CN107171818A

CN107171818A - Control method, system and device for mixed cloud

Info

Publication number: CN107171818A
Application number: CN201610128707.XA
Authority: CN
Inventors: 戈建勇
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2016-03-07
Filing date: 2016-03-07
Publication date: 2017-09-15

Abstract

The invention discloses a kind of control method, system and device for mixed cloud.Wherein, this method includes：The data results that multiple components of data analysis are reported are received by the console being deployed in mixed cloud, wherein, console be deployed in mixed cloud any high in the clouds or user terminal it is local, multiple components of data analysis be deployed in mixed cloud each high in the clouds and each user terminal it is local；Console is collected the data results that the multiple components of data analysis received are reported, and obtains the total data analysis result of whole mixed cloud.The Managed Solution that the present invention solves mixed cloud in the prior art is isolated, and leads to not the technical problem that whole mixed cloud is managed collectively from overall angle.

Description

Control method, system and device for mixed cloud

Technical field

The present invention relates to cloud management field, in particular to a kind of control method, system and dress for mixed cloud Put.

Background technology

With the increase of each enterprise or company data amount, high in the clouds is increasingly inclined in storage and processing mode to data Storage or processing mode, store data in conventional Cloud Server (for example：Ali's cloud) it is optional data storage Or processing mode, i.e., data storage most multi-user is provided to the public Cloud Server of cloud service, although in the prior art Public Cloud Server have encryption function, but to Cloud Server carry out safety analysis when, Reng You enterprises use The safety analysis data outflow at family, for the security of the data that ensure enterprise customer, prevents the outflow of any data, The third-party data storage or processing mode that enterprise customer generally selects are typically the data that unique device is provided for enterprise Server, for example, enterprise or corporate user build IDC (internet database, Internet Date Center), enterprise Industry user is stored and processing function by IDC to the data of enterprise or company.But the IDC that user builds may Do not possess the data-handling capacity that public Cloud Server possesses, therefore in order that possessed with conventional Cloud Server Data-handling capacity, or in order to realize on cloud and cloud under resource allocation, the IDC that enterprise customer builds still need and Conventional Cloud Server communication, so as to constitute mixed cloud.

In order to ensure the security of the data in mixed cloud, way of the prior art is each public in mixed cloud Cloud Server and the self-built IDC of each user be deployed with console, with respectively in mixed cloud each branch carry out Safety management, but because the management control mode using this partition type carries out data safety management, a side to mixed cloud The difficulty of user's O＆M in daily management has been aggravated in face, on the other hand, and any one server in mixed cloud is in tool In the case of having security risk, the threat for making whole mixed cloud receive security incident is likely to, therefore in mixed cloud Security incident isolated management in the case of, it is easy to there is security incident administrative vulnerability, so as to reduce the efficiency of management.

Isolate, lead to not whole from the unified management of overall angle for the Managed Solution of mixed cloud in the prior art The problem of mixed cloud, effective solution is not yet proposed at present.

The content of the invention

It is existing at least to solve the embodiments of the invention provide a kind of control method, system and device for mixed cloud The Managed Solution of mixed cloud is isolated in technology, leads to not the technology that whole mixed cloud is managed collectively from overall angle Problem.

One side according to embodiments of the present invention there is provided a kind of control method for mixed cloud, including：Pass through The console being deployed in mixed cloud receives the data results that multiple components of data analysis are reported, wherein, console Any high in the clouds or local arbitrary data storehouse being deployed in mixed cloud, multiple components of data analysis are deployed in mixed cloud Each high in the clouds and each local database；The data that console reports the multiple components of data analysis received point Analysis result is collected, and obtains the total data analysis result of whole mixed cloud；Console preserves and shows whole mixed cloud Total data analysis result.

Another aspect according to embodiments of the present invention, additionally provides a kind of control system for mixed cloud, including：Number According to analysing terminal, each high in the clouds and each user terminal for being deployed in mixed cloud are local, the data results of mixed cloud； Control terminal, any high in the clouds or the user terminal for being deployed in mixed cloud is local, receives multiple data analysis terminals and reports Data results collected, obtain the total data analysis result of whole mixed cloud.

Another aspect according to embodiments of the present invention, additionally provides a kind of control device for mixed cloud, including：Connect Module is received, for receiving the data results that multiple components of data analysis are reported, wherein, console is deployed in mixing Any high in the clouds or local arbitrary data storehouse in cloud, multiple components of data analysis are deployed in each high in the clouds in mixed cloud With each local database；Analysis module, for the data analysis for reporting the multiple components of data analysis received As a result collected, obtain the total data analysis result of whole mixed cloud；Display module, it is whole for preserving and showing The total data analysis result of mixed cloud.

The application such scheme builds console in mixed cloud, and disposes components of data analysis in mixed cloud, passes through The analytic function of components of data analysis was analyzed the time in mixed cloud, then by the data analysis of components of data analysis As a result console is reported to, because each components of data analysis in mixed cloud is connected with console, and to console Reported data analysis result, therefore console can acquire the total data analysis result in whole mixed cloud, control The total data analysis result acquired is stored or shown again by platform, has been reached and has been obtained whole mixing by console The technique effect of the data message of cloud, and then solve the Managed Solution of mixed cloud in the prior art and isolate, cause The technical problem of whole mixed cloud can not be managed collectively from overall angle.

Brief description of the drawings

Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In accompanying drawing In：

Fig. 1 is a kind of hardware knot of the terminal of control method for mixed cloud according to the embodiment of the present application 1 Structure block diagram；

Fig. 2 is a kind of flow chart of control method for mixed cloud according to the embodiment of the present application 1；

Fig. 3 is the aobvious of the abnormal connection of server between a kind of optional detection mixed cloud according to the embodiment of the present application 1 Show result schematic diagram；

Fig. 4 is that a kind of result of the real-time traffic of optional detection mixed cloud according to the embodiment of the present application 1 shows signal Figure；

Fig. 5 is a kind of optional total data analysis result display interface schematic diagram according to the embodiment of the present application 1；

Fig. 6 is the information exchange figure according to a kind of control method optionally with mixed cloud of the embodiment of the present application 1；

Fig. 7 is a kind of structural representation of control system for mixed cloud according to the embodiment of the present application 2；

Fig. 8 is a kind of structural representation of control system optionally with mixed cloud according to the embodiment of the present application 2；

Fig. 9 is a kind of structural representation of control system optionally with mixed cloud according to the embodiment of the present application 2；

Figure 10 is a kind of structural representation of control device optionally with mixed cloud according to the embodiment of the present application 3；

Figure 11 is a kind of structural representation of control device optionally with mixed cloud according to the embodiment of the present application 3；

Figure 12 is a kind of structural representation of control device optionally with mixed cloud according to the embodiment of the present application 3；

Figure 13 is a kind of structural representation of control device optionally with mixed cloud according to the embodiment of the present application 3； And

Figure 14 is a kind of structured flowchart of terminal according to the embodiment of the present application 4.

Embodiment

In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment The only embodiment of a present invention part, rather than whole embodiments.Based on the embodiment in the present invention, ability The every other embodiment that domain those of ordinary skill is obtained under the premise of creative work is not made, should all belong to The scope of protection of the invention.

