CN108632378A - A kind of monitoring method of facing cloud platform business - Google Patents

A kind of monitoring method of facing cloud platform business Download PDF

Info

Publication number
CN108632378A
CN108632378A CN201810451281.0A CN201810451281A CN108632378A CN 108632378 A CN108632378 A CN 108632378A CN 201810451281 A CN201810451281 A CN 201810451281A CN 108632378 A CN108632378 A CN 108632378A
Authority
CN
China
Prior art keywords
monitoring
network
cloud platform
namespace
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810451281.0A
Other languages
Chinese (zh)
Other versions
CN108632378B (en
Inventor
罗义兵
季统凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
G Cloud Technology Co Ltd
Original Assignee
G Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by G Cloud Technology Co Ltd filed Critical G Cloud Technology Co Ltd
Priority to CN201810451281.0A priority Critical patent/CN108632378B/en
Publication of CN108632378A publication Critical patent/CN108632378A/en
Application granted granted Critical
Publication of CN108632378B publication Critical patent/CN108632378B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/046Network management architectures or arrangements comprising network management agents or mobile agents therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to cloud platform monitoring technology field, especially a kind of monitoring method of facing cloud platform business.The present invention distributes a monitoring network interface card in cloud platform and is used to the business virtual machine or container for needing to monitor for monitoring;Security strategy, the communication of limit service system and monitoring network gateway are added on monitoring network interface card;The gateway address for monitoring network is allowed to access;Monitoring network gateway address and cloud platform management net are linked into network namespace by newly-increased network namespace, and adding safety regulation on the net only in the management of access allows monitoring controller management service address to access network namespace;Limit the management net of the outside access network namespace;Agent process is enabled in network namespace, the request of cloud platform controller monitoring is forwarded to inside virtual machine or container;Convert the request address of virtual machine monitoring network;Receive monitoring request inside virtual machine or container, and response monitoring is asked, feeds back association requests monitoring data.The present invention can monitor big data in cloud platform, the operation system of database.

Description

A kind of monitoring method of facing cloud platform business
Technical field
The present invention relates to cloud platform monitoring technology field, especially a kind of monitoring method of facing cloud platform business.
Background technology
Various businesses are run on cloud computing platform at present, wherein containing Web server, Database Systems, big data Handle the systems such as cluster.Monitoring to business is the important indicator for the operation maintenance for weighing cloud platform.The monitoring of business is usually wanted Collect the information such as daily record, the connection number inside operation system.Service system monitoring method usually in cloud platform is to pass through industry The communication network of business system or the serial communication of virtual machine obtain, and can influence the normal industry of operation system to a certain extent Business, and the monitoring data obtained is difficult that user is facilitated to check service operation index in the system for be integrated into cloud platform.
Invention content
Present invention solves the technical problem that being to provide a kind of facing cloud platform business monitoring method;It can reduce to business The influence of system and user is facilitated to check service operation situation.
The present invention solve above-mentioned technical problem technical solution be:
The method includes the following steps:
Step 1:Distributed in cloud platform a monitoring network interface card to need the business virtual machine that monitors or container for monitoring It uses;
Step 2:Security strategy, the communication of limit service system and monitoring network gateway are added on monitoring network interface card;Allow The gateway address for monitoring network accesses;
Step 3:Monitoring network gateway address and cloud platform management net are linked into network life by newly-increased network namespace In the name space, adding safety regulation on the net only in the management of access allows monitoring controller management service address to access network naming Space;Limit the management net of the outside access network namespace;
Step 4:Network namespace enable agent process, by cloud platform controller monitoring request be forwarded to virtual machine or Inside container;Convert the request address of virtual machine monitoring network;
Step 5:Receive monitoring request inside virtual machine or container, and response monitoring is asked, feedback association requests monitor number According to.
The distribution monitoring network interface card is allocated management of by cloud platform network controller from the monitoring network of cloud platform, packet Include network address information;
The monitoring network is set by cloud platform system manager backstage, and monitoring network contains gateway, the IP of network Address will not be supplied to the operation system in cloud platform to use;Monitoring network, service communication network, cloud platform management network will be real Existing quarantine measures, ensure using monitoring network interface card system cannot and managing network communication.
Security strategy only allows to monitor the monitoring network in network gateway request access service system;Different business systems Monitored address cannot access mutually;Prevent operation system actively by monitoring network outside access.
(1) monitoring network gateway and cloud platform management net, cloud platform monitoring controller have been accessed in network namespace The agent process service of network namespace can be accessed by managing network;
(2) safe group policy in network namespace only allows the management of cloud platform monitoring controller by rule limitation End address, which accesses, manages network address in the network namespace, do not allow actively to access management net inside network namespace Network;
(3) agent process service operation can ask the business monitoring of monitoring controller logical in network namespace Cross the monitoring service that monitoring network is forwarded to operation system.
Scheme through the invention orders the business monitoring data of cloud platform by monitoring network to management net using network Name space process agent technology is collected into cloud platform business monitoring data to cloud platform and shows, reduces to cloud platform operation system Influence, improve cloud platform service operation ability.
Description of the drawings
The following further describes the present invention with reference to the drawings:
Fig. 1 is flow chart of the present invention.
Specific implementation mode
As shown in Figure 1, specific implementation process of the present invention is as follows:
1, virtual machine or container of the monitoring network to monitoring are distributed
By a monitoring port of OpenstackNeutron components Dhcp distribution monitoring networks
2, security strategy is added in monitoring
By iptbables setting virtual firewall rules, such as open monitoring gateway IP access monitoring port
3, network namespace is increased newly
Network namespace is increased newly by ip netns related commands, and management network and monitoring network are linked into net In network NameSpace
4, start agent process
Httpd service forms may be used in agent process, receive the request to business monitoring of monitoring controller, then exist It is packaged into the process that monitoring request is sent to operation system internal control;
Its httpd process started can use ip nents exec to start.
5, operation system internal control
Mainly receive the request from monitor gateway, analysis request and respond request.
Whole flow process terminates.

Claims (5)

1. a kind of monitoring method of facing cloud platform business, which is characterized in that the method includes the following steps:
Step 1:A monitoring network interface card is distributed in cloud platform to use for monitoring to the business virtual machine or container for needing to monitor;
Step 2:Security strategy, the communication of limit service system and monitoring network gateway are added on monitoring network interface card;Allow to monitor The gateway address of network accesses;
Step 3:Monitoring network gateway address and cloud platform management net are linked into network naming sky by newly-increased network namespace In, adding safety regulation on the net only in the management of access allows monitoring controller management service address to access network naming sky Between;Limit the management net of the outside access network namespace;
Step 4:Agent process is enabled in network namespace, the request of cloud platform controller monitoring is forwarded to virtual machine or container It is internal;Convert the request address of virtual machine monitoring network;
Step 5:Receive monitoring request inside virtual machine or container, and response monitoring is asked, feeds back association requests monitoring data.
2. according to the method described in claim 1, it is characterized in that:
The described distribution monitoring network interface card is allocated management of by cloud platform network controller from the monitoring network of cloud platform, including net Network address information;
The monitoring network is set by cloud platform system manager backstage, and monitoring network contains gateway, the IP address of network The operation system in cloud platform will not be supplied to use;Monitor network, service communication network, cloud platform management network will realize every From measure, ensure using monitoring network interface card system cannot and managing network communication.
3. according to the method described in claim 1, it is characterized in that:Described
Security strategy only allows to monitor the monitoring network in network gateway request access service system;The monitoring of different business systems Address cannot access mutually;Prevent operation system actively by monitoring network outside access.
4. according to the method described in claim 2, it is characterized in that:Described
Security strategy only allows to monitor the monitoring network in network gateway request access service system;The monitoring of different business systems Address cannot access mutually;Prevent operation system actively by monitoring network outside access.
5. method according to any one of claims 1 to 4, it is characterised in that:
(1) monitoring network gateway and cloud platform management net have been accessed in network namespace, cloud platform monitoring controller can be with The agent process service of network namespace is accessed by managing network;
(2) safe group policy in network namespace, the management end of cloud platform monitoring controller is only allowed by rule limitation Location, which accesses, manages network address in the network namespace, do not allow actively to access management network inside network namespace;
(3) agent process service operation can ask the business monitoring of monitoring controller to pass through prison in network namespace Monitoring service of the control forwarded to operation system.
CN201810451281.0A 2018-05-11 2018-05-11 Monitoring method for cloud platform service Expired - Fee Related CN108632378B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810451281.0A CN108632378B (en) 2018-05-11 2018-05-11 Monitoring method for cloud platform service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810451281.0A CN108632378B (en) 2018-05-11 2018-05-11 Monitoring method for cloud platform service

Publications (2)

Publication Number Publication Date
CN108632378A true CN108632378A (en) 2018-10-09
CN108632378B CN108632378B (en) 2021-04-27

Family

ID=63692822

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810451281.0A Expired - Fee Related CN108632378B (en) 2018-05-11 2018-05-11 Monitoring method for cloud platform service

Country Status (1)

Country Link
CN (1) CN108632378B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110233837A (en) * 2019-06-06 2019-09-13 上海思询信息科技有限公司 One kind being based on cloud platform user network safeguard construction
CN110572439A (en) * 2019-08-14 2019-12-13 中国电子科技集团公司第二十八研究所 cloud monitoring method based on metadata service and virtual forwarding network bridge
WO2020125265A1 (en) * 2018-12-21 2020-06-25 中兴通讯股份有限公司 Container service monitoring method, system and computer readable storage medium
CN111756599A (en) * 2020-06-23 2020-10-09 中国联合网络通信集团有限公司 Service monitoring method and device
CN113162944A (en) * 2021-04-29 2021-07-23 杭州安恒信息安全技术有限公司 Network communication method, device and equipment for security operation platform and security component
CN114006828A (en) * 2021-10-22 2022-02-01 济南浪潮数据技术有限公司 Method and system for realizing communication between tenant virtual machine in cloud environment and cloud platform management surface
CN114095357A (en) * 2021-11-18 2022-02-25 中国光大银行股份有限公司 Business system
CN114416278A (en) * 2021-12-14 2022-04-29 北京勤慕数据科技有限公司 Container network communication monitoring method and system

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140003249A1 (en) * 2012-06-30 2014-01-02 Huawei Technologies Co., Ltd. Virtual port monitoring method and apparatus
CN104683165A (en) * 2013-11-27 2015-06-03 北京天地超云科技有限公司 Monitor method for virtual machine network data in Xen virtual environment
CN104915263A (en) * 2015-06-30 2015-09-16 北京奇虎科技有限公司 Process fault processing method and device based on container technology
US20150339145A1 (en) * 2014-05-26 2015-11-26 Electronics And Telecommunications Research Institute Virtual machine service system and virtual machine service providing method thereof
CN105446797A (en) * 2015-11-30 2016-03-30 国云科技股份有限公司 Virtual machine access service method
CN106411589A (en) * 2016-09-29 2017-02-15 北京神州绿盟信息安全科技股份有限公司 Method and apparatus for realizing high availability
CN106612225A (en) * 2016-12-12 2017-05-03 武汉烽火信息集成技术有限公司 Openstack based agent deployment system and method
CN107395621A (en) * 2017-08-18 2017-11-24 国云科技股份有限公司 A kind of virtual machine network interface card traffic classification monitoring method
CN107566152A (en) * 2017-06-13 2018-01-09 中国银联股份有限公司 Method and device for virtual network link detection
CN107623611A (en) * 2017-09-22 2018-01-23 国云科技股份有限公司 A kind of flux monitoring system of cloud platform virtual machine
US20180062880A1 (en) * 2016-08-27 2018-03-01 Jia Yu Centralized Processing of North-South Traffic for Logical Network in Public Cloud

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140003249A1 (en) * 2012-06-30 2014-01-02 Huawei Technologies Co., Ltd. Virtual port monitoring method and apparatus
CN104683165A (en) * 2013-11-27 2015-06-03 北京天地超云科技有限公司 Monitor method for virtual machine network data in Xen virtual environment
US20150339145A1 (en) * 2014-05-26 2015-11-26 Electronics And Telecommunications Research Institute Virtual machine service system and virtual machine service providing method thereof
CN104915263A (en) * 2015-06-30 2015-09-16 北京奇虎科技有限公司 Process fault processing method and device based on container technology
CN105446797A (en) * 2015-11-30 2016-03-30 国云科技股份有限公司 Virtual machine access service method
US20180062880A1 (en) * 2016-08-27 2018-03-01 Jia Yu Centralized Processing of North-South Traffic for Logical Network in Public Cloud
CN106411589A (en) * 2016-09-29 2017-02-15 北京神州绿盟信息安全科技股份有限公司 Method and apparatus for realizing high availability
CN106612225A (en) * 2016-12-12 2017-05-03 武汉烽火信息集成技术有限公司 Openstack based agent deployment system and method
CN107566152A (en) * 2017-06-13 2018-01-09 中国银联股份有限公司 Method and device for virtual network link detection
CN107395621A (en) * 2017-08-18 2017-11-24 国云科技股份有限公司 A kind of virtual machine network interface card traffic classification monitoring method
CN107623611A (en) * 2017-09-22 2018-01-23 国云科技股份有限公司 A kind of flux monitoring system of cloud platform virtual machine

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020125265A1 (en) * 2018-12-21 2020-06-25 中兴通讯股份有限公司 Container service monitoring method, system and computer readable storage medium
CN111355622A (en) * 2018-12-21 2020-06-30 中兴通讯股份有限公司 Container traffic monitoring method, system and computer readable storage medium
CN110233837A (en) * 2019-06-06 2019-09-13 上海思询信息科技有限公司 One kind being based on cloud platform user network safeguard construction
CN110572439A (en) * 2019-08-14 2019-12-13 中国电子科技集团公司第二十八研究所 cloud monitoring method based on metadata service and virtual forwarding network bridge
CN111756599A (en) * 2020-06-23 2020-10-09 中国联合网络通信集团有限公司 Service monitoring method and device
CN113162944B (en) * 2021-04-29 2022-08-02 杭州安恒信息安全技术有限公司 Network communication method, device and equipment for security operation platform and security component
CN113162944A (en) * 2021-04-29 2021-07-23 杭州安恒信息安全技术有限公司 Network communication method, device and equipment for security operation platform and security component
CN114006828A (en) * 2021-10-22 2022-02-01 济南浪潮数据技术有限公司 Method and system for realizing communication between tenant virtual machine in cloud environment and cloud platform management surface
CN114006828B (en) * 2021-10-22 2024-02-02 济南浪潮数据技术有限公司 Method and system for realizing communication between cloud environment tenant virtual machine and cloud platform management plane
CN114095357A (en) * 2021-11-18 2022-02-25 中国光大银行股份有限公司 Business system
CN114095357B (en) * 2021-11-18 2024-05-14 中国光大银行股份有限公司 Service system
CN114416278A (en) * 2021-12-14 2022-04-29 北京勤慕数据科技有限公司 Container network communication monitoring method and system
CN114416278B (en) * 2021-12-14 2023-01-17 北京勤慕数据科技有限公司 Container network communication monitoring method and system

Also Published As

Publication number Publication date
CN108632378B (en) 2021-04-27

Similar Documents

Publication Publication Date Title
CN108632378A (en) A kind of monitoring method of facing cloud platform business
CN107689953B (en) Multi-tenant cloud computing-oriented container security monitoring method and system
CN109871224A (en) A kind of gray scale dissemination method, system, medium and equipment based on user identifier
CN109376532A (en) Power network security monitoring method and system based on the analysis of ELK log collection
US20020059427A1 (en) Apparatus and method for dynamically allocating computer resources based on service contract with user
US20040193906A1 (en) Network service security
EP2370928B1 (en) Access control
CN1271838C (en) Method for providing access control to single sign-on computer networks
CN109918359A (en) Database service persistence method and system based on swarm
CN107426274A (en) The method and system of service application and monitoring analysis scheduling based on sequential
CN106850549B (en) Distributed encryption service gateway and implementation method
CN104394122A (en) HTTP (Hyper Text Transport Protocol) service firewall based on adaptive agent mechanism
CN102801585A (en) Information monitoring system and method based on cloud computing network environment
CN113242153B (en) Application-oriented monitoring analysis method based on network traffic monitoring
CN107786551B (en) Method for accessing intranet server and device for controlling access to intranet server
DE102019203773A1 (en) Dynamic firewall configuration and control for accessing services hosted in virtual networks
CN106844111A (en) The access method of cloud storage NFS
CN103580899B (en) Event log management method, system, cloud service client and virtual platform
WO2020249345A1 (en) Method for providing control applications, and configuration controller
CN112052227A (en) Data change log processing method and device and electronic equipment
CN115567251A (en) Multi-service isolation method and system for micro-service cluster
WO2022063458A1 (en) Method and system for the provision of time-critical services by means of a flow control environment
CN109067783A (en) A kind of centralized management security system
CN112141832A (en) Visual operation platform of elevator thing networking
CN113535518B (en) Distributed real-time dynamic monitoring method and system for user behaviors

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 523808 19th floor, Cloud Computing Center, Chinese Academy of Sciences, No.1 Kehui Road, Songshanhu high tech Industrial Development Zone, Dongguan City, Guangdong Province

Applicant after: G-CLOUD TECHNOLOGY Co.,Ltd.

Address before: 523808 No. 14 Building, Songke Garden, Songshan Lake Science and Technology Industrial Park, Dongguan City, Guangdong Province

Applicant before: G-CLOUD TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210427