resource information of at least one cloud platform by security service scheduler module, determine that target cloud is put down according to above-mentioned resource information Station information, so that life cycle management module obtains target cloud platform information.
Optionally, obtain user by graphic software platform interface and open the operation of life cycle management module, and open life Life cycle management module, before display configuration interface, it is also possible to including: determined that by authority management module the identity of user is believed Breath;Determined the operating right of user according to identity information by authority management module.
Optionally, by life cycle management module according to configuring request and Mirror Info, in target cloud platform information pair After the target cloud platform deployment of secure services answered, all behaviour in safety service platform can be obtained by Operation Log module Make information.
Optionally, by life cycle management module according to configuring request and Mirror Info, in target cloud platform information pair Before the target cloud platform deployment of secure services answered, it is also possible to including: by resource pool module according to the history safety clothes recorded Business configuration information, creates standby virtual machine in target cloud platform.
Optionally, by life cycle management module according to configuring request and Mirror Info, in target cloud platform information pair The target cloud platform deployment of secure services answered may include that by cloud platform adaptation management module presetting according to target cloud platform Configuration information is changed by rule;According to the configuration information after conversion, in the target cloud platform that target cloud platform information is corresponding Deployment of secure services.
The security service dispositions method provided in above-described embodiment and safety service platform belong to same design, security service The respective modules of the safety service platform that dispositions method can be provided by the embodiment of the present invention performs, and possesses safety service platform phase Answer the beneficial effect of functional module.The ins and outs of the most detailed description, can be found in the present invention and arbitrarily implement The safety service platform that example is provided.
Note, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that The invention is not restricted to specific embodiment here, various obvious change, again can be carried out for a person skilled in the art Adjust and substitute without departing from protection scope of the present invention.Therefore, although by above example, the present invention has been carried out relatively For describing in detail, but the present invention is not limited only to above example, without departing from the inventive concept, it is also possible to Including other Equivalent embodiments more, and the scope of the present invention is determined by scope of the appended claims.

Claims (10)