It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, " Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that this The data that sample is used can be exchanged in the appropriate case, so as to embodiments of the invention described herein can with except Here the order beyond those for illustrating or describing is implemented.In addition, term " comprising " and " having " and they Any deformation, it is intended that covering is non-exclusive to be included, for example, containing process, the side of series of steps or unit Method, system, product or equipment are not necessarily limited to those steps clearly listed or unit, but may include unclear It is that ground is listed or for the intrinsic other steps of these processes, method, product or equipment or unit.

The explanation of nouns being related to below to the application is as follows：

Mixed cloud：Refer to user on the basis of self-built data center, increase passes through the cloud service providers such as Ali's cloud, AWS, The service ability on cloud is provided, while the resource on cloud and under cloud is integrally allocated.

Aegis server：Server security component in cloud shield mixed cloud product, installs on the server a soft Part, for doing security data collection, anti-hacker attacks etc..

Aegis agent：In cloud shield mixed cloud product, installed in the Agent of server end.Pacify the overall framework of knight For cloud plus end pattern, software data is reported to high in the clouds or Aegis local server to be managed collectively.

Beaver：A kind of component of bypass flow mirror image in cloud shield mixed cloud product.

Hadoop clusters：A distributed system architecture increased income in cloud shield mixed cloud product is handled up there is provided height Amount carrys out the data of access application, is adapted to those application programs for having super large data set, makes full use of the calculating of cluster Function carries out high-speed computation and storage.

Embodiment 1

According to embodiments of the present invention, a kind of embodiment of the method for the control method for mixed cloud is additionally provided, it is necessary to say It is bright, the step of the flow of accompanying drawing is illustrated can such as one group computer executable instructions computer system It is middle to perform, and, although show logical order in flow charts, but in some cases, can with different from Order herein performs shown or described step.

The embodiment of the method that the embodiment of the present application one is provided can be in mobile terminal, terminal or similar fortune Calculate in device and perform.Exemplified by running on computer terminals, Fig. 1 is that one kind according to embodiments of the present invention is used to mix Close the hardware block diagram of the terminal of the control method of cloud.As shown in figure 1, terminal 10 can include (processor 102 can include but is not limited to microprocessor to one or more (one is only shown in figure) processors 102 MCU or PLD FPGA etc. processing unit), the memory 104 for data storage and for leading to The transmitting device 106 of telecommunication function.It will appreciated by the skilled person that the structure shown in Fig. 1 is only signal, It does not cause to limit to the structure of above-mentioned electronic installation.For example, terminal 10 may also include than shown in Fig. 1 More either less components or with the configuration different from shown in Fig. 1.

Memory 104 can be used for being used in the software program and module of storage application software, such as embodiment of the present invention Corresponding programmed instruction/the module of control method of mixed cloud, processor 102 is stored in memory 104 by operation Software program and module, so as to perform various function application and data processing, that is, realizing above-mentioned is used for mixed cloud Control method.Memory 104 may include high speed random access memory, may also include nonvolatile memory, such as one Or multiple magnetic storage devices, flash memory or other non-volatile solid state memories.In some instances, store Device 104 can further comprise the memory remotely located relative to processor 102, and these remote memories can pass through Network connection is to terminal 10.The example of above-mentioned network includes but is not limited to internet, intranet, local Net, mobile radio communication and combinations thereof.

Transmitting device 106 is used to data are received or sent via a network.Above-mentioned network instantiation may include The wireless network that the communication providerses of terminal 10 are provided.In an example, transmitting device 106 includes one Network adapter (Network Interface Controller, NIC), it can pass through base station and other network equipments It is connected to be communicated with internet.In an example, transmitting device 106 can be radio frequency (Radio Frequency, RF) module, it is used to wirelessly be communicated with internet.

Under above-mentioned running environment, this application provides the control method for mixed cloud as shown in Figure 2.Fig. 2 is According to a kind of flow chart of control method for mixed cloud of the embodiment of the present application.

Step S21, the data analysis that multiple components of data analysis are reported is received by the console being deployed in mixed cloud As a result, wherein, console is deployed in any high in the clouds or local arbitrary data storehouse in mixed cloud, multiple data analyses Each high in the clouds of the deployment of components in mixed cloud and each local database.

In above-mentioned steps, mixed cloud has merged public cloud and private clound (Private Clouds), wherein, private clound It can be IT mechanisms by company or enterprise itself structure or by what cloud provider built provide the user service Cloud；And private clound is characterised by that private clound is generally constructed after fire wall, therefore in the safeguard protection to data Aspect has big advantage, simultaneously as private clound is unstructured in remote data center, so when company or enterprise During data in industry employee access private clound, access process is stable and smooth.Public cloud is often referred to be carried by third party The cloud of the company or enterprise as user is supplied to for business, public cloud can typically be conducted interviews by internet to be made With, with advantage with low cost, the storage of its purpose and shared resource.

In above-mentioned steps, any high in the clouds of mixed cloud is corresponding to the public cloud in mixed cloud, such as Ali's cloud, AWS (Amazan Web Services, Amazon) cloud, Tengxun's cloud etc., i.e. provided by the third party of non-user itself Cloud Server, can be used as any high in the clouds in above-mentioned mixed cloud, it is believed that any high in the clouds in above-mentioned mixed cloud Used by common user, resource is in socialization state；The private clound that user terminal locally corresponds in mixed cloud, can To be database that user terminal locallys create database or associated with user terminal, or provided by third party Business is provided as the cloud database in Cloud Server used in unique subscriber, wherein, the quantity of database can be one Or it is multiple, it is believed that user terminal local resource is used by unique subscriber, and resource is in privatization state.

In a kind of optional embodiment, console is built using B/S frameworks, and user is passed through using random access terminal The default domain name of browser input is that may have access to master control interface.Console represents to be used to provide master control service for mixed cloud Server, the high in the clouds or user terminal being deployed in mixed cloud is local；In an alternative embodiment, control Platform includes providing the server of master control service for mixed cloud and has the access of fixed communication relation whole with above-mentioned server End, wherein, above-mentioned server and the access terminal for having fixed communication relation with above-mentioned server are deployed in mixed cloud High in the clouds or user terminal it is local.

Herein it should be noted that, console be deployed in user terminal it is local in the case of, can be deployed in and user is whole In the database for holding association, above-mentioned database can be the self-built IDC of user (internet database, Internet Date Center) or the cloud database that is deployed on the high in the clouds that user terminal can be accessed or it is deployed in use The database of family terminal local.

In a kind of optional embodiment, so that Cloud Server is Ali's cloud as an example, mixed cloud can be that third party provides Cloud Server is constituted with user in local self-built database；Mixed cloud can also multiple different providers provide The mixed cloud that Cloud Server is constituted, i.e. the form of mixed cloud can be any one above-mentioned form of the composition, but be not limited to This.

In a kind of optional embodiment, private clound can be enterprise or the self-built IDC of company (internet database, Internet Date Center), console can be cloud shield supervisory control desk, and the mode of access control platform can be passed through Fix domain name access or by being conducted interviews using predetermined software.

Step S23, console is collected the data results that the multiple components of data analysis received are reported, Obtain the total data analysis result of whole mixed cloud.

