CN109617753B - Network platform management method, system, electronic equipment and storage medium - Google Patents

Network platform management method, system, electronic equipment and storage medium Download PDF

Info

Publication number
CN109617753B
CN109617753B CN201910142006.5A CN201910142006A CN109617753B CN 109617753 B CN109617753 B CN 109617753B CN 201910142006 A CN201910142006 A CN 201910142006A CN 109617753 B CN109617753 B CN 109617753B
Authority
CN
China
Prior art keywords
management
network element
target
platform
target network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910142006.5A
Other languages
Chinese (zh)
Other versions
CN109617753A (en
Inventor
张明
吕品树
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201910142006.5A priority Critical patent/CN109617753B/en
Publication of CN109617753A publication Critical patent/CN109617753A/en
Application granted granted Critical
Publication of CN109617753B publication Critical patent/CN109617753B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0253Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using browsers or web-pages for accessing management information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/046Network management architectures or arrangements comprising network management agents or mobile agents therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The application discloses a network platform management method, a system, a management platform and a computer readable storage medium, wherein the method comprises the following steps: when a management request sent by a client is received, determining a target network element which needs to be managed by the management request; and determining the target category to which the target network element belongs, and managing the target network element by adopting a management mode corresponding to the target category. The network platform management method is applied to a management platform, the management platform divides the management modes of all network elements in the network platform into different categories, and different management modes are adopted for different categories of network elements to manage. Operation and maintenance personnel only need to log in the management platform through the management address, a management mode of manually distinguishing all network elements is not needed, the management platform is used for carrying out unified management, and the management process of the network elements is simplified.

Description

Network platform management method, system, electronic equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and a system for managing a network platform, an electronic device, and a computer-readable storage medium.
Background
In network security networking of a service system, protection devices for the service system are often deployed on a data core switch, and different functions are realized by deploying a plurality of network devices. For example, deploying vulnerability scanning equipment to realize the function of scanning a service system terminal, and deploying log auditing equipment to realize a log conducting function.
In the prior art, network elements (i.e., the network devices) in a network platform are managed in a manner similar to a forward proxy manner, specifically, an operation and maintenance host is deployed on a data core switch, a route between the operation and maintenance host and the network elements to be managed can be reached, and then different network elements are managed on the operation and maintenance host in a manner of telnet (full name of chinese: remote terminal protocol for remotely controlling Web server) or Web UI (full name of chinese: network product Interface design, full name of english: Web User Interface) or the like. When the management mode is adopted, operation and maintenance personnel need to remember the management modes of all network elements, and the operation is complex.
Therefore, how to simplify the management process of the network element is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
An object of the present application is to provide a network platform management method, system, an electronic device, and a computer-readable storage medium, which simplify an operation process of managing network elements.
In order to achieve the above object, the present application provides a network platform management method, applied to a management platform, where the network platform includes network elements belonging to multiple categories, the method including:
when a management request sent by a client is received, determining a target network element which needs to be managed by the management request;
and determining the target category to which the target network element belongs, and managing the target network element by adopting a management mode corresponding to the target category.
Wherein the target class includes a first class and a second class, the network platform includes a first class network element and a second class network element, the first class network element is a security application component, and the second class network element is a network element in the network platform except the security application component, and if the target class to which the target network element belongs is managed by using a management mode corresponding to the target class, the method includes:
determining a target class to which the target network element belongs;
if the target type is a first type, determining that the target network element is a first type network element, and managing the target network element by using a reverse proxy mode according to the management request;
and if the target type is the second type, determining that the target network element is the second type network element, determining a resource locator corresponding to the management request, and managing the target network element according to the resource locator.
Wherein the managing the target network element by using a reverse proxy manner according to the management request includes:
returning the data address of the management platform to the client so that the client converts the source address in the management request into the data address to obtain an intermediate management request;
receiving the intermediate management request sent by the client, and converting a destination address in the intermediate management request into an IP address of the target network element;
and sending the intermediate management request after the address conversion to the target network element so as to manage the target network element.
Before sending the intermediate management request after address translation to the target network element, the method further includes:
judging whether the cookie in the intermediate management request is legal or not;
and if so, executing the step of sending the intermediate management request after the address conversion to the target network element.