1. a safety service platform, it is characterised in that including: life cycle management module, security service mirror image management module With graphic software platform interface;
Described life cycle management module is used for providing the user configuration interface, required for described configuration interface acquisition user The configuration information of security service disposed, and according to described configuration information and user in described security service mirror image management module The Mirror Info selected disposes described security service in target cloud platform, and wherein, described configuration information includes: security service is believed Breath, target cloud platform information, target service information and the specification information of described security service;
Described security service mirror image management module communicates to connect with described life cycle management module, is used for as described life cycle Management module provides the Mirror Info of at least one security service, and receives the Mirror Info that user selects;
Described graphic software platform interface is carried out for described life cycle management mould and described security service mirror image are managed module Graphic software platform.
Safety service platform the most according to claim 1, it is characterised in that also include expert system module;
Described expert system module communicates to connect with described life cycle management module;
Described expert system module, for providing interactive interface for described user, obtains described user's by described interactive interface Demand for security information, and generate at least one security service masterplate according to described demand for security information, select for described user, And the security service masterplate described user selected sends to described life cycle management module, so that described life cycle management The security service masterplate deployment of secure services that module is selected according to described user;
Described graphic software platform interface is additionally operable to described expert system module is patterned display.
Safety service platform the most according to claim 1, it is characterised in that also include elastic telescopic module and/or fault Transferring module;
Described elastic telescopic module communicates to connect with described life cycle management module;
Described elastic telescopic module is for the specification information according to the security service disposed in described target cloud platform, to described life Life cycle management module sends security service adjustment information;
Described fault transferring module communicates to connect with described life cycle management module;
Described fault transferring module is for the status information according to the security service disposed in described target cloud platform, it is judged that portion of institute The security service of administration is the most abnormal, if the security service disposed is abnormal, then sends again to described life cycle management module The information of deployment of secure services.
Safety service platform the most according to claim 1, it is characterised in that also include security service scheduler module;
Described security service scheduler module communicates to connect with described life cycle management module;
Described security service scheduler module, for obtaining the resource information of at least one cloud platform, determines according to described resource information Described target cloud platform information, and described target cloud platform information is sent to described life cycle management module.
5. according to the arbitrary described safety service platform of Claims 1 to 4, it is characterised in that also include in following module extremely Few one:
Authority management module, Operation Log module, resource pool module and cloud platform adaptation management module;
Described authority management module, for the identity information according to described user, determines the operating right of described user;
Described Operation Log module is for recording all operations information in described safety service platform;
Described resource pool module is used for log history security service configuration information, and according to history security service configuration information, Described target cloud platform creates standby virtual machine;
Described cloud platform adaptation management module is for carrying out described configuration information according to the preset rules of described target cloud platform Conversion;
Described graphic software platform interface is additionally operable to described Operation Log module is patterned display.
6. a security service dispositions method, it is characterised in that including:
Obtain user by graphic software platform interface and open the operation of life cycle management module, and open life cycle management mould Block, shows configuration interface;
The configuration information of user's security service to be disposed, wherein, described configuration information bag is obtained by described configuration interface Include: security service information, target cloud platform information, target service information and the specification information of described security service;
Generate configuring request by described life cycle management module according to described configuration information, and receive user in security service The Mirror Info of the described security service selected in mirror image management module;
By described life cycle management module according to described configuring request and described Mirror Info, believe in described target cloud platform The target cloud platform that breath is corresponding disposes described security service.
7. to go the method described in 6 according to right, it is characterised in that also include:
Provide the user interactive interface by expert system module, obtained the demand for security of described user by described interactive interface Information, and generate at least one security service masterplate according to described demand for security information, select for described user;
The security service masterplate selected according to described user by described life cycle management module, disposes corresponding safety clothes Business.
8. to go the method described in 6 according to right, it is characterised in that by described life cycle management module according to described configuration Request and described Mirror Info, after the target cloud platform that described target cloud platform information is corresponding disposes described security service, Also include:
The security service adjustment information provided according to elastic telescopic module, is adjusted by described life cycle management module and is disposed Security service;
Determine that disposed security service is the most abnormal by fault transferring module, if the security service disposed is abnormal, then lead to Cross described life cycle management module and redeploy security service.
9. to go the method described in 6 according to right, it is characterised in that obtain user by graphic software platform interface and open Life Cycle The operation of period management module, and open life cycle management module, before display configuration interface, also include:
The identity information of described user is determined by authority management module;
Determined the operating right of described user according to described identity information by described authority management module.
10. to go the method described in 6 according to right, it is characterised in that by described life cycle management module according to described in join The request of putting and described Mirror Info, target cloud platform corresponding to described target cloud platform information dispose described security service it Before, also include:
By resource pool module according to the history security service configuration information of record, in described target cloud platform, create standby void Plan machine.
CN201610980266.6A 2016-11-08 2016-11-08 Safety service platform and safety service deployment method Pending CN106330575A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610980266.6A CN106330575A (en) 2016-11-08 2016-11-08 Safety service platform and safety service deployment method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610980266.6A CN106330575A (en) 2016-11-08 2016-11-08 Safety service platform and safety service deployment method

Publications (1)

Publication Number Publication Date
CN106330575A true CN106330575A (en) 2017-01-11

Family

ID=57816176

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610980266.6A Pending CN106330575A (en) 2016-11-08 2016-11-08 Safety service platform and safety service deployment method

Country Status (1)

Country Link
CN (1) CN106330575A (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107204980A (en) * 2017-05-25 2017-09-26 深信服科技股份有限公司 A kind of security service delivery method and system
CN107562519A (en) * 2017-09-05 2018-01-09 联想(北京)有限公司 Moving method, system and the server of virtual machine
CN107992767A (en) * 2017-11-29 2018-05-04 国云科技股份有限公司 A kind of authority control method based on more cloud platforms
CN108108210A (en) * 2018-01-11 2018-06-01 上海有云信息技术有限公司 Management method, device, server and the storage medium of safety product
CN109040066A (en) * 2018-08-01 2018-12-18 杭州安恒信息技术股份有限公司 A kind of interconnection method and device of cloud security management platform and cloud security product
CN109040065A (en) * 2018-08-01 2018-12-18 杭州安恒信息技术股份有限公司 A kind of interconnection method and device of cloud security management platform and cloud platform
CN109284219A (en) * 2018-09-27 2019-01-29 郑州云海信息技术有限公司 A kind of operation note method and apparatus
CN109600269A (en) * 2019-01-21 2019-04-09 云南电网有限责任公司信息中心 A kind of cloud management platform based on DCOS
CN109710270A (en) * 2018-12-29 2019-05-03 北京神州绿盟信息安全科技股份有限公司 A kind of security application delivery method, device and storage medium
CN109756362A (en) * 2018-11-23 2019-05-14 北京奇安信科技有限公司 A kind of integrated processing method and device of third party's security component
CN109787847A (en) * 2019-04-01 2019-05-21 山东浪潮云信息技术有限公司 A kind of cloud firewall Life cycle automated management system and method
TWI716320B (en) * 2019-12-03 2021-01-11 大陸商支付寶(杭州)信息技術有限公司 Security task processing method, device, electronic equipment and storage medium
CN112612483A (en) * 2020-12-07 2021-04-06 苏州浪潮智能科技有限公司 Cloud platform-based installation and deployment system and method
CN113656089A (en) * 2020-04-30 2021-11-16 华为技术有限公司 Class verification method and device in application program
CN113900892A (en) * 2021-09-30 2022-01-07 北京青云科技股份有限公司 Cloud firewall system facing cloud platform and protection method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103167041A (en) * 2013-03-28 2013-06-19 广州中国科学院软件应用技术研究所 System and method for supporting cloud environment application cluster automation deployment
CN103457974A (en) * 2012-06-01 2013-12-18 中兴通讯股份有限公司 Safety control method and device for virtual machine mirror images
CN104158881A (en) * 2014-08-20 2014-11-19 哈尔滨工程大学 System and method of third-party cloud security monitoring supporting user customization
CN104967664A (en) * 2015-05-13 2015-10-07 西安三星电子研究有限公司 Automatic cloud deploying system and method
CN105577779A (en) * 2015-12-21 2016-05-11 用友网络科技股份有限公司 Method and system for containerized deployment of large enterprise private cloud

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103457974A (en) * 2012-06-01 2013-12-18 中兴通讯股份有限公司 Safety control method and device for virtual machine mirror images
CN103167041A (en) * 2013-03-28 2013-06-19 广州中国科学院软件应用技术研究所 System and method for supporting cloud environment application cluster automation deployment
CN104158881A (en) * 2014-08-20 2014-11-19 哈尔滨工程大学 System and method of third-party cloud security monitoring supporting user customization
CN104967664A (en) * 2015-05-13 2015-10-07 西安三星电子研究有限公司 Automatic cloud deploying system and method
CN105577779A (en) * 2015-12-21 2016-05-11 用友网络科技股份有限公司 Method and system for containerized deployment of large enterprise private cloud

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107204980B (en) * 2017-05-25 2020-08-14 深信服科技股份有限公司 Safety service delivery method and system
CN107204980A (en) * 2017-05-25 2017-09-26 深信服科技股份有限公司 A kind of security service delivery method and system
CN107562519A (en) * 2017-09-05 2018-01-09 联想(北京)有限公司 Moving method, system and the server of virtual machine
CN107992767A (en) * 2017-11-29 2018-05-04 国云科技股份有限公司 A kind of authority control method based on more cloud platforms
CN108108210A (en) * 2018-01-11 2018-06-01 上海有云信息技术有限公司 Management method, device, server and the storage medium of safety product
CN109040066B (en) * 2018-08-01 2021-04-23 杭州安恒信息技术股份有限公司 Method and device for docking cloud security management platform with cloud security product
CN109040065A (en) * 2018-08-01 2018-12-18 杭州安恒信息技术股份有限公司 A kind of interconnection method and device of cloud security management platform and cloud platform
CN109040066A (en) * 2018-08-01 2018-12-18 杭州安恒信息技术股份有限公司 A kind of interconnection method and device of cloud security management platform and cloud security product
CN109040065B (en) * 2018-08-01 2021-04-23 杭州安恒信息技术股份有限公司 Docking method and device for cloud security management platform and cloud platform
CN109284219A (en) * 2018-09-27 2019-01-29 郑州云海信息技术有限公司 A kind of operation note method and apparatus
CN109756362A (en) * 2018-11-23 2019-05-14 北京奇安信科技有限公司 A kind of integrated processing method and device of third party's security component
CN109710270A (en) * 2018-12-29 2019-05-03 北京神州绿盟信息安全科技股份有限公司 A kind of security application delivery method, device and storage medium
CN109600269A (en) * 2019-01-21 2019-04-09 云南电网有限责任公司信息中心 A kind of cloud management platform based on DCOS
CN109787847A (en) * 2019-04-01 2019-05-21 山东浪潮云信息技术有限公司 A kind of cloud firewall Life cycle automated management system and method
CN109787847B (en) * 2019-04-01 2021-12-10 浪潮云信息技术股份公司 Cloud firewall full life cycle automatic management method
TWI716320B (en) * 2019-12-03 2021-01-11 大陸商支付寶(杭州)信息技術有限公司 Security task processing method, device, electronic equipment and storage medium
CN113656089A (en) * 2020-04-30 2021-11-16 华为技术有限公司 Class verification method and device in application program
CN113656089B (en) * 2020-04-30 2023-02-28 华为技术有限公司 Class verification method and device in application program
CN112612483A (en) * 2020-12-07 2021-04-06 苏州浪潮智能科技有限公司 Cloud platform-based installation and deployment system and method
CN112612483B (en) * 2020-12-07 2022-09-20 苏州浪潮智能科技有限公司 Cloud platform-based installation and deployment system and method
CN113900892A (en) * 2021-09-30 2022-01-07 北京青云科技股份有限公司 Cloud firewall system facing cloud platform and protection method

Similar Documents

Publication Publication Date Title
CN106330575A (en) Safety service platform and safety service deployment method
CN105139139B (en) Data processing method and device and system for O&M audit
CN105917690A (en) System, method, and computer program for preserving service continuity in network function virtualization (NFV) based communication network
CN111190730B (en) Heterogeneous cloud management platform
CN103002490B (en) A kind of business simulating test macro and its implementation
CN110214311A (en) The differential section of virtual computing element
CN106462450A (en) Notification about virtual machine live migration to VNF manager
US9201702B2 (en) Integrated cloud data center management
CN107005421A (en) Utilize the management based on topology of stage and version policy
CN103095574A (en) Management method for network system, network system, and management server
CN105847237A (en) Safety management method and device based on NFV (Network Function Virtualization)
CN106487556A (en) The dispositions method of business function SF and device
CN101951366A (en) Single-point logon method and system based on character terminal
DE102022115155A1 (en) VISUALIZATION OF A SOFTWARE DEFINED PROCESS CONTROL SYSTEM FOR INDUSTRIAL PROCESS PLANTS
CN103618762A (en) System and method for enterprise service bus state pretreatment based on AOP
CN103500304A (en) Virtual machine personalized security monitoring system and method based on Xen
DE102022114391A1 (en) Search service in a software defined control system
DE102022114256A1 (en) SYSTEMS AND METHODS FOR DYNAMICALLY MAINTAINED REDUNDANCY AND LOAD BALANCING IN SOFTWARE-DEFINED CONTROL SYSTEMS FOR INDUSTRIAL PROCESS PLANTS
CN105591803A (en) Resource processing method and equipment
DE102022114799A1 (en) SYSTEMS AND METHODS FOR ASSIGNING MODULES IN A SOFTWARE-DEFINED CONTROL SYSTEM FOR INDUSTRIAL PROCESS PLANTS
DE102022114541A1 (en) SEARCH SERVICE IN A SOFTWARE-DEFINED CONTROL SYSTEM
DE102022114267A1 (en) SYSTEMS AND METHODS FOR DYNAMIC MAINTAINING REDUNDANCY AND LOAD BALANCING IN SOFTWARE-DEFINED CONTROL SYSTEMS FOR INDUSTRIAL PROCESS PLANTS
DE102022115152A1 (en) VISUALIZATION OF A SOFTWARE-DEFINED PROCESS CONTROL SYSTEM FOR INDUSTRIAL PROCESS PLANTS
DE102022114542A1 (en) SEARCH SERVICE IN A SOFTWARE-DEFINED CONTROL SYSTEM
DE102022114306A1 (en) I/O SERVER SERVICES CONFIGURED TO FACILITATE CONTROL IN A PROCESS CONTROL ENVIRONMENT THROUGH CONTAINERIZED CONTROL SERVICES

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170111