Herein it should be noted that above-mentioned components of data analysis is to be installed on each high in the clouds and each user terminal locally Application program or client, the application program or client are used for the operation number for obtaining each high in the clouds or each user terminal Analyzed according to and to service data, obtain the data results of each high in the clouds or each user terminal, such as it is safe Event analysis result, real-time traffic situation etc., so that console is issued to data results.

Herein it should also be noted that, components of data analysis has data-handling capacity in itself, i.e. pass through data processing Client transmissions handle the data of completion to the data of console for components of data analysis, for being in uniformly on console It is existing.

Deployment on console is herein it should also be noted that, the quantity the application for the console disposed in mixed cloud Also be not specifically limited, a console only disposed in a kind of optional embodiment, in mixed cloud, for store and Show the total data analysis result received.It can also be disposed in an alternative embodiment, in mixed cloud multiple Console, and multiple consoles include one that the supervisory control desk of overall management can be carried out to whole mixed cloud, total Under the management of console, disposing multiple and supervisory control desk has subordinate's console of correspondence, in this embodiment In, with supervisory control desk there is subordinate's console of correspondence can be used for being managed for the data of certain dimension, For example, the traffic management console with master control Platform communication can be disposed, from complete in supervisory control desk acquisition mixed cloud Portion's data on flows, to be managed for the flow in mixed cloud.

The application such scheme builds console in mixed cloud, and disposes components of data analysis in mixed cloud, passes through The analytic function of components of data analysis is analyzed the event in mixed cloud, then by the data analysis of components of data analysis As a result console is reported to, because each components of data analysis in mixed cloud is connected with console, and to console Reported data analysis result, therefore console can acquire the total data analysis result in whole mixed cloud, control The total data analysis result acquired is stored or shown again by platform, has been reached and has been obtained whole mixing by console The technique effect of the data message of cloud, and then solve the Managed Solution of mixed cloud in the prior art and isolate, cause The technical problem of whole mixed cloud can not be managed collectively from overall angle.

Herein it should be noted that after console receives the data results that multiple components of data analysis are reported, Console can be easy to the form of displaying by the formation of total data analysis result data or form etc., meanwhile, console can root New security incident is issued to components of data analysis defend rule according to the total data result reported.

It is data analysis engine in components of data analysis step 21 in a kind of alternative embodiment that the application is provided In the case of, before console receives the data results that multiple components of data analysis are reported, method also includes：

Step S211, the peace that the proxy server that the multiple proxy servers of multiple data analysis engines receptions are reported is detected Total event information.

Above-mentioned data analysis engine can be Hadoop analyzing and processing clusters, and Hadoop analyzing and processing clusters are comprising multiple Hadoop analysis processors, above-mentioned proxy server can be the server security component in cloud shield mixed cloud product Aegis server, in a kind of optional embodiment, with the above-mentioned Cloud Server provided by third party with user at this Exemplified by the mixed cloud that the self-built database in ground is constituted, disposed in each Cloud Server and the self-built database of each user There are Aegis server and proxy server, wherein, disposed in each cloud service or the self-built database of each user Proxy server obtain security event information.

Herein it should be noted that above-mentioned data analysis engine can be Hadoop analyzing and processing clusters, but not limited to this, Above-mentioned data analysis engine is the data processor analyzed for safety service, therefore, it is possible to handle a large amount of unstructured numbers According to, and obtain the data processor for the analysis result that console can be read and can draw as the data analysis in the application Hold up and use.

Step S213, the security event information that multiple data analysis engines are received according to data analysis engine carries out safety Event analysis, obtains safety case investigation result.

In a kind of optional embodiment, exemplified by recognizing that attack effect most significantly pinpoints attack, fixed point attack Refer to that attacker is attacked with specific target Continuous, for example, being by way of scanning a network segment in attacker In the case of obtaining website vulnerability, because fixed point attack is persistently attacked primarily directed to a certain specific website, therefore to know Not above-mentioned fixed point attack can be by Hadoop relational processor whole network datas, and the ip in analytical attack source on cloud to owning The attack condition of other websites, if the query-attack that attack source is initiated some website is higher than other websites, It is considered that above-mentioned attack is fixed point attack.

Safety case investigation result is reported to console by step S215, multiple data analysis engines.

In a kind of optional embodiment, security incident can include the abnormal connection feelings of each server between mixed cloud Condition, Fig. 3 is the abnormal display connected of server between a kind of optional detection mixed cloud according to the embodiment of the present application Result schematic diagram, with reference to shown in Fig. 3, Fig. 3 for the purpose of showing the annexation of each server between mixed cloud, If persistently possessing annexation within a certain period of time between two servers, then it is assumed that between above-mentioned two server Annexation is normal, in the event of new annexation, then it is assumed that two with above-mentioned new annexation Annexation between server there may be exception, therefore make mark to the server for new annexation occur, So as to further inspection.

Herein it should be noted that on the security event information and safety case investigation result that are obtained in the application can be State the server connection abnormal conditions between each server in the mixed cloud in embodiment, but not limited to this.

In a kind of alternative embodiment that the application is provided, step S21 is analyzed in components of data analysis for bypass flow In the case of system, before console receives the data results that multiple components of data analysis are reported, method is also wrapped Include：

Step S217, multiple bypass flow analysis systems are local by each high in the clouds to being deployed in mixed cloud and each Database interchanger obtain mixed cloud in whole real-time traffics.

In a kind of optional embodiment, above-mentioned bypass flow analysis system can be Beaver bypass flow analysis systems, Multiple bypass flow analysis systems carry out mirror image to the interchanger of each high in the clouds in mixed cloud and local data base, pass through The method of the flow of mirror image respective switch, obtains whole real-time traffics in mixed cloud.

Whole real-time traffics in mixed cloud are reported to console by step S219, multiple data analysis engines.

Fig. 4 is a kind of result display schematic diagram of the real-time traffic of optional detection mixed cloud according to the embodiment of the present application, , can be in Fig. 4 for the overall flow analysis result of mixed cloud with reference to shown in Fig. 4 in a kind of optional embodiment Shown in shown flow analysis result schematic diagram, wherein, flow analysis result can include normal access ip, malice Access ip and reptile accesses ip etc..

Herein it should be noted that being deployed in each cloud service in mixed cloud due to above-mentioned bypass flow analysis system Device or user terminal are local, therefore console is by receiving the flow analysis result that each bypass flow analysis system is reported, And after being collected, the overall real-time traffic of mixed cloud can be obtained, i.e. draw with the data analysis in above-mentioned steps Hold up after combination, can realize that console carries out the technique effect of overall management and monitoring to the data in mixed cloud, and then The Managed Solution for solving mixed cloud in the prior art is isolated, and is led to not whole mixed from the unified management of overall angle Close the technical problem of cloud.

In a kind of alternative embodiment that the application is provided, multiple data analysis engines will be pacified by default standard interface Total event analysis result reports to console；Or multiple data analysis engines by default standard interface by mixed cloud Whole real-time traffics report to console.

In a kind of optional embodiment, above-mentioned preset standard interface is general standard api interface.

In a kind of alternative embodiment that the application is provided, step 211, multiple data analysis engines receive multiple agencies The security event information that the proxy server that server is reported is detected, including：

The security event information acquired is uploaded to transfer server by step S2111, multiple proxy servers.

Herein it should be noted that above-mentioned multiple proxy servers are deployed in each high in the clouds and each local database, It is connected with above-mentioned transfer server, user obtains the security event information in each high in the clouds or each local database.

Security event information is reported to multiple data analysis engines by step S2113, transfer server.

Herein it should be noted that above-mentioned transfer server is connected by network with the console in mixed cloud.

In a kind of optional embodiment, in the mixed cloud being made up of the self-built database of multiple users and Ali's cloud Example in, so that console is deployed in Ali's cloud as an example, be deployed with Ali's cloud and the self-built database of each user： Data analysis engine, proxy server and transfer server；By taking wherein any one Self-built Database as an example, agency's clothes Business device is in communication with each other with transfer server, and the security incident for the database to transfer server upload user terminal is believed Breath；Transfer server is connected with data analysis engine, for uploading security event information to data analysis engine；Data Analysis engine is communicated by network with console, the analysis result for uploading security event information to console, So that console obtains the data results of above-mentioned user's Self-built Database.Hereby it is achieved that the control in mixed cloud Platform processed obtains the technique effect of Ali's cloud and the data results in the local cloud database of each user terminal.

Herein it should be noted that the data analysis in each high in the clouds and each user terminal local disposition in mixed cloud is drawn Hold up and upload data results to console, i.e. what console was received is to integrate the total data analysis in mixed cloud As a result, the technique effect being managed to the total data analysis result in mixed cloud is thus achieved, so as to solve existing The Managed Solution for having mixed cloud in technology is isolated, and leads to not the skill that whole mixed cloud is managed collectively from overall angle Art problem.

In a kind of alternative embodiment that the application is provided, preserved in console and show the total data point of whole mixed cloud Analyse after result, the above method also includes：

Step S27, console triggers the Security incident handling function of proxy server, wherein, the peace of proxy server Total event processing function includes：Rule and/or positioning security thing are defendd in the security incident for learning to issue by transfer server The physical message of part.

In a kind of alternative embodiment that the application is provided, step S27 learns the safe thing issued by transfer server Part defence rule, including：

Step S271, console obtains multiple security incidents of proxy server by analyzing the data resource in mixed cloud Defence rule.

Step S273, transfer server sends security incident defence rule to proxy server.

Step S275, proxy server is on the defensive using the security incident defence rule learnt.

In a kind of optional embodiment, attacker is when being invaded, and console matching is attack, then acts on behalf of Server is on the defensive by way of defending the Break Link that rule is included to above-mentioned attack.

In a kind of optional embodiment, attacker is when being invaded, and console matching is attack, then acts on behalf of Server is on the defensive by way of defending the Break Link that rule is included.

In a kind of alternative embodiment that the application is provided, the physical message of positioning security event includes：

Corresponding physical message is determined according to the message information of default communications protocol in mixed cloud.

In a kind of optional embodiment, so that attacker implements network intrusions attack as an example, enter when attacker implements network When invading attack, the IP address of attacker can be navigated to by presetting the message information in communications protocol, and pass through prestige The ability of information is coerced, the target of specific implementation attack operation is navigated to.

In a kind of alternative embodiment that the application is provided, console preserves and shows the total data analysis of whole mixed cloud As a result after, method also includes：Console allows any account access with default access and/or operating console.

In a kind of optional embodiment, exemplified by by the default fixed above-mentioned console of domain name access, access above-mentioned The enterprise customer of the console of mixed cloud or corporate user access the data corresponding with its account, example by presetting account Such as, the account of a certain enterprise only possesses the account for accessing its own data, then the account is only capable of accessing its own enterprise Data message, and third party cloud provider server in mixed cloud is due to the data in mixed cloud to be monitored, to ensure The safe operation of the processor of each in mixed cloud, therefore third party cloud provider server in mixed cloud is used to access mixed Closing the account of cloud has the authority for accessing the Servers-all data in mixed cloud, and is referred to authority according to data distributing Order.

In a kind of alternative embodiment that the application is provided, console preserves and shows the total data analysis of whole mixed cloud As a result include：Console stores total data analysis result to predeterminable area, and shows total data analysis with predetermined manner As a result, wherein, predetermined manner includes：Picture, word and/or form.

In the above-described embodiments, Fig. 3, Fig. 4 and Fig. 5 are display of the console after total data analysis result is preserved Form.Console shows that the display format of total data analysis result can be the display format that above-described embodiment is provided, but Not limited to this.

In a kind of alternative embodiment that the application is provided, step S23 divides the multiple data received in console The data results that analysis component is reported are collected, above-mentioned after the total data analysis result for obtaining whole mixed cloud Method also includes：S25, console preserves and shows the total data analysis result of whole mixed cloud.

Fig. 5 is a kind of optional total data analysis result display interface schematic diagram according to the embodiment of the present application, in one kind In optional embodiment, with reference to shown in Fig. 5, display interface can be divided into three parts, including：Total menu bar, son Menu bar and content display region, wherein, total menu bar is located on the left of display interface, and user selects according to total menu bar Select need obtain mixed cloud information, sub-menu bar be located at display interface on the upside of, user select total menu bar after, Selection more specifically display content, for example, after the overview on the left of selection, including safe overview, emergency and net Network flows to three options, after safe this option of overview is selected, and obtains in the mixed cloud that is shown in viewing area Safe overview information, wherein, in above-mentioned safe overview information, including：Today urgent attack, today amounts to The number of times that attack and weakness today are attacked, and shown respectively in the form of numerical value and chart, to show each number According to this and the relation between each data, while being shown on the right side of content display region, in addition to graphically Various dimensions security attack event historical data.

Herein it should be noted that the total data analysis result that console is shown can be with showing that above-described embodiment is provided The mode of showing is shown, but not limited to this, the scheme of any total data analysis result that can be clearly showed that in mixed cloud Think the display for the total data analysis result of console in the application.

Fig. 6 is the information exchange figure according to a kind of control method optionally with mixed cloud of the embodiment of the present application, knot Close shown in Fig. 6, comprise the following steps：

Step S601, proxy server obtain mixed cloud in security event information, and by security event information send to Transfer server.

Security event information in step S603, the mixed cloud that transfer server obtains proxy server is sent to data Analysing terminal.

Step S605, bypass flow analysis system obtains whole real-time traffic data of mixed cloud, and by mixed cloud Whole real-time traffic data are sent to control terminal.

Step S607, data analysis terminal is led to after the security event information for the mixed cloud that transfer server is sent is obtained Cross and security event information is analyzed, obtain the overall total data analysis result of mixed cloud, and by the sum of mixed cloud Control terminal is reported to according to analysis result.

Step S609, control terminal is after storing and showing the total data analysis result of mixed cloud, under transfer server The security incident defence rule and/or the physical message of positioning security event for sending out new.

The new security incident that control terminal is issued is defendd rule and/or positioning security by step S6011, transfer server The physical message of event is sent to proxy server, to cause proxy server to enter according to new security incident defence rule Row defence.

It should be noted that for foregoing each method embodiment, in order to be briefly described, therefore it is all expressed as to one it is The combination of actions of row, but those skilled in the art should know, the present invention is not limited by described sequence of movement System, because according to the present invention, some steps can be carried out sequentially or simultaneously using other.Secondly, art technology Personnel should also know that embodiment described in this description belongs to preferred embodiment, involved action and module Not necessarily necessary to the present invention.

Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The control method for mixed cloud of example can add the mode of required general hardware platform to realize by software, certainly Can the former be more preferably embodiment by hardware, but in many cases.Understood based on such, skill of the invention The part that art scheme substantially contributes to prior art in other words can be embodied in the form of software product, should Computer software product is stored in a storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions To cause a station terminal equipment (can be mobile phone, computer, server, or network equipment etc.) to perform this hair The method of each bright embodiment.

Embodiment 2

According to embodiments of the present invention, a kind of system for being used to implement the above-mentioned control method for mixed cloud is additionally provided real Example is applied, as shown in fig. 7, the system includes：Data analysis terminal 70 and data terminal 72.

Data analysis terminal 70, each high in the clouds and each user terminal for being deployed in mixed cloud is local, obtains mixed cloud Data results.

In said system, data analysis terminal has data analysis terminal, and above-mentioned data analysis terminal is used to obtain every The service data of individual high in the clouds or each user terminal is simultaneously analyzed service data, obtains each high in the clouds or each user The data results of terminal, such as safety case investigation result, real-time traffic situation etc..

Data terminal 72, control terminal be deployed in mixed cloud any high in the clouds or user terminal it is local, receive many numbers The data results reported according to analysing terminal are collected, and obtain the total data analysis result of whole mixed cloud, and will Total data analysis result is preserved or shown.

Herein it should be noted that, there is data terminal in control terminal, it is local to be deployed in user terminal in data terminal In the case of, it can be deployed in the database associated with user terminal, above-mentioned database can be that user is self-built IDC (internet database, Internet Date Center) or it is deployed in the cloud that user terminal can be accessed Cloud database on end or it is deployed in the local database of user terminal.

In said system, mixed cloud has merged public cloud and private clound (Private Clouds), wherein, private clound It can be IT mechanisms by company or enterprise itself structure or by what cloud provider built provide the user service Cloud；And private clound is characterised by that private clound is generally constructed after fire wall, therefore in the safeguard protection to data Aspect has big advantage, simultaneously as private clound is unstructured in remote data center, so when company or enterprise During data in industry employee access private clound, access process is stable and smooth.Public cloud is often referred to be carried by third party The cloud of the company or enterprise as user is supplied to for business, public cloud can typically be conducted interviews by internet to be made With, with advantage with low cost, the storage of its purpose and shared resource.

Fig. 8 is a kind of structural representation of control system optionally with mixed cloud according to the embodiment of the present application, In a kind of optional embodiment, with reference to shown in Fig. 8, using the mixed cloud that is made up of Ali's cloud, Tengxun's cloud and AWS clouds as Example, in the example present, controller is deployed in Ali's cloud, and data analysis terminal is by transfer server and agency service Device is constituted, and is deployed in Tengxun's cloud and AWS clouds.Proxy server detects the security incident in Tengxun's cloud and AWS clouds Information is simultaneously transmitted to control terminal by transfer server, to reach the technology that control terminal integrally manages whole mixed cloud Effect.

Herein it should be noted that the total data analysis result that data terminal is shown can be provided with above-described embodiment Display mode is shown, but not limited to this, the scheme of any total data analysis result that can be clearly showed that in mixed cloud Can be the display for the total data analysis result of data terminal in the application.

Herein it should be noted that, control terminal be deployed in user terminal it is local in the case of, can be deployed in and user In the database of terminal association, above-mentioned database can be user's self-built IDC (internet database, Internet Date Center) or cloud database on the high in the clouds that user terminal can be accessed is deployed in, it can also dispose In the local database of user terminal.

Deployment on data terminal in mixed cloud it should also be noted that, dispose quantity the application of data terminal Be not specifically limited, a data terminal only disposed in a kind of optional embodiment, in mixed cloud, for store and Show the total data analysis result received.It can also be disposed in an alternative embodiment, in mixed cloud multiple Data terminal, and multiple data terminals include one that the total data terminal of overall management can be carried out to whole mixed cloud, Under the management of total data terminal, disposing multiple and total data terminal has subordinate's data terminal of correspondence, In this embodiment, with total data terminal there is subordinate's data terminal of correspondence can be used for for certain dimension Data are managed, for example, the traffic management data terminal with master control Platform communication can be disposed, it is whole from total data End obtains whole real-time traffic data in mixed cloud, to be managed for the flow in mixed cloud.

The application such scheme builds data terminal in mixed cloud, and disposes data analysis terminal in mixed cloud, leads to The analytic function for crossing data analysis terminal is analyzed the event in mixed cloud, then the data of data analysis terminal are divided Analysis result reports to data terminal, because each data analysis terminal in mixed cloud is connected with data terminal, and to Data terminal reported data analysis result, therefore data terminal can acquire the total data analysis in whole mixed cloud As a result, the total data analysis result acquired is stored or shown again by data terminal, has been reached whole by data End obtains the technique effect of the data message of whole mixed cloud, and then solves the Managed Solution of mixed cloud in the prior art Isolate, lead to not the technical problem that whole mixed cloud is managed collectively from overall angle.

Herein it should be noted that after data terminal receives the data results that multiple data analysis terminals are reported, Data terminal can be easy to the form of displaying by the formation of total data analysis result data or form etc., meanwhile, data terminal New security incident can be issued to data analysis terminal according to the total data result reported and defend rule.

In a kind of alternative embodiment that the application is provided, said system also includes：

Proxy server 74, is connected by transfer server 741 with data terminal, is deployed in each cloud in mixed cloud End and each local database, for detecting in each high in the clouds in mixed cloud and each local self-built data of user The security event information of the heart.

In a kind of alternative embodiment that the application is provided, above-mentioned data analysis terminal includes：

Data analysis engine 701, each high in the clouds being deployed in mixed cloud and each local database, by default Interface is connected with data terminal, for receiving the security incident that the proxy server that multiple proxy servers are reported is detected Information, and security event information is subjected to safety case investigation.

Bypass flow analysis system 702, each high in the clouds and each user terminal for being deployed in mixed cloud is local, by pre- If interface is connected with control terminal, for obtaining whole real-time traffics in mixed cloud by interchanger, wherein, exchange Machine is deployed in each high in the clouds and each user terminal in mixed cloud.

Fig. 9 is a kind of structural representation of control system optionally with mixed cloud according to the embodiment of the present application, In a kind of optional embodiment, with reference to shown in Fig. 9, with mixing for being made up of Ali's cloud and the self-built data center of local user Close exemplified by cloud, above-mentioned bypass flow analysis system can be Beaver bypass flow analysis systems, multiple bypass flows point Analysis system carries out mirror image to the interchanger of each high in the clouds in mixed cloud and local data base, passes through mirror image respective switch Flow method, obtain mixed cloud in whole real-time traffics, Hadoop analysis cluster obtain proxy server send Analyzed to the security event information of transfer server, and to security event information, the total data that analysis is obtained point Analysis result is sent to data terminal, so as to realize that data terminal integrally controls the technique effect of whole mixed cloud.

Herein it should be noted that being deployed in each cloud service in mixed cloud due to above-mentioned bypass flow analysis system In device or local Self-built Database, therefore data terminal is by receiving the flow point that each bypass flow analysis system is reported Analyse result, and after being collected, the real-time traffic of mixed cloud entirety can be obtained, i.e. with the number in above-mentioned steps After being combined according to analysis engine, it can realize that data terminal carries out the technology of overall management and monitoring to the data in mixed cloud Effect, and then solve the Managed Solution of mixed cloud in the prior art and isolate, lead to not unified from overall angle Manage the technical problem of whole mixed cloud.

Embodiment 3

According to embodiments of the present invention, a kind of dress for being used to implement a kind of above-mentioned control method for mixed cloud is additionally provided Embodiment is put, as shown in Figure 10, the device includes：Receiving module 10 and analysis module 102.

Receiving module 100, for receiving the data results that multiple components of data analysis are reported, wherein, console Any high in the clouds or local arbitrary data storehouse being deployed in mixed cloud, multiple components of data analysis are deployed in mixed cloud Each high in the clouds and each local database.

In said apparatus, mixed cloud has merged public cloud and private clound (Private Clouds), wherein, private clound It can be IT mechanisms by company or enterprise itself structure or by what cloud provider built provide the user service Cloud；And private clound is characterised by that private clound is generally constructed after fire wall, therefore in the safeguard protection to data Aspect has big advantage, simultaneously as private clound is unstructured in remote data center, so when company or enterprise During data in industry employee access private clound, access process is stable and smooth.Public cloud is often referred to be carried by third party The cloud of the company or enterprise as user is supplied to for business, public cloud can typically be conducted interviews by internet to be made With, with advantage with low cost, the storage of its purpose and shared resource.

Analysis module 102, the data results for the multiple components of data analysis received to be reported are collected, Obtain the total data analysis result of whole mixed cloud.

In said apparatus, components of data analysis can be deployed in each cloud or the local data base in mixed cloud Data point client, above-mentioned multiple components of data analysis need to be connected with console, for sending data point to console Analyse result.

Herein it should be noted that, console be deployed in user terminal it is local in the case of, can be deployed in and user is whole In the database for holding association, above-mentioned database can be the self-built IDC of user (internet database, Internet Date Center) or the cloud database that is deployed on the high in the clouds that user terminal can be accessed, user can also be deployed in The database of terminal local.

Herein it should be noted that components of data analysis has data-handling capacity in itself, i.e. pass through data processing visitor The data that completion is handled for components of data analysis are transmitted to the data of console at family end, are in uniformly for being done on console It is existing.

Herein it should be noted that due to console be by receive analysis result that multiple components of data analysis report come Obtain the total data analysis result in whole mixed cloud, thus above-mentioned console can be deployed in it is any one in mixed cloud In individual cloud, it can also be deployed in any one local data base in mixed cloud, i.e. the application is disposed to console Position do not limit.

Deployment on console is not it should also be noted that, quantity the application that console is disposed in mixed cloud is also done It is specific to limit, but be the technical problem that the Managed Solution in mixed cloud is isolated for the application technical issues that need to address, Therefore a console is only disposed in a kind of optional embodiment, in mixed cloud, for storing and showing what is received Total data analysis result.In an alternative embodiment, multiple consoles can also be disposed in mixed cloud, and it is many Individual console includes one can carry out the supervisory control desk of overall management to whole mixed cloud, in the management of supervisory control desk Under, disposing multiple and supervisory control desk has subordinate's console of correspondence, in such an embodiment, with master control There is platform subordinate's console of correspondence can be used for being managed for the data of certain dimension, for example, can portion Administration and the traffic management console of master control Platform communication, whole real-time traffic numbers from supervisory control desk acquisition mixed cloud According to be managed for the flow in mixed cloud.

It is data analysis in components of data analysis with reference to shown in Figure 11 in a kind of alternative embodiment that the application is provided In the case of engine, device also includes：

First receiving submodule 112, agency's clothes that multiple proxy servers are reported are received for multiple data analysis engines The security event information that business device is detected.

Second receiving submodule 114, the safe thing received for multiple data analysis engines according to data analysis engine Part information carries out safety case investigation, obtains safety case investigation result.

First reporting module 116, console is reported to for multiple data analysis engines by safety case investigation result.

In a kind of optional embodiment, the security incident time can connect including the exception of each server between mixed cloud Situation is connect, Fig. 3 is the abnormal connection of server between a kind of optional detection mixed cloud according to the embodiment of the present application Show result schematic diagram, with reference to shown in Fig. 3, Fig. 3 using show the annexation of each server between mixed cloud as Purpose, if possessing annexation always between two servers, then it is assumed that the connection between above-mentioned two server is closed System is normal, in the event of new annexation, then it is assumed that two servers with above-mentioned new annexation Between annexation there may be exception, mark is made to the server for new annexation occur, so as to further Check.

It is bypass flow in components of data analysis with reference to shown in Figure 12 in a kind of alternative embodiment that the application is provided In the case of analysis system, device also includes：

Acquisition module 120, obtains all real-time in mixed cloud for multiple bypass flow analysis systems by interchanger Flow, wherein, interchanger is deployed in each high in the clouds and each user terminal in mixed cloud.

Whole real-time traffics in mixed cloud are reported to control by the second reporting module 122 for multiple data analysis engines Platform processed.

Herein it should be noted that being deployed in each cloud service in mixed cloud due to above-mentioned bypass flow analysis system In device or local Self-built Database, therefore console is by receiving the flow analysis that each bypass flow analysis system is reported As a result, and after being collected, the overall real-time traffic of mixed cloud can be obtained, i.e. with the data in above-mentioned steps After analysis engine section and, can realize that console carries out the technique effect of overall management and monitoring to the data in mixed cloud, And then solve the Managed Solution of mixed cloud in the prior art and isolate, lead to not to be managed collectively from overall angle whole The technical problem of individual mixed cloud.

In a kind of alternative embodiment that the application is provided, with reference to shown in Figure 13, said apparatus also includes：Display module The 130 total data analysis result for preserving and showing the whole mixed cloud.

Embodiment 4

Embodiments of the invention can provide a kind of terminal, the terminal can be terminal group in Any one computer terminal.Alternatively, in the present embodiment, above computer terminal can also be replaced with The terminal devices such as mobile terminal.

Alternatively, in the present embodiment, above computer terminal can be located in multiple network equipments of computer network At least one network equipment.

In the present embodiment, above computer terminal can perform in the control method for mixed cloud of application program with The program code of lower step：The data that multiple components of data analysis are reported are received by the console being deployed in mixed cloud Analysis result, wherein, console is deployed in any high in the clouds or local arbitrary data storehouse in mixed cloud, multiple data Analytic unit is deployed in each high in the clouds and each local database in mixed cloud；Console is by many numbers received The data results reported according to analytic unit are collected, and obtain the total data analysis result of whole mixed cloud；Control Platform preserves and shows the total data analysis result of whole mixed cloud.

Alternatively, Figure 14 is a kind of structured flowchart of terminal according to embodiments of the present invention.As shown in figure 14, The terminal 1400 can include：One or more (one is only shown in figure) processors 1404, memory 1402nd, transmitting device 1406, server 1410 and user terminal 1408.

Wherein, memory can be used for storage software program and module, as in the embodiment of the present invention be used for mixed cloud Control method and the corresponding programmed instruction/module of device, processor by operation be stored in the software program in memory with And module, so as to perform various function application and data processing, that is, realize the above-mentioned control method for mixed cloud. Memory may include high speed random access memory, can also include nonvolatile memory, and such as one or more magnetic is deposited Storage device, flash memory or other non-volatile solid state memories.In some instances, memory can further comprise The memory remotely located relative to processor, these remote memories can pass through network connection to terminal 1408.On The example for stating network includes but is not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.

Processor can call the information and application program of memory storage by transmitting device, to perform following step： The data results that multiple components of data analysis are reported are received by the console being deployed in mixed cloud, wherein, control Platform processed is deployed in any high in the clouds or local arbitrary data storehouse in mixed cloud, and multiple components of data analysis are deployed in mixing Each high in the clouds and each local database in cloud；The number that console reports the multiple components of data analysis received Collected according to analysis result, obtain the total data analysis result of whole mixed cloud；Console preserves and shows whole mixed Close the total data analysis result of cloud.

Optionally, above-mentioned processor can also carry out the program code of following steps：Multiple data analysis engines receive many The security event information that the proxy server that individual proxy server is reported is detected；Multiple data analysis engines are according to data The security event information that analysis engine is received carries out safety case investigation, obtains safety case investigation result；Many numbers Safety case investigation result is reported into console according to analysis engine.

Optionally, above-mentioned processor can also carry out the program code of following steps：Multiple bypass flow analysis systems are by exchanging Machine obtains whole real-time traffics in mixed cloud, wherein, interchanger is deployed in each high in the clouds and each use in mixed cloud Family terminal；Whole real-time traffics in mixed cloud are reported to console by multiple data analysis engines.

Optionally, above-mentioned processor can also carry out the program code of following steps：The multiple data analysis engine leads to Cross default standard interface and safety case investigation result is reported into the console；Or the multiple data analysis engine Whole real-time traffics in the mixed cloud are reported to by the console by default standard interface.

Optionally, above-mentioned processor can also carry out the program code of following steps：Multiple proxy servers will be obtained To security event information be uploaded to transfer server；Security event information is reported to multiple data point by transfer server Analyse engine.

Optionally, above-mentioned processor can also carry out the program code of following steps：The console triggers the agency The Security incident handling function of server, wherein, the Security incident handling function of the proxy server includes：Study The security incident defence rule and/or the physical message of the positioning security incident issued by the transfer server.

Optionally, above-mentioned processor can also carry out the program code of following steps：Console is by analyzing in mixed cloud Data resource obtain proxy server multiple security incidents defence rule；Transfer server defends security incident to advise Then send to proxy server；Proxy server is on the defensive using the security incident defence rule learnt.

Optionally, above-mentioned processor can also carry out the program code of following steps：According to default in the mixed cloud The message information of communications protocol determines the corresponding physical message.

Optionally, above-mentioned processor can also carry out the program code of following steps：Console allows any with default The account access and/or operating console of authority.

Optionally, above-mentioned processor can also carry out the program code of following steps：The console preserves and shows institute State the total data analysis result of whole mixed cloud.

Optionally, above-mentioned processor can also carry out the program code of following steps：Console is by total data analysis result Store to predeterminable area, and total data analysis result is shown with predetermined manner, wherein, predetermined manner includes：Picture, Word and/or form.

It will appreciated by the skilled person that the structure shown in Figure 14 is only signal, terminal can also be Smart mobile phone (such as Android phone, iOS mobile phones), tablet personal computer, applause computer and mobile internet device The terminal device such as (Mobile Internet Devices, MID), PAD.Figure 14 its not to above-mentioned electronic installation Structure cause limit.For example, terminal 13 may also include the component more or less than shown in Figure 14 (such as network interface, display device), or with the configuration different from shown in Figure 14.

One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can be with Completed by program come the device-dependent hardware of command terminal, the program can be stored in a computer-readable storage medium In matter, storage medium can include：Flash disk, read-only storage (Read-Only Memory, ROM), deposit at random Take device (Random Access Memory, RAM), disk or CD etc..

Embodiment 5

Embodiments of the invention additionally provide a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium It can be used for preserving the program code performed by the control method for mixed cloud that above-described embodiment one is provided.

Alternatively, in the present embodiment, above-mentioned storage medium can be located in computer network Computer terminal group In any one terminal, or in any one mobile terminal in mobile terminal group.

Alternatively, in the present embodiment, storage medium is arranged to the program code that storage is used to perform following steps： The data results that multiple components of data analysis are reported are received by the console being deployed in mixed cloud, wherein, control Platform processed is deployed in any high in the clouds of mixed cloud or the local any cloud database of user terminal, multiple components of data analysis It is deployed in each high in the clouds of mixed cloud and the local cloud database of each user terminal；Console is multiple by what is received The data results that components of data analysis is reported are collected, and obtain the total data analysis result of whole mixed cloud；Control Platform processed preserves and shows the total data analysis result of whole mixed cloud.

Alternatively, storage medium is also configured to the program code that storage is used to perform following steps：Multiple data analyses The security event information that the proxy server that the multiple proxy servers of engine reception are reported is detected；Multiple data analyses are drawn Hold up the security event information received according to data analysis engine and carry out safety case investigation, obtain safety case investigation knot Really；Safety case investigation result is reported to console by multiple data analysis engines.

Alternatively, storage medium is also configured to the program code that storage is used to perform following steps：Multiple bypass flows Analysis system is obtained by the interchanger in each high in the clouds to being deployed in mixed cloud and the local database of each user terminal Take whole real-time traffics in mixed cloud；Whole real-time traffics in mixed cloud are reported to control by multiple data analysis engines Platform processed.

Alternatively, storage medium is also configured to the program code that storage is used to perform following steps：Multiple data analyses Safety case investigation result is reported to console by engine by default standard interface；Or multiple data analysis engines are logical Cross default standard interface and whole real-time traffics in mixed cloud are reported into console.

Alternatively, storage medium is also configured to the program code that storage is used to perform following steps：Preserved in console And after showing the total data analysis result of whole mixed cloud, method also includes：Console triggers the peace of proxy server Total event processing function, wherein, the Security incident handling function of proxy server includes：Study passes through transfer server The security incident defence rule and/or the physical message of positioning security event issued.

Alternatively, storage medium is also configured to the program code that storage is used to perform following steps：Console is by dividing Analyse multiple security incidents defence rule that the data resource in mixed cloud obtains proxy server；Transfer server will safety Event defence rule is sent to proxy server；Proxy server is prevented using the security incident defence rule learnt It is imperial.

Alternatively, storage medium is also configured to the program code that storage is used to perform following steps：According to the mixing The message information of default communications protocol determines the corresponding physical message in cloud.

Alternatively, storage medium is also configured to the program code that storage is used to perform following steps：Console allows to appoint Account access and/or operating console of the meaning with default access.

Alternatively, storage medium is also configured to the program code that storage is used to perform following steps：The console is protected Deposit and show the total data analysis result of the whole mixed cloud.

Alternatively, storage medium is also configured to the program code that storage is used to perform following steps：Console is by sum Stored according to analysis result to predeterminable area, and total data analysis result is shown with predetermined manner, wherein, predetermined manner bag Include：Picture, word and/or form.

The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.

In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment The part of detailed description, may refer to the associated description of other embodiment.

, can be by other in several embodiments provided herein, it should be understood that disclosed technology contents Mode realize.Wherein, device embodiment described above is only schematical, such as division of described unit, It is only a kind of division of logic function, there can be other dividing mode when actually realizing, such as multiple units or component Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, institute Display or the coupling each other discussed or direct-coupling or communication connection can be by some interfaces, unit or mould The INDIRECT COUPLING of block or communication connection, can be electrical or other forms.

The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to On multiple NEs.Some or all of unit therein can be selected to realize the present embodiment according to the actual needs The purpose of scheme.

In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.It is above-mentioned integrated Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.

If the integrated unit realized using in the form of SFU software functional unit and as independent production marketing or in use, It can be stored in a computer read/write memory medium.Understood based on such, technical scheme essence On all or part of the part that is contributed in other words to prior art or the technical scheme can be with software product Form is embodied, and the computer software product is stored in a storage medium, including some instructions are to cause one Platform computer equipment (can be personal computer, server or network equipment etc.) performs each embodiment institute of the invention State all or part of step of method.And foregoing storage medium includes：USB flash disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD Etc. it is various can be with the medium of store program codes.

Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improve and moistened Decorations also should be regarded as protection scope of the present invention.

Claims

1. a kind of control method for mixed cloud, it is characterised in that including：

The data results that multiple components of data analysis are reported are received by the console being deployed in mixed cloud, Wherein, the console be deployed in the mixed cloud any high in the clouds or user terminal it is local, the multiple data Analytic unit be deployed in the mixed cloud each high in the clouds and each user terminal it is local；

The data results that the console reports the multiple components of data analysis received are carried out Collect, obtain the total data analysis result of whole mixed cloud.

2. according to the method described in claim 1, it is characterised in that in the components of data analysis be data analysis engine In the case of, before console receives the data results that multiple components of data analysis are reported, methods described Also include：

What the proxy server that the multiple proxy servers of the multiple data analysis engine reception are reported was detected Security event information；

The security event information that the multiple data analysis engine is received according to the data analysis engine enters Row safety case investigation, obtains safety case investigation result；

The safety case investigation result is reported to the console by the multiple data analysis engine.

3. according to the method described in claim 1, it is characterised in that analyzed in the components of data analysis for bypass flow It is described before console receives the data results that multiple components of data analysis are reported in the case of system Method also includes：

Multiple bypass flow analysis systems obtain whole real-time traffics in the mixed cloud by interchanger, Wherein, the interchanger is deployed in each high in the clouds in the mixed cloud and each user terminal；

Multiple bypass flow analysis systems report to whole real-time traffics in the mixed cloud described Console.

4. according to the method in claim 2 or 3, it is characterised in that

The multiple data analysis engine is reported to safety case investigation result by default standard interface described Console；Or

The multiple data analysis engine is by default standard interface by whole real-time traffics in the mixed cloud Report to the console.

5. method according to claim 2, it is characterised in that the multiple data analysis engine receives multiple agencies The security event information that the proxy server that server is reported is detected, including：

The security event information acquired is uploaded to transfer server by the multiple proxy server；

The security event information is reported to the multiple data analysis engine by the transfer server.

6. method according to claim 5, it is characterised in that preserved in the console and show described whole mixed After the total data analysis result for closing cloud, methods described also includes：Console triggering agency's clothes The Security incident handling function of business device, wherein, the Security incident handling function of the proxy server includes：Learn Practise the physics that rule and/or the positioning security incident are defendd in the security incident issued by the transfer server Information.

7. method according to claim 6, it is characterised in that the safety that study is issued by the transfer server Event defence rule, including：

The console obtains multiple peaces of the proxy server by analyzing the data resource in the mixed cloud Total event defence rule；

The transfer server sends security incident defence rule to the proxy server；

The proxy server is on the defensive using the security incident defence rule learnt.

8. method according to claim 6, it is characterised in that the physical message of the positioning security incident：

The corresponding physical message is determined according to the message information of default communications protocol in the mixed cloud.

9. according to the method described in claim 1, it is characterised in that the console preserves and shows the whole mixing After the total data analysis result of cloud, methods described also includes：The console allows any with default The account access and/or the operation console of authority.

10. according to the method described in claim 1, it is characterised in that in the console by the multiple number received The data results reported according to analytic unit are collected, and obtain the total data analysis knot of whole mixed cloud After fruit, methods described also includes：The console preserves and shows the total data of the whole mixed cloud Analysis result.

11. method according to claim 10, it is characterised in that the console preserves and shows the whole mixing The total data analysis result of cloud includes：The console stores the total data analysis result to preset areas Domain, and the total data analysis result is shown with predetermined manner, wherein, the predetermined manner includes：Picture, Word and/or form.

12. a kind of control system of mixed cloud, it is characterised in that including：

Data analysis terminal, each high in the clouds and each user terminal for being deployed in the mixed cloud is local, obtains institute State the data results of mixed cloud；

Control terminal, any high in the clouds or the user terminal for being deployed in the mixed cloud is local, receives multiple data The data results that analysing terminal is reported are collected, and obtain the total data analysis result of whole mixed cloud.

13. system according to claim 12, it is characterised in that the system also includes：

Proxy server, is connected by transfer server with the control terminal, is deployed in the every of the mixed cloud Individual high in the clouds and each user terminal are local, detect each high in the clouds of the mixed cloud and the safety of each user terminal Event information.

14. system according to claim 13, it is characterised in that the data analysis terminal includes：

Data analysis engine, each high in the clouds and each user terminal for being deployed in the mixed cloud is local, by pre- If interface is connected with the control terminal, for receiving the proxy server inspection that multiple proxy servers are reported The security event information measured, and the security event information is subjected to safety case investigation；

Bypass flow analysis system, each high in the clouds and each user terminal for being deployed in the mixed cloud is local, leads to Cross preset interface with the control terminal to be connected, for obtaining all real-time in the mixed cloud by interchanger Flow, wherein, the interchanger is deployed in each high in the clouds and each user terminal in the mixed cloud.

15. a kind of control device for mixed cloud, it is characterised in that including：

Receiving module, for receiving the data results that multiple components of data analysis are reported, wherein, console Any high in the clouds or the user terminal for being deployed in the mixed cloud are local, and the multiple components of data analysis is deployed in institute Each high in the clouds and each user terminal for stating mixed cloud are local；

Analysis module, for the data results for reporting the multiple components of data analysis received Collected, obtain the total data analysis result of whole mixed cloud.

16. device according to claim 15, it is characterised in that in the components of data analysis be data analysis engine In the case of, described device also includes：

First receiving submodule, the institute that multiple proxy servers are reported is received for the multiple data analysis engine State the security event information that proxy server is detected；

Second receiving submodule, is received for the multiple data analysis engine according to the data analysis engine The security event information carry out safety case investigation, obtain safety case investigation result；

First reporting module, reports to the safety case investigation result for the multiple data analysis engine The console.

17. device according to claim 15, it is characterised in that analyzed in the components of data analysis for bypass flow In the case of system, described device also includes：

Acquisition module, for obtaining whole real-time traffics in the mixed cloud by interchanger, wherein, it is described Interchanger is deployed in each high in the clouds and each user terminal in the mixed cloud；

Second reporting module, for whole real-time traffics in the mixed cloud to be reported into the console.

18. device according to claim 15, it is characterised in that described device also includes：

Display module, the total data analysis result for showing the whole mixed cloud.