Wherein the sending the intermediate management request after the address translation to the target network element so as to manage the target network element includes:
and sending the intermediate management request after address conversion to the target network element so that the target network element responds to the intermediate management request after judging that the source address in the intermediate management request is the login-free address.
Wherein, before managing the target network element according to the resource locator, the method further comprises:
requesting an authentication number from the network platform, and acquiring a serial number of the network platform according to the authentication number;
correspondingly, the managing the target network element according to the resource locator includes:
and managing the target network element according to the sequence number and the resource locator.
Wherein, the obtaining the serial number of the network platform according to the authentication number comprises:
acquiring a serial number of the network platform according to the authentication number and the identity information of the network platform; wherein the identity information of the network platform is stored in the management platform.
In order to achieve the above object, the present application provides a network platform management system applied to a management platform, where the network platform includes network elements belonging to multiple categories, and the system includes:
the system comprises a determining module, a judging module and a judging module, wherein the determining module is used for determining a target network element which needs to be managed by a management request when the management request sent by a client is received;
and the management module is used for determining the target category to which the target network element belongs and managing the target network element by adopting a management mode corresponding to the target category.
To achieve the above object, the present application provides an electronic device including:
a memory for storing a computer program;
and a processor for implementing the steps of the network platform management method when executing the computer program.
To achieve the above object, the present application provides a computer-readable storage medium, which stores thereon a computer program applied to a management platform, and when the computer program is executed by a processor, the computer program implements the steps of the network platform management method as described above.
According to the above scheme, the network platform management method provided by the present application is applied to a management platform, where the network platform includes network elements belonging to multiple categories, and the method includes: when a management request sent by a client is received, determining a target network element which needs to be managed by the management request; and determining the target category to which the target network element belongs, and managing the target network element by adopting a management mode corresponding to the target category.
The network platform management method is applied to a management platform, the management platform divides the management modes of all network elements in the network platform into different categories, and different management modes are adopted for different categories of network elements to manage. Operation and maintenance personnel only need to log in the management platform through the management address, a management mode of manually distinguishing all network elements is not needed, the management platform is used for carrying out unified management, and the management process of the network elements is simplified. The application also discloses a network platform management system, an electronic device and a computer readable storage medium, which can also realize the technical effects.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is a flow diagram illustrating a network platform management method in accordance with an exemplary embodiment;
FIG. 2 is a schematic diagram of a single-arm deployment of a secure resource pool;
FIG. 3 is a schematic diagram of a secure resource pool gateway deployment;
FIG. 4 is a flow diagram illustrating another method of network platform management in accordance with an illustrative embodiment;
FIG. 5 is a diagram of a network topology between a management platform and network elements;
FIG. 6 is a schematic diagram of a reverse proxy formed among a client, a management platform, and a security component;
FIG. 7 is a detailed flowchart of step S203 in FIG. 4;
FIG. 8 is a diagram of a management platform management firewall application;
FIG. 9 is a detailed flowchart of step S204 in FIG. 4;
FIG. 10 is a block diagram illustrating a network platform management system in accordance with an exemplary embodiment;
FIG. 11 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the prior art, an operation and maintenance host and a network element to be managed are connected through a data core switch, and an operation and maintenance person needs to remember the management modes of all network elements, so that the operation is complex. Therefore, in the present application, a management platform is used to uniformly manage all network elements. Operation and maintenance personnel only need to log in the management platform through the management address, a management mode of distinguishing all network elements is not needed, the management platform is used for carrying out unified management, and the management process of the network elements is simplified.
The embodiment of the application discloses a network platform management method, which simplifies the operation process of managing network elements.
Referring to fig. 1, a flowchart of a network platform management method according to an exemplary embodiment is shown, as shown in fig. 1, including:
s101: when a management request sent by a client is received, determining a target network element which needs to be managed by the management request;
the network platform comprises a plurality of network elements, such as a security application component, a virtual router, a distributed switch and the like, in a security resource pool realized based on a virtualization technology, wherein all the network elements are divided into a plurality of categories according to different management modes, namely, each category corresponds to one management mode. The execution subject of this embodiment is a management platform, and all the network elements are uniformly incorporated into the management platform and uniformly managed by the management platform.
In a specific implementation, the service security resource pool is generally deployed into a network environment in two ways of single-arm side-hanging and gateway routing. In an enterprise campus network, the network often plans the campus network according to the mechanisms of an access layer, a convergence layer, and a core switching layer. As shown in fig. 2, when the service security resource pool is hung on the core switch, the flow of interest of the service system is guided to the security resource pool by the policy routing on the core switch, and the flow cleaned by the security application in the security resource pool returns to the core switch. The traffic of interest here is the term VPN (Virtual Private Network, in chinese) and means the traffic that needs protection. As shown in fig. 3, when the security resource pool is deployed in the network environment in a gateway routing manner, the security resource pool is connected in series in the access switch and the egress link of the campus network as a gateway, the gateway of the service system network is a traffic distribution router of the security resource pool, and the security application connected to the traffic distribution router completes cleaning and security protection of traffic of the service system.
And analyzing the safety of the service system by taking the service system as a core point according to branches such as a center-end application, a service system mutual visit scene, a service system internet surfing scene, an operation and maintenance scene and the like. For the application scenario of the central end, the central end application comprises applications such as virus killing management, database audit, vulnerability scanning, log audit and the like. When the source address is the service system and the destination is the interface address of the central end component, the flow traffic of interest of the service system is guided to the traffic distribution router of the secure resource pool on the core switch through the policy routing, and the service system and the central end component are reachable through vAF transparent deployment routing because the destination IP is the interface address of the central end component.
For the service system networking scenario, when the service system has a networking requirement, the source address is a service system address, and the destination is an internet address, the traffic of a stream of interest of the service system is directed to a traffic distribution router of the secure resource pool through a policy routing on the core switch, the traffic is directed to vAF (which is a virtual firewall in the secure resource pool) of the server domain on the traffic distribution router based on the policy routing of an SDN (chinese full name: Software Defined Network, english full name: Software Defined Network), and the policy routing entry is shown in table 1:
TABLE 1
Priority level Source interface Source address Destination address Next hop
1 ETH_A Service system address ALL Server domain vAF interface address
After being cleaned by vAF, the flow returns to the flow distribution router through a default route, and then returns to the data core switch through the action of the default route, and WAF (Chinese full name: Web Application protection System, English full name: Web Application Firewall), IPS (Chinese full name: Intrusion Prevention System, English full name: Intrusion Prevention System)), UTM (Chinese full name: unified threat management, english full name: united thread Management).
For the inter-access scenario among the service systems, when the service systems are not in the same subnet for inter-access (i.e. east-west flow), the flow reaches the core switch and is guided to the flow distribution router of the secure resource pool through the policy routing, and then the east-west flow is guided to the firewall of the server domain through the policy routing in table 1, thereby completing the detection and protection of the WAF, IPS and UTM of the service systems.
For the operation, maintenance and release scenario, when a service system or a vBLJ (virtualized version of bastion machine for auditing and authority control of operation and maintenance operations of operation and maintenance personnel) is released through a vSSL (virtualized version of mobile access application), two IP addresses are configured on the vSSL and the vBLJ: and accessing the external publishing address to access the vSSL and the vBLJ, and completing data communication with the business system through the application interface address. On the core switch, there are two ways to direct the traffic of the operation and maintenance or release service system to the secure resource pool: based on the policy routing of the destination address for externally issuing the IP interested flow and the static routing of the destination address for externally issuing the address. On the traffic distribution router of the secure resource pool, the traffic is simply guided to the mobile access application or the operation and maintenance management application through the static route, and the route entry is shown in table 2:
TABLE 2
Destination address Subnet mask Next hop
vSSL externally issued address 255.255.255.255 vSSL interface address
vBLJ externally issuing operation and maintenance management address 255.255.255.255 vBLJ interface address
In this step, when a management request sent by a client is received, a target network element that needs to be managed by the management request is determined first, so that the subsequent step manages according to a management mode corresponding to a category to which the target network element belongs.
S102: and determining the target category to which the target network element belongs, and managing the target network element by adopting a management mode corresponding to the target category.
Since the network elements belonging to different classes correspond to different management manners, the target class to which the network element belongs needs to be determined in this step, and the target network element is managed by using the corresponding management manner. It should be noted that, in this embodiment, a specific division manner of the network element and a corresponding specific management manner are not limited, for example, the security application component may be managed by using a reverse proxy manner, and details will be described in the following embodiment.
