CN109768892A - A kind of network security experimental system of micro services - Google Patents
A kind of network security experimental system of micro services Download PDFInfo
- Publication number
- CN109768892A CN109768892A CN201910159359.6A CN201910159359A CN109768892A CN 109768892 A CN109768892 A CN 109768892A CN 201910159359 A CN201910159359 A CN 201910159359A CN 109768892 A CN109768892 A CN 109768892A
- Authority
- CN
- China
- Prior art keywords
- experiment
- experimental
- network security
- subsystem
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a kind of network security experimental systems of micro services, cloud service resource scheduling on demand service subsystem and user security experimental service subsystem needed for being related to cloud computing and network security technology, including cloud computing service subsystem, network security experimental resources pond configuration subsystem, network security experimental program configuration management subsystem, experiment.The present invention is using the micro services distribution based on container cluster and manages a variety of virtual network security functions, by using container and virtual machine building and pond virtual secure equipment, virtual secure device forwards path is configured using software defined network, in conjunction with the client based on virtual machine, network security experiment scene that support batch, each user exclusively enjoy, complicated and diversified, with good flexibility and dynamic retractility, resource utilization is improved.
Description
Technical field
The present invention relates to cloud computing and network security technology, in particular to the network security of a kind of micro services tests system
System.
Background technique
With the rise of cloud computing technology, virtual network environment is gradually replacing traditional real network environment, becomes high
School or research institution carry out the novel solution of Network Security Teaching and research.Such scheme uses virtual networking, gram
Taken real network environment hardware purchase with maintenance cost is expensive and network hole there are risks the disadvantages of, in scale Pang
Greatly, in complicated network scenarios, if School Network security laboratory is imparted knowledge to students, there is obviously advantage.In 2009 6
The invention of entitled " a kind of construction method of the virtual networking experiment porch based on true network environment " disclosed in the moon 10 is special
Sharp CN101452649A provides the half virtualized network environment construction method based on real network environment.April 2 in 2014
The patent of invention of " the telecommunication network attacking and defending dummy emulation system based on virtualization and cloud " entitled disclosed in day
CN103701777A allows student to carry out attacking and defending experiment by the way that virtual machine is respectively configured as attack plane and target drone.
The existing virtual network safety experiment system based on cloud computing technology generallys use virtual machine and Virtual Private Network
The mode that network combines builds a whole set of mutually isolated in logic experimental situation for each user, although dropping to a certain extent
The quantity and cost of low hardware device investment, but the complex network safety experiment comprising multiple network equipment can not be carried out,
And the deployment speed of high-volume virtual machine is slow, and it is more to occupy extra resource.
Summary of the invention
The technical issues of in order to solve in the presence of the prior art, the present invention propose that a kind of network security of micro services is real
Check system is distributed using the micro services based on container cluster and manages a variety of virtual network security functions, by using container and
Virtual machine constructs on demand, pond virtual secure equipment, configures virtual secure device forwards path using software defined network, in conjunction with
The client of virtual machine, network security experiment scene that support batch, each user exclusively enjoy, complicated and diversified.
The technical solution adopted by the invention is as follows: a kind of network security experimental system of micro services, including cloud computing clothes
It is engaged in needed for subsystem, network security experimental resources pond configuration subsystem, network security experimental program configuration management subsystem, experiment
Cloud service resource scheduling on demand service subsystem and user security experimental service subsystem;Network security experimental resources pond configuration
System respectively with cloud service resource needed for cloud computing service subsystem, network security experimental program configuration management subsystem, experiment
Scheduling on demand service subsystem is connected with user security experimental service subsystem;Cloud service resource scheduling on demand service needed for testing
Subsystem is connect with user security experimental service subsystem, network security experimental program configuration management subsystem respectively.
Preferably, cloud computing service subsystem includes providing the hardware and system software running environment of standardization cloud service,
It supports to provide virtual machine, container service and the net connection service supported based on software definition on demand, by virtual machine or container
It requires to link up according to software definition, being formed can Experimental Instruction Environment resource for users to use.
Preferably, network security experimental resources pond configuration subsystem dispatches cloud computing clothes according to network security requirement of experiment
Calculating, storage, network and the interface resource of business subsystem, building have the virtual secure equipment pond of multiple network interfaces;Virtually
Safety equipment is virtual switch, virtual firewall, virtual network Intrusion proof system, virtual anti-leakage of content system, virtual
Attack machine, virtual WAF, virtual under fire host, virtual data base server or virtual page server.
Preferably, identical virtual secure equipment cloud service resource scheduling on demand service subsystem combination example needed for testing
Change template to generate, constitutes such virtual secure equipment pond of on-demand service;Cloud needed for the instantiation template is used to create experiment
Perhaps resources of virtual machine template content includes container or virtual machine to the container of Service Source scheduling on demand service subsystem management
Mirror image nature, cpu performance, memory size and the network port mapping.
Preferably, network security experimental program configuration management subsystem supports manager to use software definition mode, is real
The person of testing configures safety experiment scheme;According to safety experiment scheme, cloud service resource scheduling on demand service needed for supporting to test is generated
The configuration parameter and resource scheduling scheme of interface requirement.
Preferably, cloud service resource scheduling on demand service subsystem needed for testing is according to network security experimental program configuration pipe
Service Source, configuration parameter and resource scheduling scheme required by the experiment pattern that subsystem generates are managed, cloud computing service is called
Subsystem, configuration related resource support the on-demand building of virtual secure experimental program, batch building, change and delete;It produces on demand
Raw service environment gives each experiment user, provides the service environment that the current safety experiment of control is exclusively enjoyed by user.
Preferably, user security experimental service subsystem cloud service resource scheduling on demand service subsystem structure needed for testing
Service Source is built, full experiment environment needed for experiment is unfolded in user is formed;Full experiment environment include the required hardware of experiment,
System software, service software, the net connection scheme of virtual secure equipment room, user logs in and experimental situation is shown, safety is set
Standby configuration and control program, experimental procedure and experimental method are supported, experimental result is shown and are submitted.
Preferably, the authorized user of network security experimental program configuration management subsystem passes through system interaction interface creating category
In the environment configuration information of some experiment, safety experiment instructional template is formed, is included the following steps:
Step 1: the experiment pattern essential information that creation will carry out;Essential information includes experiment name, tests in substantially
Hold, experiment details, experiment relevant information link;Experiment pattern state is set as initializing;
Step 2: distributing safety-related experimental facilities list rationally, Experimental Network couples topological diagram, experiment safety equipment is wanted
The configuration information asked;
Step 3: the reasonability of network security experimental program configuration management subsystem automatic test experience template creation, complete
Property and availability, and complete safety experimental situation and its associated user needed for automatically generating an experiment for user's test survey
Try account;The resource information and its matched resource pool information that the experimental situation of generation is dispatched needed for including, utilize the money of scheduling
Source configures virtual secure equipment and net connection scheme, forms complete experimental situation;Set to be measured for experiment pattern state
Examination;
Step 4: test account using the user that automatically generates, test and confirm the reasonability of experimental situation, integrality with
Availability, and test result is fed back into user;
Step 5: if test passes through, network security experimental program configuration management subsystem is automatically by the safety experiment environment
Configuration template state is adjusted to available, and discharges test configuration resource;If test does not pass through, release test configuration money
Source returns to step 2 and reconfigures.
Preferably, the authorized user of network security experimental program configuration management subsystem passes through system interaction interface modification category
In the environment configuration information of some experiment, safety experiment instructional template is changed, is included the following steps:
Step 1: modification experiment pattern essential information;Experiment pattern state is set as initializing;
Step 2: optimization modification configures safety-related experimental facilities list, Experimental Network couples topological diagram, experiment safety is set
Standby desired configuration information;
Step 3: the reasonability of network security experimental program configuration management subsystem automatic test experience template creation, complete
Property and availability, and automatically generate one for user test experiment needed for full experiment environment and its associated user test
Account.The resource information and its matched resource pool information that the experimental situation of generation is dispatched needed for including, utilize the resource of scheduling
Virtual secure equipment and net connection scheme are configured, complete experimental situation is formed;Set to be tested for experiment pattern state;
Step 4: test account using the user that automatically generates, test and confirm the reasonability of experimental situation, integrality with
Test case is fed back to user by availability;
Step 5: if test passes through, network security experimental program configuration management subsystem is automatically by the safety experiment environment
Configuration template state is adjusted to available, and discharges test configuration resource;If test does not pass through, release test configuration money
Source returns to step 2 and reconfigures.
Preferably, cloud service resource scheduling on demand service subsystem needed for testing is according to network security experimental program configuration pipe
The experiment pattern that subsystem generates is managed, supports by individual, press group's lot size scheduling cloud resource, formation is exclusively enjoyed to each experimenter
Safety experiment environment;According to requirement of experiment and related experiment user information, is automatically generated in the predetermined time and distribute built-in net
The virtual machine or container of the safety-related tool of network configure, automatically in incognito according to network function needed for experiment pattern choice experiment
Business, distributes and has configured container or resources of virtual machine;The container for obtaining distribution or resources of virtual machine, which are configured in order into, to be had
With the experimental situation of the consistent data forwarding paths of experiment pattern;Wherein forward-path is by source address, destination address and transponder
Composition, system modifies the forward rule of virtual switch according to the configuration information of user, at two layers of virtual network to matched number
It is intercepted and is forwarded according to packet, the routing forwarding strategy of three layers of virtual network of covering, so that it is guaranteed that the data packet of source address is successively
Location is arrived at the destination after transponder is handled.
The present invention has the following advantages and effects with respect to the prior art:
1, the conventional physical network equipment is replaced by the virtual network device that network function virtualization provides, constructs virtual net
Network safety experiment system saves hardware cost, improves resource utilization.
2, the unified distribution and management of network function are provided by the micro services based on container cluster, resource is carried out on demand
Real-time dynamic retractility, light weight, flexibly and economize on resources.
3, by configuring forward-path, complicated and diversified network security experiment scene is supported.
Detailed description of the invention
Fig. 1 is the structural block diagram of inventive network safety experiment system;
Fig. 2 is the core business timing diagram of inventive network safety experiment system;
Fig. 3 is the experimental program configuration flow figure of one embodiment of the invention;
Fig. 4 is multi-user's application scenarios schematic diagram of one embodiment of the invention;
Fig. 5 is the single user experiment management schematic diagram of one embodiment of the invention;
Fig. 6 is the single user experiment display schematic diagram of one embodiment of the invention.
Specific embodiment
Present invention will now be described in further detail with reference to the embodiments and the accompanying drawings, according to following explanation and claim
Book, advantages and features of the invention will be apparent from, and embodiments of the present invention are not limited thereto.
Embodiment
Such as Fig. 1, the network security experimental system of micro services of the present invention, including cloud computing service subsystem, network security
Cloud service resource needed for experimental resources pond configuration subsystem, network security experimental program configuration management subsystem, experiment is adjusted on demand
Spend service subsystem and user security experimental service subsystem;Network security experimental resources pond configuration subsystem respectively with cloud computing
Cloud service resource scheduling on demand needed for service subsystem, network security experimental program configuration management subsystem, experiment services subsystem
System is connected with user security experimental service subsystem;Cloud service resource scheduling on demand service subsystem needed for testing respectively with user
Safety experiment service subsystem, the connection of network security experimental program configuration management subsystem.
Cloud computing service subsystem includes providing the hardware (such as physical server cluster, network system) of standardization cloud service
With system software running environment, support to provide virtual machine, container service and the net connection clothes supported based on software definition on demand
These virtual machines or container are required to link up by business according to software definition, and being formed can experimental teaching ring for users to use
Border resource.The cloud computing operating system that cloud computing service subsystem uses is general open source or commercialization cloud computing operation system
System, including the compatible cloud operating system of VMWare, OpenStack, CloudStack, Windows Azure, Amazon EC2;
The server used is common commercial server;Software defined network is supported or do not supported to the network equipment used for general
The commercialization network equipment of network.
Network security experimental resources pond configuration subsystem dispatches cloud computing service subsystem according to network security requirement of experiment
Calculating, storage, network and interface resource, construct have multiple network interfaces the virtual secure with particular security functionality set
Standby pond.Virtual secure equipment according to its function and performance indicator, can be used virtual cloud desktop, virtual cloud host or container and by
Need hybrid plan.Virtual secure equipment can be virtual switch, virtual firewall, virtual network Intrusion proof system, virtually prevent
Leakage of content system virtually attacks machine, virtual WAF (network application firewall), virtual under fire host, virtual data base clothes
Business device, virtual page server.Identical virtual secure equipment is by micro services (cloud service resource scheduling on demand service needed for testing
Subsystem) combine instantiation template to generate, constitute such virtual secure equipment pond of on-demand service.The instantiation template is used to
Create the container of micro services management perhaps resources of virtual machine template content include container or virtual machine mirror image nature, CPU
The configuration informations such as energy, memory size and network port mapping.
Network security experimental program configuration management subsystem supports manager to use software definition mode, configures for experimenter
Safety experiment scheme, formation experiment virtual secure equipment list, respective fictional safety equipment concrete configuration and technical parameter used,
The control method of net connection scheme, virtual secure equipment between virtual secure equipment, experiment displaying scheme, experimental procedure with
Method, experimental result automatic discrimination scheme, experimental record automatically generate scheme.According to safety experiment scheme, generates and support experiment
The configuration parameter and resource scheduling scheme that required cloud service resource scheduling on demand service interface requires;Support administrator, Jiao Shiyong
Micro services needed for family or experimenter create experiment and instantiation template, setting experiment duration, experiment number, specific experiment
Personal information.
Cloud service resource scheduling on demand service subsystem is according to network security experimental program configuration management subsystem needed for testing
Service Source, configuration parameter and resource scheduling scheme required by the experiment pattern that system generates call cloud computing service subsystem,
Configuration related resource supports the on-demand building of virtual secure experimental program, batch building, changes and delete;Service is generated on demand
Environment gives each experiment user, provides the service environment that the current safety experiment of control is exclusively enjoyed by user.
The building service of the cloud service resource scheduling on demand service subsystem needed for testing of user security experimental service subsystem
Resource forms full experiment environment needed for experiment is unfolded in user.Full experiment environment includes that the required hardware of experiment, system are soft
Part, service software, the net connection scheme of virtual secure equipment room, user logs in and experimental situation is shown, safety equipment configures
And control program, experimental procedure and experimental method are supported, experimental result is shown and are submitted.
Fig. 2 is the core business timing diagram of the network security experimental system of micro services of the present invention.Timing diagram is shown virtually
The resource of network security laboratories prepares, experiment pattern prepares and the intermodule interactive process of three typical services of experiment.Cloud meter
Calculate service subsystem, network security experimental resources pond configuration subsystem, network security experimental program configuration management subsystem, experiment
Required cloud service resource scheduling on demand service subsystem and user security experimental service subsystem work closely, and organic completion is virtual
The related work of safety experiment.
In the present embodiment, test needed for cloud service resource scheduling on demand service subsystem as front end unified access point with
Load balancer is responsible for the distribution and management of corresponding network secure resources.When user applies for resource, idling-resource is directly distributed
Or new resources are distributed after schedule creating, while modifying resource status is in use;It is negative according to system after user's use
It is unused that loading capability, which directly destroys resource or modification resource status,.Cloud service resource scheduling on demand needed for testing services subsystem
System is by system resource initialization module, and fusion deployment cloud computing management platform and container tube pat in physical server cluster
Platform constructs the cloud service hybird environment an of cluster virtual machine Yu the intercommunication of container cluster network, calculating needed for experiment is provided,
The underlying virtuals resource such as network and storage.
As shown in figure 3, the authorized user of network security experimental program configuration management subsystem is created by system interaction interface
The environment configuration information for belonging to some experiment is built, safety experiment instructional template is formed.Include the following steps:
Step 1: user logs in experimental system, creates the experiment pattern essential information that will be carried out;Essential information includes real
Test name, experiment basic content, experiment details, experiment relevant information link;Experiment pattern state is set as initializing;
Step 2: distributing safety-related experimental facilities list rationally, Experimental Network couples topological diagram, experiment safety equipment is wanted
The configuration information asked;
Step 3: the reasonability of network security experimental program configuration management subsystem automatic test experience template creation, complete
Property and availability, and automatically generate one for user test experiment needed for complete safety experimental situation and its associated user
Test account.The resource information and its matched resource pool information that the experimental situation of generation is dispatched needed for including, utilize scheduling
Resource distribution virtual secure equipment and net connection scheme, form complete experimental situation.By experiment pattern state be set as to
Test;
Step 4: test account using the user that automatically generates, test and confirm the reasonability of experimental situation, integrality with
Availability, and test result is fed back into user.
Step 5: if test passes through, network security experimental program configuration management subsystem is automatically by the safety experiment environment
Configuration template state is adjusted to available, and discharges test configuration resource;If test does not pass through, release test configuration money
Source returns to step 2 and reconfigures.
The authorized user of network security experimental program configuration management subsystem belongs to some by system interaction interface modification
The environment configuration information of experiment changes safety experiment instructional template.Include the following steps:
Step 1: user logs in experimental system, modifies experiment pattern essential information;Set initial for experiment pattern state
Change;
Step 2: optimization modification configures safety-related experimental facilities list, Experimental Network couples topological diagram, experiment safety is set
Standby desired configuration information;
Step 3: the reasonability of network security experimental program configuration management subsystem automatic test experience template creation, complete
Property and availability, and automatically generate one for user test experiment needed for full experiment environment and its associated user test
Account.The resource information and its matched resource pool information that the experimental situation of generation is dispatched needed for including, utilize the resource of scheduling
Virtual secure equipment and net connection scheme are configured, complete experimental situation is formed.Set to be tested for experiment pattern state;
Step 4: test account using the user that automatically generates, test and confirm the reasonability of experimental situation, integrality with
Test case is fed back to user by availability.
Step 5: if test passes through, network security experimental program configuration management subsystem is automatically by the safety experiment environment
Configuration template state is adjusted to available, and discharges test configuration resource;If test does not pass through, release test configuration money
Source returns to step 2 and reconfigures.
The authorized user of network security experimental program configuration management subsystem can be deleted by system interaction interface belongs to certain
The environment configuration information of a experiment:
Step 1: user logs in experimental system, deletes experiment pattern;
Step 2: if template deletes failure with state.Otherwise, it deletes successfully.
As shown in figure 4, cloud service resource scheduling on demand service subsystem needed for testing is matched according to network security experimental program
The experiment pattern of management subsystem generation is set, supports by individual, press group's lot size scheduling cloud resource, formed to each experimenter
The safety experiment environment exclusively enjoyed.According to requirement of experiment and related experiment user information, in the predetermined time automatically generates and distributes
Virtual machine or the container configuration of network security related tool are set, it is automatically micro- according to network function needed for experiment pattern choice experiment
Service, distributes and has configured container or resources of virtual machine;The container for obtaining distribution or resources of virtual machine are configured in order into tool
There is the experimental situation with the consistent data forwarding paths of experiment pattern.Wherein forward-path is by source address, destination address and forwarding
Device composition, system modify the forward rule (OpenFlow flow table) of virtual switch, in virtual net according to the configuration information of user
Two layers of network are intercepted and are forwarded to matched data packet, the routing forwarding strategy of three layers of virtual network of covering, so that it is guaranteed that source
The data packet of address successively arrives at the destination location after transponder is handled.
As shown in Figure 5 and Figure 6, single user is checked and is managed by user security experimental service subsystem and is one's own
Safety experiment carries out including that experimental situation topology exhibits, experimental result record, description of test book are checked with laboratory report management etc.
Operation.Topology exhibits current experiment environmental unit and its connection type are wherein tested, by clicking in experimental situation topology
Appliance icon can enter the order line of the equipment or desktop is configured or checks device Run Log;Experimental result note
Record the data such as screenshot, the log saved in experiment progress;Description of test book mainly includes in experiment purpose, experimental procedure etc.
Hold;Judging basis of the laboratory report as experiment grade carries out experiment grade examination for teacher or system.
From the above technical scheme, the present invention using the micro services distribution based on container cluster and manages a variety of virtual nets
Network security function is configured empty by using container and virtual machine building and pond virtual secure equipment using software defined network
Quasi- safety equipment forward-path, it is that support batch, each user exclusively enjoy, complicated and diversified in conjunction with the client based on virtual machine
Network security experiment scene has good flexibility and dynamic retractility, improves resource utilization.
The above embodiment is a preferred embodiment of the present invention, but embodiments of the present invention are not by above-described embodiment
Limitation, other any changes, modifications, substitutions, combinations, simplifications made without departing from the spirit and principles of the present invention,
It should be equivalent substitute mode, be included within the scope of the present invention.
Claims (10)
1. a kind of network security experimental system of micro services, which is characterized in that including cloud computing service subsystem, network security
Cloud service resource needed for experimental resources pond configuration subsystem, network security experimental program configuration management subsystem, experiment is adjusted on demand
Spend service subsystem and user security experimental service subsystem;Network security experimental resources pond configuration subsystem respectively with cloud computing
Cloud service resource scheduling on demand needed for service subsystem, network security experimental program configuration management subsystem, experiment services subsystem
System is connected with user security experimental service subsystem;Cloud service resource scheduling on demand service subsystem needed for testing respectively with user
Safety experiment service subsystem, the connection of network security experimental program configuration management subsystem.
2. the network security experimental system of micro services according to claim 1, which is characterized in that cloud computing service subsystem
System include provide standardization cloud service hardware and system software running environment, support on demand provide virtual machine, container service and
Based on the net connection service that software definition is supported, virtual machine or container are required to link up according to software definition, formed
It can Experimental Instruction Environment resource for users to use.
3. the network security experimental system of micro services according to claim 1, which is characterized in that network security experiment money
Source pond configuration subsystem dispatches calculating, storage, network and the interface of cloud computing service subsystem according to network security requirement of experiment
Resource, building have the virtual secure equipment pond of multiple network interfaces;Virtual secure equipment is virtual switch, virtual fire prevention
Wall, virtual anti-leakage of content system, virtually attacks machine, virtual WAF, virtually under fire leads virtual network Intrusion proof system
Machine, virtual data base server or virtual page server.
4. the network security experimental system of micro services according to claim 3, which is characterized in that identical virtual secure is set
The standby cloud service resource scheduling on demand service subsystem needed for testing combines instantiation template to generate, and constitutes such of on-demand service
Virtual secure equipment pond;Cloud service resource scheduling on demand service subsystem management needed for the instantiation template is used to create experiment
Container perhaps resources of virtual machine template content include the mirror image nature, cpu performance, memory size of container or virtual machine with
And network port mapping.
5. the network security experimental system of micro services according to claim 1, which is characterized in that network security experiment side
Case configuration management subsystem supports manager to use software definition mode, configures safety experiment scheme for experimenter;According to safety
Experimental program generates configuration parameter and scheduling of resource side that cloud service resource scheduling on demand service interface needed for supporting to test requires
Case.
6. the network security experimental system of micro services according to claim 1, which is characterized in that cloud service needed for testing
Required by the experiment pattern that resource scheduling on demand service subsystem is generated according to network security experimental program configuration management subsystem
Service Source, configuration parameter and resource scheduling scheme, call cloud computing service subsystem, configure related resource, support virtual
The on-demand building of safety experiment scheme, is changed and is deleted batch building;Service environment is generated on demand to each experiment user, is mentioned
The service environment that current safety for exclusively enjoying control by user is tested.
7. the network security experimental system of micro services according to claim 1, which is characterized in that user security lab-gown
Subsystem be engaged in by testing required cloud service resource scheduling on demand service subsystem building Service Source, forms user and experiment institute is unfolded
The full experiment environment needed;Full experiment environment includes testing required hardware, system software, service software, virtual secure to set
Net connection scheme, user between standby log in and experimental situation is shown, safety equipment configures and control program, experimental procedure and reality
Proved recipe method is supported, experimental result is shown and is submitted.
8. the network security experimental system of micro services according to claim 1, which is characterized in that network security experiment side
The authorized user of case configuration management subsystem belongs to the environment configuration information of some experiment by system interaction interface creating, is formed
Safety experiment instructional template, includes the following steps:
Step 1: the experiment pattern essential information that creation will carry out;Essential information includes experiment name, experiment basic content, reality
Test details, experiment relevant information link;Experiment pattern state is set as initializing;
Step 2: distributing safety-related experimental facilities list, Experimental Network connection topological diagram, experiment safety equipment requirement rationally
Configuration information;
Step 3: the reasonability of network security experimental program configuration management subsystem automatic test experience template creation, integrality with
Availability, and complete safety experimental situation and its associated user needed for automatically generating an experiment for user's test test account
Number;The resource information and its matched resource pool information that the experimental situation of generation is dispatched needed for including, are matched using the resource of scheduling
Virtual secure equipment and net connection scheme are set, complete experimental situation is formed;Set to be tested for experiment pattern state;
Step 4: testing account using the user automatically generated, test and confirm the reasonability of experimental situation, integrality and can be used
Property, and test result is fed back into user;
Step 5: if test passes through, network security experimental program configuration management subsystem is automatically by the safety experiment environment configurations
Template state is adjusted to available, and discharges test configuration resource;If test does not pass through, release test configuration resource is returned
It is reconfigured to step 2.
9. the network security experimental system of micro services according to claim 1, which is characterized in that network security experiment side
The authorized user of case configuration management subsystem belongs to the environment configuration information of some experiment, change by system interaction interface modification
Safety experiment instructional template, includes the following steps:
Step 1: modification experiment pattern essential information;Experiment pattern state is set as initializing;
Step 2: optimization modification configures safety-related experimental facilities list, Experimental Network couples topological diagram, experiment safety equipment is wanted
The configuration information asked;
Step 3: the reasonability of network security experimental program configuration management subsystem automatic test experience template creation, integrality with
Availability, and full experiment environment and its associated user needed for automatically generating an experiment for user's test test account
Number.The resource information and its matched resource pool information that the experimental situation of generation is dispatched needed for including, are matched using the resource of scheduling
Virtual secure equipment and net connection scheme are set, complete experimental situation is formed;Set to be tested for experiment pattern state;
Step 4: testing account using the user automatically generated, test and confirm the reasonability of experimental situation, integrality and can be used
Property, test case is fed back into user;
Step 5: if test passes through, network security experimental program configuration management subsystem is automatically by the safety experiment environment configurations
Template state is adjusted to available, and discharges test configuration resource;If test does not pass through, release test configuration resource is returned
It is reconfigured to step 2.
10. the network security experimental system of micro services according to claim 1, which is characterized in that the clothes of cloud needed for testing
The experiment pattern that business resource scheduling on demand service subsystem is generated according to network security experimental program configuration management subsystem is supported
By safety experiment environment that is personal, being exclusively enjoyed by group's lot size scheduling cloud resource, formation to each experimenter;According to requirement of experiment
With related experiment user information, is automatically generated in the predetermined time and distribute the virtual machine or appearance of the safety-related tool of embedded with network
Device configuration, automatically according to network function micro services needed for experiment pattern choice experiment, distributes and has configured container or virtual machine
Resource;The container for obtaining distribution or resources of virtual machine, which are configured in order into, to be had and the consistent data forwarding paths of experiment pattern
Experimental situation;Wherein forward-path is made of source address, destination address and transponder, and system is repaired according to the configuration information of user
The forward rule for changing virtual switch is intercepted and is forwarded to matched data packet at two layers of virtual network, and virtual net is covered
Three layers of network of routing forwarding strategy, so that it is guaranteed that the data packet of source address successively arrives at the destination location after transponder is handled.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910159359.6A CN109768892B (en) | 2019-03-04 | 2019-03-04 | Micro-service network security experiment system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910159359.6A CN109768892B (en) | 2019-03-04 | 2019-03-04 | Micro-service network security experiment system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109768892A true CN109768892A (en) | 2019-05-17 |
| CN109768892B CN109768892B (en) | 2020-12-04 |
Family
ID=66457653
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910159359.6A Active CN109768892B (en) | 2019-03-04 | 2019-03-04 | Micro-service network security experiment system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109768892B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111124611A (en) * | 2019-12-19 | 2020-05-08 | 深圳市优必选科技股份有限公司 | Robot management method, robot management device and electronic equipment |
| CN111711703A (en) * | 2020-08-20 | 2020-09-25 | 南京赛宁信息技术有限公司 | Equipment library self-adaption system and method for network target range actual combat drilling scene |
| CN111984363A (en) * | 2019-05-21 | 2020-11-24 | 顺丰科技有限公司 | WAF management method and system |
| CN112333025A (en) * | 2020-11-19 | 2021-02-05 | 中国人民解放军国防科技大学 | Network security simulation training method, device and system |
| CN113765912A (en) * | 2021-09-02 | 2021-12-07 | 迈迪信息技术有限公司 | Distributed firewall device and detection method thereof |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841207A (en) * | 2014-03-18 | 2014-06-04 | 上海电机学院 | College experiment teaching platform system based on cloud desktop and constructing method thereof |
| CN103997513A (en) * | 2014-04-21 | 2014-08-20 | 北京邮电大学 | Programmable virtual network service system |
| CN104252378A (en) * | 2014-05-14 | 2014-12-31 | 温武少 | Virtual computer experience classroom system |
| CN105160954A (en) * | 2015-09-28 | 2015-12-16 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Cloud computing experimental teaching system and construction method thereof |
| CN106453506A (en) * | 2016-09-13 | 2017-02-22 | 南京南瑞集团公司 | Resource unified scheduling test system and method |
| CN107046567A (en) * | 2017-02-14 | 2017-08-15 | 广州云晫信息科技有限公司 | A kind of distributed cloud computing system for the centralized management being made up of thin cloud system |
| CN107105003A (en) * | 2017-02-14 | 2017-08-29 | 广州云晫信息科技有限公司 | Cloud system is melted automatically in the super fusion thin cloud data center of one kind |
| CN107730125A (en) * | 2017-10-20 | 2018-02-23 | 南方电网科学研究院有限责任公司 | Design of Laboratory Management System |
| CN109147460A (en) * | 2018-11-07 | 2019-01-04 | 成都华栖云科技有限公司 | Realize the Teaching Experiment system of the virtual instructor in broadcasting of College Media Speciality multi-channel |
-
2019
- 2019-03-04 CN CN201910159359.6A patent/CN109768892B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841207A (en) * | 2014-03-18 | 2014-06-04 | 上海电机学院 | College experiment teaching platform system based on cloud desktop and constructing method thereof |
| CN103997513A (en) * | 2014-04-21 | 2014-08-20 | 北京邮电大学 | Programmable virtual network service system |
| CN104252378A (en) * | 2014-05-14 | 2014-12-31 | 温武少 | Virtual computer experience classroom system |
| CN105160954A (en) * | 2015-09-28 | 2015-12-16 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Cloud computing experimental teaching system and construction method thereof |
| CN106453506A (en) * | 2016-09-13 | 2017-02-22 | 南京南瑞集团公司 | Resource unified scheduling test system and method |
| CN107046567A (en) * | 2017-02-14 | 2017-08-15 | 广州云晫信息科技有限公司 | A kind of distributed cloud computing system for the centralized management being made up of thin cloud system |
| CN107105003A (en) * | 2017-02-14 | 2017-08-29 | 广州云晫信息科技有限公司 | Cloud system is melted automatically in the super fusion thin cloud data center of one kind |
| CN107730125A (en) * | 2017-10-20 | 2018-02-23 | 南方电网科学研究院有限责任公司 | Design of Laboratory Management System |
| CN109147460A (en) * | 2018-11-07 | 2019-01-04 | 成都华栖云科技有限公司 | Realize the Teaching Experiment system of the virtual instructor in broadcasting of College Media Speciality multi-channel |
Non-Patent Citations (1)
| Title |
|---|
| 莘建浦: "基于Docker容器的网络安全实训平台的研究与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111984363A (en) * | 2019-05-21 | 2020-11-24 | 顺丰科技有限公司 | WAF management method and system |
| CN111984363B (en) * | 2019-05-21 | 2024-04-12 | 顺丰科技有限公司 | WAF management method and system |
| CN111124611A (en) * | 2019-12-19 | 2020-05-08 | 深圳市优必选科技股份有限公司 | Robot management method, robot management device and electronic equipment |
| CN111711703A (en) * | 2020-08-20 | 2020-09-25 | 南京赛宁信息技术有限公司 | Equipment library self-adaption system and method for network target range actual combat drilling scene |
| CN111711703B (en) * | 2020-08-20 | 2020-11-24 | 南京赛宁信息技术有限公司 | Equipment library self-adaption system and method for network target range actual combat drilling scene |
| CN112333025A (en) * | 2020-11-19 | 2021-02-05 | 中国人民解放军国防科技大学 | Network security simulation training method, device and system |
| CN112333025B (en) * | 2020-11-19 | 2023-04-18 | 中国人民解放军国防科技大学 | Network security simulation training method, device and system |
| CN113765912A (en) * | 2021-09-02 | 2021-12-07 | 迈迪信息技术有限公司 | Distributed firewall device and detection method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109768892B (en) | 2020-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109768892A (en) | A kind of network security experimental system of micro services | |
| CN105117835B (en) | A kind of electric network information computer room three-dimensional visualization management platform based on B/S frameworks | |
| US9183121B2 (en) | Network development and testing as a cloud service | |
| CN104253865B (en) | A kind of two-level management method of mixed type desktop cloud service platform | |
| CN102571698B (en) | Access authority control method, system and device for virtual machine | |
| CN101430649B (en) | Virtual computation environmental system based on virtual machine | |
| CN108055327A (en) | Cloud computing experiment porch based on OpenStack | |
| CN104579740B (en) | For managing the method and system of virtual network interface | |
| CN111555913A (en) | Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization | |
| US20060248159A1 (en) | Method and apparatus for presenting navigable data center information in virtual reality using leading edge rendering engines | |
| CN109657419A (en) | Analogue system and method | |
| CN103955373B (en) | A kind of method for designing of SDN application integration development environment | |
| CN107689882A (en) | The method and apparatus of service deployment in a kind of virtualization network | |
| CN105684357A (en) | Management of addresses in virtual machines | |
| CN103220364A (en) | Cloud-based system management training platform architecture | |
| CN105376133A (en) | Network experiment system based on virtualization technology and construction method | |
| CN106789432A (en) | Test system based on autonomous controllable cloud platform technology | |
| CN105024990A (en) | Deployment method and device for network security attack and defense exercise environment | |
| CN112637271B (en) | Open experiment teaching platform based on Internet of things | |
| CN103001823A (en) | Method and system for establishing virtual network on basis of multi-grit abstract theory | |
| CN112712741A (en) | Safety management training system, method and terminal | |
| CN103593181A (en) | Configurable distributed three-dimensional scene simulating system | |
| CN105959347A (en) | All-digital collaborative simulation system communication method based on P2P network | |
| CN108696373B (en) | Virtual resource allocation method, NFVO and system | |
| CN115795929A (en) | Simulation deduction evaluation system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |