CN108632378A - A kind of monitoring method of facing cloud platform business - Google Patents
A kind of monitoring method of facing cloud platform business Download PDFInfo
- Publication number
- CN108632378A CN108632378A CN201810451281.0A CN201810451281A CN108632378A CN 108632378 A CN108632378 A CN 108632378A CN 201810451281 A CN201810451281 A CN 201810451281A CN 108632378 A CN108632378 A CN 108632378A
- Authority
- CN
- China
- Prior art keywords
- monitoring
- network
- cloud platform
- namespace
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/046—Network management architectures or arrangements comprising network management agents or mobile agents therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to cloud platform monitoring technology field, especially a kind of monitoring method of facing cloud platform business.The present invention distributes a monitoring network interface card in cloud platform and is used to the business virtual machine or container for needing to monitor for monitoring;Security strategy, the communication of limit service system and monitoring network gateway are added on monitoring network interface card;The gateway address for monitoring network is allowed to access;Monitoring network gateway address and cloud platform management net are linked into network namespace by newly-increased network namespace, and adding safety regulation on the net only in the management of access allows monitoring controller management service address to access network namespace;Limit the management net of the outside access network namespace;Agent process is enabled in network namespace, the request of cloud platform controller monitoring is forwarded to inside virtual machine or container;Convert the request address of virtual machine monitoring network;Receive monitoring request inside virtual machine or container, and response monitoring is asked, feeds back association requests monitoring data.The present invention can monitor big data in cloud platform, the operation system of database.
Description
Technical field
The present invention relates to cloud platform monitoring technology field, especially a kind of monitoring method of facing cloud platform business.
Background technology
Various businesses are run on cloud computing platform at present, wherein containing Web server, Database Systems, big data
Handle the systems such as cluster.Monitoring to business is the important indicator for the operation maintenance for weighing cloud platform.The monitoring of business is usually wanted
Collect the information such as daily record, the connection number inside operation system.Service system monitoring method usually in cloud platform is to pass through industry
The communication network of business system or the serial communication of virtual machine obtain, and can influence the normal industry of operation system to a certain extent
Business, and the monitoring data obtained is difficult that user is facilitated to check service operation index in the system for be integrated into cloud platform.
Invention content
Present invention solves the technical problem that being to provide a kind of facing cloud platform business monitoring method;It can reduce to business
The influence of system and user is facilitated to check service operation situation.
The present invention solve above-mentioned technical problem technical solution be:
The method includes the following steps:
Step 1:Distributed in cloud platform a monitoring network interface card to need the business virtual machine that monitors or container for monitoring
It uses;
Step 2:Security strategy, the communication of limit service system and monitoring network gateway are added on monitoring network interface card;Allow
The gateway address for monitoring network accesses;
Step 3:Monitoring network gateway address and cloud platform management net are linked into network life by newly-increased network namespace
In the name space, adding safety regulation on the net only in the management of access allows monitoring controller management service address to access network naming
Space;Limit the management net of the outside access network namespace;
Step 4:Network namespace enable agent process, by cloud platform controller monitoring request be forwarded to virtual machine or
Inside container;Convert the request address of virtual machine monitoring network;
Step 5:Receive monitoring request inside virtual machine or container, and response monitoring is asked, feedback association requests monitor number
According to.
The distribution monitoring network interface card is allocated management of by cloud platform network controller from the monitoring network of cloud platform, packet
Include network address information;
The monitoring network is set by cloud platform system manager backstage, and monitoring network contains gateway, the IP of network
Address will not be supplied to the operation system in cloud platform to use;Monitoring network, service communication network, cloud platform management network will be real
Existing quarantine measures, ensure using monitoring network interface card system cannot and managing network communication.
Security strategy only allows to monitor the monitoring network in network gateway request access service system;Different business systems
Monitored address cannot access mutually;Prevent operation system actively by monitoring network outside access.
(1) monitoring network gateway and cloud platform management net, cloud platform monitoring controller have been accessed in network namespace
The agent process service of network namespace can be accessed by managing network;
(2) safe group policy in network namespace only allows the management of cloud platform monitoring controller by rule limitation
End address, which accesses, manages network address in the network namespace, do not allow actively to access management net inside network namespace
Network;
(3) agent process service operation can ask the business monitoring of monitoring controller logical in network namespace
Cross the monitoring service that monitoring network is forwarded to operation system.
Scheme through the invention orders the business monitoring data of cloud platform by monitoring network to management net using network
Name space process agent technology is collected into cloud platform business monitoring data to cloud platform and shows, reduces to cloud platform operation system
Influence, improve cloud platform service operation ability.
Description of the drawings
The following further describes the present invention with reference to the drawings:
Fig. 1 is flow chart of the present invention.
Specific implementation mode
As shown in Figure 1, specific implementation process of the present invention is as follows:
1, virtual machine or container of the monitoring network to monitoring are distributed
By a monitoring port of OpenstackNeutron components Dhcp distribution monitoring networks
2, security strategy is added in monitoring
By iptbables setting virtual firewall rules, such as open monitoring gateway IP access monitoring port
3, network namespace is increased newly
Network namespace is increased newly by ip netns related commands, and management network and monitoring network are linked into net
In network NameSpace
4, start agent process
Httpd service forms may be used in agent process, receive the request to business monitoring of monitoring controller, then exist
It is packaged into the process that monitoring request is sent to operation system internal control;
Its httpd process started can use ip nents exec to start.
5, operation system internal control
Mainly receive the request from monitor gateway, analysis request and respond request.
Whole flow process terminates.
Claims (5)
1. a kind of monitoring method of facing cloud platform business, which is characterized in that the method includes the following steps:
Step 1:A monitoring network interface card is distributed in cloud platform to use for monitoring to the business virtual machine or container for needing to monitor;
Step 2:Security strategy, the communication of limit service system and monitoring network gateway are added on monitoring network interface card;Allow to monitor
The gateway address of network accesses;
Step 3:Monitoring network gateway address and cloud platform management net are linked into network naming sky by newly-increased network namespace
In, adding safety regulation on the net only in the management of access allows monitoring controller management service address to access network naming sky
Between;Limit the management net of the outside access network namespace;
Step 4:Agent process is enabled in network namespace, the request of cloud platform controller monitoring is forwarded to virtual machine or container
It is internal;Convert the request address of virtual machine monitoring network;
Step 5:Receive monitoring request inside virtual machine or container, and response monitoring is asked, feeds back association requests monitoring data.
2. according to the method described in claim 1, it is characterized in that:
The described distribution monitoring network interface card is allocated management of by cloud platform network controller from the monitoring network of cloud platform, including net
Network address information;
The monitoring network is set by cloud platform system manager backstage, and monitoring network contains gateway, the IP address of network
The operation system in cloud platform will not be supplied to use;Monitor network, service communication network, cloud platform management network will realize every
From measure, ensure using monitoring network interface card system cannot and managing network communication.
3. according to the method described in claim 1, it is characterized in that:Described
Security strategy only allows to monitor the monitoring network in network gateway request access service system;The monitoring of different business systems
Address cannot access mutually;Prevent operation system actively by monitoring network outside access.
4. according to the method described in claim 2, it is characterized in that:Described
Security strategy only allows to monitor the monitoring network in network gateway request access service system;The monitoring of different business systems
Address cannot access mutually;Prevent operation system actively by monitoring network outside access.
5. method according to any one of claims 1 to 4, it is characterised in that:
(1) monitoring network gateway and cloud platform management net have been accessed in network namespace, cloud platform monitoring controller can be with
The agent process service of network namespace is accessed by managing network;
(2) safe group policy in network namespace, the management end of cloud platform monitoring controller is only allowed by rule limitation
Location, which accesses, manages network address in the network namespace, do not allow actively to access management network inside network namespace;
(3) agent process service operation can ask the business monitoring of monitoring controller to pass through prison in network namespace
Monitoring service of the control forwarded to operation system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810451281.0A CN108632378B (en) | 2018-05-11 | 2018-05-11 | Monitoring method for cloud platform service |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810451281.0A CN108632378B (en) | 2018-05-11 | 2018-05-11 | Monitoring method for cloud platform service |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108632378A true CN108632378A (en) | 2018-10-09 |
CN108632378B CN108632378B (en) | 2021-04-27 |
Family
ID=63692822
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810451281.0A Expired - Fee Related CN108632378B (en) | 2018-05-11 | 2018-05-11 | Monitoring method for cloud platform service |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108632378B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110233837A (en) * | 2019-06-06 | 2019-09-13 | 上海思询信息科技有限公司 | One kind being based on cloud platform user network safeguard construction |
CN110572439A (en) * | 2019-08-14 | 2019-12-13 | 中国电子科技集团公司第二十八研究所 | cloud monitoring method based on metadata service and virtual forwarding network bridge |
WO2020125265A1 (en) * | 2018-12-21 | 2020-06-25 | 中兴通讯股份有限公司 | Container service monitoring method, system and computer readable storage medium |
CN111756599A (en) * | 2020-06-23 | 2020-10-09 | 中国联合网络通信集团有限公司 | Service monitoring method and device |
CN113162944A (en) * | 2021-04-29 | 2021-07-23 | 杭州安恒信息安全技术有限公司 | Network communication method, device and equipment for security operation platform and security component |
CN114006828A (en) * | 2021-10-22 | 2022-02-01 | 济南浪潮数据技术有限公司 | Method and system for realizing communication between tenant virtual machine in cloud environment and cloud platform management surface |
CN114095357A (en) * | 2021-11-18 | 2022-02-25 | 中国光大银行股份有限公司 | Business system |
CN114416278A (en) * | 2021-12-14 | 2022-04-29 | 北京勤慕数据科技有限公司 | Container network communication monitoring method and system |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140003249A1 (en) * | 2012-06-30 | 2014-01-02 | Huawei Technologies Co., Ltd. | Virtual port monitoring method and apparatus |
CN104683165A (en) * | 2013-11-27 | 2015-06-03 | 北京天地超云科技有限公司 | Monitor method for virtual machine network data in Xen virtual environment |
CN104915263A (en) * | 2015-06-30 | 2015-09-16 | 北京奇虎科技有限公司 | Process fault processing method and device based on container technology |
US20150339145A1 (en) * | 2014-05-26 | 2015-11-26 | Electronics And Telecommunications Research Institute | Virtual machine service system and virtual machine service providing method thereof |
CN105446797A (en) * | 2015-11-30 | 2016-03-30 | 国云科技股份有限公司 | Virtual machine access service method |
CN106411589A (en) * | 2016-09-29 | 2017-02-15 | 北京神州绿盟信息安全科技股份有限公司 | Method and apparatus for realizing high availability |
CN106612225A (en) * | 2016-12-12 | 2017-05-03 | 武汉烽火信息集成技术有限公司 | Openstack based agent deployment system and method |
CN107395621A (en) * | 2017-08-18 | 2017-11-24 | 国云科技股份有限公司 | A kind of virtual machine network interface card traffic classification monitoring method |
CN107566152A (en) * | 2017-06-13 | 2018-01-09 | 中国银联股份有限公司 | Method and device for virtual network link detection |
CN107623611A (en) * | 2017-09-22 | 2018-01-23 | 国云科技股份有限公司 | A kind of flux monitoring system of cloud platform virtual machine |
US20180062880A1 (en) * | 2016-08-27 | 2018-03-01 | Jia Yu | Centralized Processing of North-South Traffic for Logical Network in Public Cloud |
-
2018
- 2018-05-11 CN CN201810451281.0A patent/CN108632378B/en not_active Expired - Fee Related
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140003249A1 (en) * | 2012-06-30 | 2014-01-02 | Huawei Technologies Co., Ltd. | Virtual port monitoring method and apparatus |
CN104683165A (en) * | 2013-11-27 | 2015-06-03 | 北京天地超云科技有限公司 | Monitor method for virtual machine network data in Xen virtual environment |
US20150339145A1 (en) * | 2014-05-26 | 2015-11-26 | Electronics And Telecommunications Research Institute | Virtual machine service system and virtual machine service providing method thereof |
CN104915263A (en) * | 2015-06-30 | 2015-09-16 | 北京奇虎科技有限公司 | Process fault processing method and device based on container technology |
CN105446797A (en) * | 2015-11-30 | 2016-03-30 | 国云科技股份有限公司 | Virtual machine access service method |
US20180062880A1 (en) * | 2016-08-27 | 2018-03-01 | Jia Yu | Centralized Processing of North-South Traffic for Logical Network in Public Cloud |
CN106411589A (en) * | 2016-09-29 | 2017-02-15 | 北京神州绿盟信息安全科技股份有限公司 | Method and apparatus for realizing high availability |
CN106612225A (en) * | 2016-12-12 | 2017-05-03 | 武汉烽火信息集成技术有限公司 | Openstack based agent deployment system and method |
CN107566152A (en) * | 2017-06-13 | 2018-01-09 | 中国银联股份有限公司 | Method and device for virtual network link detection |
CN107395621A (en) * | 2017-08-18 | 2017-11-24 | 国云科技股份有限公司 | A kind of virtual machine network interface card traffic classification monitoring method |
CN107623611A (en) * | 2017-09-22 | 2018-01-23 | 国云科技股份有限公司 | A kind of flux monitoring system of cloud platform virtual machine |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020125265A1 (en) * | 2018-12-21 | 2020-06-25 | 中兴通讯股份有限公司 | Container service monitoring method, system and computer readable storage medium |
CN111355622A (en) * | 2018-12-21 | 2020-06-30 | 中兴通讯股份有限公司 | Container traffic monitoring method, system and computer readable storage medium |
CN110233837A (en) * | 2019-06-06 | 2019-09-13 | 上海思询信息科技有限公司 | One kind being based on cloud platform user network safeguard construction |
CN110572439A (en) * | 2019-08-14 | 2019-12-13 | 中国电子科技集团公司第二十八研究所 | cloud monitoring method based on metadata service and virtual forwarding network bridge |
CN111756599A (en) * | 2020-06-23 | 2020-10-09 | 中国联合网络通信集团有限公司 | Service monitoring method and device |
CN113162944B (en) * | 2021-04-29 | 2022-08-02 | 杭州安恒信息安全技术有限公司 | Network communication method, device and equipment for security operation platform and security component |
CN113162944A (en) * | 2021-04-29 | 2021-07-23 | 杭州安恒信息安全技术有限公司 | Network communication method, device and equipment for security operation platform and security component |
CN114006828A (en) * | 2021-10-22 | 2022-02-01 | 济南浪潮数据技术有限公司 | Method and system for realizing communication between tenant virtual machine in cloud environment and cloud platform management surface |
CN114006828B (en) * | 2021-10-22 | 2024-02-02 | 济南浪潮数据技术有限公司 | Method and system for realizing communication between cloud environment tenant virtual machine and cloud platform management plane |
CN114095357A (en) * | 2021-11-18 | 2022-02-25 | 中国光大银行股份有限公司 | Business system |
CN114095357B (en) * | 2021-11-18 | 2024-05-14 | 中国光大银行股份有限公司 | Service system |
CN114416278A (en) * | 2021-12-14 | 2022-04-29 | 北京勤慕数据科技有限公司 | Container network communication monitoring method and system |
CN114416278B (en) * | 2021-12-14 | 2023-01-17 | 北京勤慕数据科技有限公司 | Container network communication monitoring method and system |
Also Published As
Publication number | Publication date |
---|---|
CN108632378B (en) | 2021-04-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108632378A (en) | A kind of monitoring method of facing cloud platform business | |
CN107689953B (en) | Multi-tenant cloud computing-oriented container security monitoring method and system | |
CN109871224A (en) | A kind of gray scale dissemination method, system, medium and equipment based on user identifier | |
CN109376532A (en) | Power network security monitoring method and system based on the analysis of ELK log collection | |
US20020059427A1 (en) | Apparatus and method for dynamically allocating computer resources based on service contract with user | |
US20040193906A1 (en) | Network service security | |
EP2370928B1 (en) | Access control | |
CN1271838C (en) | Method for providing access control to single sign-on computer networks | |
CN109918359A (en) | Database service persistence method and system based on swarm | |
CN107426274A (en) | The method and system of service application and monitoring analysis scheduling based on sequential | |
CN106850549B (en) | Distributed encryption service gateway and implementation method | |
CN104394122A (en) | HTTP (Hyper Text Transport Protocol) service firewall based on adaptive agent mechanism | |
CN102801585A (en) | Information monitoring system and method based on cloud computing network environment | |
CN113242153B (en) | Application-oriented monitoring analysis method based on network traffic monitoring | |
CN107786551B (en) | Method for accessing intranet server and device for controlling access to intranet server | |
DE102019203773A1 (en) | Dynamic firewall configuration and control for accessing services hosted in virtual networks | |
CN106844111A (en) | The access method of cloud storage NFS | |
CN103580899B (en) | Event log management method, system, cloud service client and virtual platform | |
WO2020249345A1 (en) | Method for providing control applications, and configuration controller | |
CN112052227A (en) | Data change log processing method and device and electronic equipment | |
CN115567251A (en) | Multi-service isolation method and system for micro-service cluster | |
WO2022063458A1 (en) | Method and system for the provision of time-critical services by means of a flow control environment | |
CN109067783A (en) | A kind of centralized management security system | |
CN112141832A (en) | Visual operation platform of elevator thing networking | |
CN113535518B (en) | Distributed real-time dynamic monitoring method and system for user behaviors |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 523808 19th floor, Cloud Computing Center, Chinese Academy of Sciences, No.1 Kehui Road, Songshanhu high tech Industrial Development Zone, Dongguan City, Guangdong Province Applicant after: G-CLOUD TECHNOLOGY Co.,Ltd. Address before: 523808 No. 14 Building, Songke Garden, Songshan Lake Science and Technology Industrial Park, Dongguan City, Guangdong Province Applicant before: G-CLOUD TECHNOLOGY Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210427 |