In addition, in the traditional exit boundary networking, if the network bandwidth needs to be improved and then the access speed is improved, hardware equipment needs to be replaced, the efficiency is low, and the cost is high. In this embodiment, a higher network bandwidth may be authorized by software using the management platform, and hardware devices (which are used to implement application load, firewall, internet behavior management, and the like) do not need to be replaced, so that the efficiency is high and the cost is low. Meanwhile, all network elements can be accessed in the page of the management platform, the running state of each network element can be monitored in real time, and the real-time performance is high.
The network platform management method provided by the embodiment of the application is applied to a management platform, the management platform divides the management modes of all network elements in the network platform into different categories, and different management modes are adopted for the network elements of different categories to manage. Operation and maintenance personnel only need to log in the management platform through the management address, a management mode of manually distinguishing all network elements is not needed, the management platform is used for carrying out unified management, and the management process of the network elements is simplified.
The embodiment of the application discloses a network platform management method, and compared with the previous embodiment, the embodiment further explains and optimizes the technical scheme. Specifically, the method comprises the following steps:
referring to fig. 4, a flowchart of another network platform management method according to an exemplary embodiment is shown, as shown in fig. 4, including:
s201: when a management request sent by a client is received, determining a target network element which needs to be managed by the management request;
s202: determining a target class to which the target network element belongs; if the target type is a first type, the step is S203, and if the target type is a second type, the step is S204;
in this embodiment, the target class includes a first class and a second class, that is, the network platform includes a first class network element and a second class network element, the first class network element is a security application component, such as a firewall, a vulnerability scanning function component, an internet behavior management function component, and the like, the second class network element is a network element in the network platform except the security application component, fig. 5 is a network topology diagram between the management platform and each network security element, if the target network element belongs to the first class, S203 is entered, and if the target network element belongs to the second class, S204 is entered.
S203: determining that the target network element is a first type network element, and managing the target network element by using a reverse proxy mode according to the management request;
in this step, for the first type of network elements (i.e., security application components), the management platform accesses the Web UI of each security component through a reverse proxy to achieve unified management. A schematic diagram of the reverse proxy formed among the client, the management platform, and the security component is shown in fig. 6. The reverse proxy actual operation mode is that a management platform receives a login request of a client, then the request address in the request is converted into a real address, the login request is forwarded to a server on an internal network, the client can send a management instruction to the management platform after successfully logging in a security application component, a result obtained by the management platform from the security application component is returned to the client, and the management platform is represented as a server to the outside. As can be seen from fig. 6, on the premise that the network between the management platform and the security component is reachable, the client can perform centralized management on all the security application components by accessing the management platform. The operation and maintenance personnel only need to remember the identity information of the management platform, and the identity information of each safety application component can be stored in the memory of the management platform, so that the operation process of managing the safety application components is simplified.
S204: and determining the target network element as a second type network element, determining a resource locator corresponding to the management request, and managing the target network element according to the resource locator.
In this step, for the second type of network elements of the software defined network, such as physical outlets, virtual routers, distributed switches, etc., the management platform implements unified management by calling the resource locator (Restapi) of the network infrastructure element. Restapi is an abbreviation for Representational State Transfer Application Programming Interface, which is a software architecture style that provides a set of design principles and constraints. The most important REST principle of Web applications is that the interaction between the client and the server is stateless between requests. Each request from a client to a server must contain the information necessary to understand the request. When the client requests to manage the second type network elements, firstly, the resource locator corresponding to the management request is determined, and the target network elements are managed according to the resource locator.
As described in detail below, the step of the management platform managing the first type network element, that is, as shown in fig. 7, the step S203 in the previous embodiment may include:
s31: returning the data address of the management platform to the client so that the client converts the source address in the management request into the data address to obtain an intermediate management request;
the management platform has two addresses, namely a management address and a data address, and the client accesses the management platform through the management address; the data address and the IP address of the safety application component are in the same network segment and are used for communicating with the safety application component. When a client requests to manage the security application component, a data address of the management platform is returned to the client, the client converts a source address in the management request into the data address to obtain an intermediate management request, and the intermediate management request is sent to the management platform.
S32: receiving the intermediate management request sent by the client, and converting a destination address in the intermediate management request into an IP address of the target network element;
s33: and sending the intermediate management request after the address conversion to the target network element so as to manage the target network element.
The management platform receives the intermediate management request, converts a destination address in the intermediate management request into an IP address of the target network element, and sends the IP address to the target network element, the target network element responds to the intermediate management request, and the result is returned to the client through the management platform.
Preferably, to improve the security of the management platform, before step S33, the method further includes: judging whether the cookie in the intermediate management request is legal or not; if yes, go to step S33. More preferably, the target network element receives the intermediate management request, and may further determine whether a source address therein is a login-free address, and if so, respond to the intermediate management request. Specifically, whether the source address is a login-free address can be judged through the configuration file, and the login-free address of the configuration file can be written by connecting an execution command through SSH (Chinese full name: Secure Shell protocol, English full name: Secure Shell, used for encrypted login between computers) when the firewall is deployed.
Taking the management platform management firewall application as an example, the request path is shown in fig. 8, and may specifically include the following steps:
step 1: the client accesses a WEB interface of the management platform through the management address, and clicks firewall application at the management platform side to obtain a data address of the management platform;
step 2: the client browser opens a new page and requests the source address to become the data address of the management platform;
and step 3: a request is sent to sso _ httpd (single sign-on service) in an Apache process of a management platform, and a mod _ proxy module in the sso _ httpd converts a request destination address into an IP address of a firewall application;
and 4, step 4: the request passes through mod _ write (rewriting process module) of the management platform, whether the cookie of the request is legal or not is judged, and the legal request is sent to the actual firewall application Web UI address;
and 5: the firewall application Web UI receives the request, reads a configuration file [ super _ ips.ini ] through a CGI (Common Gateway Interface in Chinese, English) in the firewall application, judges whether a source address in the request is a login-free address, responds to the request if the source address in the request is the login-free address, and the [ super _ ips.ini ] is a file written in the firewall deployment process.
As described in detail below for the step of managing the second type network element by the management platform, that is, as shown in fig. 9, step S204 in the second embodiment may include:
s41: requesting an authentication number from the network platform, and acquiring a serial number of the network platform according to the authentication number;
s42: and managing the target network element according to the sequence number and the resource locator.
In this embodiment, the management platform first requests the network platform for the authentication number, and when the authentication number is successfully obtained, the management platform takes the authentication number in the next request to obtain the serial number of the network platform, and when the client requests to manage the second type of network elements, the client manages the target network elements according to the serial number and the resource locator corresponding to the management request.
It should be noted that the serial number of the network platform resource accessed by the management platform has time validity, and when the time validity period is exceeded, the management platform cannot access the network platform resource through the uniform resource locator, so that the serial number needs to be cached on the management platform, and when the serial number fails, a request for the serial number is re-initiated, and the serial number is cached in the configuration file.
Preferably, in order to improve the security of the network platform, identity information for login can be set for the network platform, the identity information is stored in the management platform, operation and maintenance personnel do not need to memorize the identity information, and when the serial number is requested, the identity information is added on the basis of the authentication number. More preferably, the identity information of the network platform may be consistent with the identity information of the management platform.
In the following, a network platform management system provided in an embodiment of the present application is introduced, and a network platform management system described below and a network platform management method described above may be referred to each other.
Referring to fig. 10, a block diagram of a network platform management system according to an exemplary embodiment is shown, as shown in fig. 10, including:
a determining module 100, configured to determine, when a management request sent by a client is received, a target network element that needs to be managed by the management request;
the management module 200 is configured to determine a target category to which the target network element belongs, and manage the target network element in a management manner corresponding to the target category.
The network platform management system provided by the embodiment of the application is applied to a management platform, the management platform divides the management modes of all network elements in the network platform into different categories, and different management modes are adopted for the network elements of different categories to manage. Operation and maintenance personnel only need to log in the management platform through the management address, a management mode of manually distinguishing all network elements is not needed, the management platform is used for carrying out unified management, and the management process of the network elements is simplified.
On the basis of the foregoing embodiment, as a preferred implementation, the target class includes a first class and a second class, the network platform includes a first class network element and a second class network element, the first class network element is a security application component, and the management module 200 includes:
a determining unit, configured to determine a target category to which the target network element belongs; if the target type is a first type, starting a working process of a first management unit, and if the target type is a second type, starting a working process of a second management unit;
the first management unit is used for determining that the target network element is a first type network element and managing the target network element in a reverse proxy mode according to the management request;
and the second management unit is used for determining that the target network element is a second type network element, determining a resource locator corresponding to the management request, and managing the target network element according to the resource locator.
On the basis of the above embodiment, as a preferred implementation, the first management unit includes:
a return subunit, configured to determine that the target network element is a first-class network element, and return the data address of the management platform to the client, so that the client converts the source address in the management request into the data address to obtain an intermediate management request;
a conversion subunit, configured to receive the intermediate management request sent by the client, and convert a destination address in the intermediate management request into an IP address of the target network element;
and the sending subunit is configured to send the intermediate management request after address translation to the target network element, so as to manage the target network element.
On the basis of the above embodiment, as a preferred implementation, the method further includes:
a judging subunit, configured to judge whether the cookie in the intermediate management request is valid; and if so, starting the working process of the sending subunit.
On the basis of the foregoing embodiment, as a preferred implementation manner, the sending subunit is specifically a subunit that sends the intermediate management request after address translation to the target network element, so that the target network element responds to the intermediate management request after determining that a source address in the intermediate management request is a login-free address.
On the basis of the above embodiment, as a preferred implementation, the method further includes:
the acquisition unit is used for requesting an authentication number to the network platform and acquiring a serial number of the network platform according to the authentication number;
correspondingly, the second management unit is specifically a unit that determines that the target network element is a second type network element, and manages the target network element according to the sequence number and the resource locator.
On the basis of the foregoing embodiment, as a preferred implementation manner, the obtaining unit is specifically a unit that requests an authentication number from the network platform, and obtains a serial number of the network platform according to the authentication number and the identity information of the network platform; wherein the identity information of the network platform is stored in the management platform.
With regard to the system in the above embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The present application further provides an electronic device, and referring to fig. 11, a structure diagram of an electronic device provided in an embodiment of the present application may include a processor 1 and a memory 2, as shown in fig. 11. The electronic device may also include one or more of a multimedia component 3, an input/output (I/O) interface 4, and a communication component 5.
The processor 1 is configured to control the overall operation of the electronic device, so as to complete all or part of the steps in the network platform management method. The memory 2 is used to store various types of data to support operation at the electronic device, which may include, for example, instructions for any application or method operating on the electronic device, as well as application-related data, such as contact data, messaging, pictures, audio, video, and so forth. The Memory 2 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia component 3 may comprise a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 2 or transmitted via the communication component 5. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 4 provides an interface between the processor 1 and other interface modules, such as a keyboard, a mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 5 is used for wired or wireless communication between the electronic device and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G or 4G, or a combination of one or more of them, so that the corresponding Communication component 5 may comprise: Wi-Fi module, bluetooth module, NFC module.
In an exemplary embodiment, the electronic Device may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the network platform management method described above.
In another exemplary embodiment, there is also provided a computer readable storage medium including program instructions which, when executed by a processor, implement the steps of the network platform management method described above. For example, the computer readable storage medium may be the memory 2 comprising program instructions executable by the processor 1 of the electronic device to perform the network platform management method described above.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (9)

1. A network platform management method applied to a management platform, wherein the network platform comprises network elements belonging to a plurality of categories, the method comprising:
when a management request sent by a client is received, determining a target network element which needs to be managed by the management request;
determining a target category to which the target network element belongs, and managing the target network element by adopting a management mode corresponding to the target category;
wherein the target class includes a first class and a second class, the network platform includes a first class network element and a second class network element, the first class network element is a security application component, and the second class network element is a network element in the network platform except the security application component, the target class to which the target network element belongs is determined, and the target network element is managed in a management manner corresponding to the target class, including:
determining a target class to which the target network element belongs;
if the target type is a first type, determining that the target network element is a first type network element, and managing the target network element by using a reverse proxy mode according to the management request;
and if the target type is the second type, determining that the target network element is the second type network element, determining a resource locator corresponding to the management request, and managing the target network element according to the resource locator.
2. The network platform management method according to claim 1, wherein the managing the target network element by using a reverse proxy according to the management request comprises:
returning the data address of the management platform to the client so that the client converts the source address in the management request into the data address to obtain an intermediate management request;
receiving the intermediate management request sent by the client, and converting a destination address in the intermediate management request into an IP address of the target network element;
and sending the intermediate management request after the address conversion to the target network element so as to manage the target network element.
3. The network platform management method according to claim 2, wherein before sending the address-translated intermediate management request to the target network element, the method further comprises:
judging whether the cookie in the intermediate management request is legal or not;
and if so, executing the step of sending the intermediate management request after the address conversion to the target network element.
4. The method according to claim 2, wherein the sending the address-translated intermediate management request to the target network element for managing the target network element comprises:
and sending the intermediate management request after address conversion to the target network element so that the target network element responds to the intermediate management request after judging that the source address in the intermediate management request is the login-free address.
5. The method for network platform management according to claim 1, wherein before managing the target network element according to the resource locator, the method further comprises:
requesting an authentication number from the network platform, and acquiring a serial number of the network platform according to the authentication number;
correspondingly, the managing the target network element according to the resource locator includes:
and managing the target network element according to the sequence number and the resource locator.
6. The method for managing a network platform according to claim 5, wherein the obtaining the serial number of the network platform according to the authentication number comprises:
acquiring a serial number of the network platform according to the authentication number and the identity information of the network platform; wherein the identity information of the network platform is stored in the management platform.
7. A network platform management system applied to a management platform, the network platform including network elements belonging to a plurality of categories, the system comprising:
the system comprises a determining module, a judging module and a judging module, wherein the determining module is used for determining a target network element which needs to be managed by a management request when the management request sent by a client is received;
the management module is used for determining the target category to which the target network element belongs and managing the target network element by adopting a management mode corresponding to the target category;
wherein, the object category includes a first category and a second category, the network platform includes a first network element and a second network element, the first network element is a security application component, the management module includes:
a determining unit, configured to determine a target category to which the target network element belongs; if the target type is a first type, starting a working process of a first management unit, and if the target type is a second type, starting a working process of a second management unit;
the first management unit is used for determining that the target network element is a first type network element and managing the target network element in a reverse proxy mode according to the management request;
and the second management unit is used for determining that the target network element is a second type network element, determining a resource locator corresponding to the management request, and managing the target network element according to the resource locator.
8. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the network platform management method according to any one of claims 1 to 6 when executing said computer program.
9. A computer-readable storage medium, having stored thereon a computer program for a management platform, which, when being executed by a processor, carries out the steps of the network platform management method according to any one of claims 1 to 6.
CN201910142006.5A 2019-02-26 2019-02-26 Network platform management method, system, electronic equipment and storage medium Active CN109617753B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910142006.5A CN109617753B (en) 2019-02-26 2019-02-26 Network platform management method, system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910142006.5A CN109617753B (en) 2019-02-26 2019-02-26 Network platform management method, system, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109617753A CN109617753A (en) 2019-04-12
CN109617753B true CN109617753B (en) 2022-03-22

Family

ID=66021324

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910142006.5A Active CN109617753B (en) 2019-02-26 2019-02-26 Network platform management method, system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109617753B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131448B (en) * 2019-12-23 2023-01-24 万翼科技有限公司 Edge management method, edge proxy equipment and computer readable storage medium for ADSL Nat operation and maintenance management
CN111385304B (en) * 2020-03-16 2022-09-30 深信服科技股份有限公司 System deployment method, device, computer storage medium and fusion system
CN111865672B (en) * 2020-07-07 2023-08-08 宏图智能物流股份有限公司 Unified management method and system for multi-warehouse network platform
CN114465896A (en) * 2022-03-30 2022-05-10 深信服科技股份有限公司 Configuration information processing method, device, equipment and readable storage medium

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1679102A (en) * 2002-08-28 2005-10-05 松下电器产业株式会社 Key delivery apparatus, terminal apparatus, recording medium and key delivery system
CN101834883A (en) * 2009-03-10 2010-09-15 中华电信股份有限公司 Network service management system and method applied to different terminal equipment
WO2011018023A1 (en) * 2009-08-10 2011-02-17 华为技术有限公司 Method and apparatus for terminal management and system for terminal remote management
CN103346972A (en) * 2013-06-26 2013-10-09 北京傲天动联技术股份有限公司 Flow control device and method based on user terminal
CN104488240A (en) * 2013-06-17 2015-04-01 华为技术有限公司 Session management method, address management method and relevant device
CN105516395A (en) * 2016-01-14 2016-04-20 深圳市深信服电子科技有限公司 Network address assignment method and device
CN105847223A (en) * 2015-01-15 2016-08-10 杭州华三通信技术有限公司 Authentication method and device of terminal device
CN106713045A (en) * 2016-12-30 2017-05-24 上海浦东软件园汇智软件发展有限公司 Terminal device driving component configuration method and device
CN107046479A (en) * 2017-04-14 2017-08-15 浙江数链科技有限公司 A kind of method and device of the proofing state of the network equipment
CN107438142A (en) * 2016-05-27 2017-12-05 株式会社理光 Management system, management method, relay and recording medium
CN108512880A (en) * 2017-02-28 2018-09-07 上海诺基亚贝尔股份有限公司 Communication means and communication equipment
CN109286620A (en) * 2018-09-25 2019-01-29 平安科技(深圳)有限公司 Method for managing user right, system, equipment and computer readable storage medium

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1679102A (en) * 2002-08-28 2005-10-05 松下电器产业株式会社 Key delivery apparatus, terminal apparatus, recording medium and key delivery system
CN101834883A (en) * 2009-03-10 2010-09-15 中华电信股份有限公司 Network service management system and method applied to different terminal equipment
WO2011018023A1 (en) * 2009-08-10 2011-02-17 华为技术有限公司 Method and apparatus for terminal management and system for terminal remote management
CN104488240A (en) * 2013-06-17 2015-04-01 华为技术有限公司 Session management method, address management method and relevant device
CN103346972A (en) * 2013-06-26 2013-10-09 北京傲天动联技术股份有限公司 Flow control device and method based on user terminal
CN105847223A (en) * 2015-01-15 2016-08-10 杭州华三通信技术有限公司 Authentication method and device of terminal device
CN105516395A (en) * 2016-01-14 2016-04-20 深圳市深信服电子科技有限公司 Network address assignment method and device
CN107438142A (en) * 2016-05-27 2017-12-05 株式会社理光 Management system, management method, relay and recording medium
CN106713045A (en) * 2016-12-30 2017-05-24 上海浦东软件园汇智软件发展有限公司 Terminal device driving component configuration method and device
CN108512880A (en) * 2017-02-28 2018-09-07 上海诺基亚贝尔股份有限公司 Communication means and communication equipment
CN107046479A (en) * 2017-04-14 2017-08-15 浙江数链科技有限公司 A kind of method and device of the proofing state of the network equipment
CN109286620A (en) * 2018-09-25 2019-01-29 平安科技(深圳)有限公司 Method for managing user right, system, equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN109617753A (en) 2019-04-12

Similar Documents

Publication Publication Date Title
CN109617753B (en) Network platform management method, system, electronic equipment and storage medium
US11088903B2 (en) Hybrid cloud network configuration management
US11632356B2 (en) Proxy auto-configuration for directing client traffic to a cloud proxy with cloud-based unique identifier assignment
US10862852B1 (en) Resolution of domain name requests in heterogeneous network environments
US7783800B2 (en) Systems and methods for managing a network
CN104506510B (en) Method and device for equipment authentication and authentication service system
CN108616490A (en) A kind of method for network access control, apparatus and system
US10389628B2 (en) Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network
EP3248328A1 (en) A data driven orchestrated network using a light weight distributed sdn controller
JP2005065305A (en) Policy based network architecture
EP3449597A1 (en) A data driven orchestrated network using a voice activated light weight distributed sdn controller
US20190173750A1 (en) A data driven orchestrated network using a voice activated light weight distributed SDN controller
US20230198987A1 (en) Systems and methods for controlling accessing and storing objects between on-prem data center and cloud
WO2013150543A2 (en) Precomputed high-performance rule engine for very fast processing from complex access rules
US20220103526A1 (en) Policy integration for cloud-based explicit proxy
US20240113941A1 (en) Managing Cloud-Based Networks
US11695736B2 (en) Cloud-based explicit proxy with private access feature set
KR20220060762A (en) Apparatus and method for analyzing network in cloud environment
CN114095473A (en) Network service processing method, device and system
CN117041203A (en) Domain name resolution method, device, apparatus, storage medium and program product
CN117614647A (en) Communication system and communication method
CN112486649A (en) GIS service gateway platform considering space constraint
Moya Gomez Implementation of the Ofelia Control Framework (OCF) for Open Flow-based testbed facilities

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant