CN110062010B - Data exchange method and system between physical isolation networks - Google Patents
Data exchange method and system between physical isolation networks Download PDFInfo
- Publication number
- CN110062010B CN110062010B CN201910446755.7A CN201910446755A CN110062010B CN 110062010 B CN110062010 B CN 110062010B CN 201910446755 A CN201910446755 A CN 201910446755A CN 110062010 B CN110062010 B CN 110062010B
- Authority
- CN
- China
- Prior art keywords
- data
- computer
- migrated
- kvm
- storage equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Abstract
The invention discloses a method and a system for exchanging data between physical isolation networks, which belong to the technical field of network communication safety, and comprise a data exchange unit, a data migration unit and a data migration unit, wherein the data exchange unit is used for exchanging data between a first network and a second network which are isolated from each other, the first network is connected with a first computer, the second network is connected with a second computer, the first computer and the second computer are both connected with a KVM switch, the KVM switch is connected with a storage device, the first computer acquires a data migration request and acquires corresponding data in the first network as data to be migrated according to the data migration request; and controlling the KVM switch to switch between the first computer and the second computer, so that the storage equipment on the KVM switch is mounted and switched between the first computer and the second computer, and the data information in the storage equipment is exchanged. The scheme adopts a physical mode to complete data exchange, keeps the isolation of two networks, and has better safety and low cost.
Description
Technical Field
The invention relates to the technical field of network communication safety, in particular to a method and a system for exchanging data between physical isolation networks.
Background
With the continuous development of computer networks, the security of the computer networks faces an increasingly serious threat. When computers are used for mutual communication to acquire information, the data security of the online computers needs to be ensured. Generally, intermediate physical hardware (a U disk and a safety machine) is used for accessing computing and network equipment which cannot pass through time sharing to complete unidirectional data exchange.
The traditional solution is to use a security isolation gatekeeper, also known as a gatekeeper, to implement data exchange between two networks isolated from each other by service, and to provide a software and hardware system for moderately controllable data exchange. The general gatekeeper model is generally divided into three basic parts: (a) a network processing unit, (b) an extranet processing unit, (c) an isolation and switching control unit (isolation hardware). Wherein: all three require that the operating system of its software be secure, i.e., a non-generic operating system, or a modified proprietary operating system. Generally, the security is simplified version of Unix BSD or Linux, or other embedded operating systems such as VxWorks, but all the protocols and services required by the bottom layer are deleted, the used protocols are optimized and modified, the security characteristics are increased, and the efficiency is improved. The three basic parts function as follows:
an intranet processing unit: the intranet interface unit is connected with an intranet data buffer area, an interface part is responsible for linking with the intranet, network connection of intranet users is stopped, pure data is stripped after security detection such as virus detection, firewall and intrusion protection is carried out on the data, preparation for exchange is made, confirmation of the intranet to user identities is also completed, and a security channel of the data is ensured. The data buffer area is used for storing and scheduling the stripped data and is responsible for data exchange with the isolation exchange unit.
And the outer network processing unit has the same function as the inner network processing unit, but processes outer network connection.
The isolation and exchange control unit is used for ferry control of the isolation control of the network gate and controlling the opening and closing of an exchange channel, and the control unit comprises a data exchange area, namely a ferry boat in data exchange. There are two techniques for controlling the switching channel, ferry switch and channel control. Wherein: the ferry switch is an electronic changeover switch, realizes that the data exchange area is not simultaneously connected with the internal network and the external network at any time, forms a space GAP (GAP), and realizes physical isolation. The channel mode is that the communication mode is changed between the internal network and the external network, the direct connection of the internal network and the external network is interrupted, and the physical isolation of the internal network and the external network is formed by adopting a private communication means. The unit also has a data exchange area for relaying the exchanged data.
Current security isolation gatekeepers generally include two types of modes:
one mode is that in the intranet and extranet processing unit, the channel between the interface processing and the data buffering is called an internal channel 1, and the channel between the buffer and the switching area is called an internal channel 2. The isolation of the internal network and the external network can be formed by controlling the switch of the internal channel. And the data are ferred by using the middle data exchange area in the model, and the model is called a three-area model. During ferry, the bus of the switching area is respectively connected with the internal network buffer area and the external network buffer area, namely the control of the internal channel 2, and data exchange is completed.
The other mode is to cancel the data exchange area and respectively control the internal channel 1 and the internal channel 2 in an interactive way to form a two-area model. The data ferry of the second zone model is divided into two times: firstly, the internal channel 2 connecting the internal and external network data buffer areas is disconnected, the internal channel 1 is connected, the internal and external network interface units receive the data to be exchanged and store the data in the respective buffer areas, and one ferry is completed. Then the internal channel 1 is disconnected, the internal channel 2 is connected, and after the data buffer areas of the internal network and the external network are disconnected with the respective interface units, the two buffer areas are connected, and the data to be exchanged are exchanged to the buffer areas of the other side respectively, so that the secondary ferry of the data is completed.
The internal channel also generally adopts a communication connection of a non-universal network, so that possible attacks from two ends are stopped at the interface unit, and the isolation effect of the gatekeeper is enhanced. The safety isolation network gate aims at realizing safety data exchange under the premise of isolating the service connection of the internal network and the external network. But it has the following disadvantages: the price is high, and because the network interconnection is always realized, the physical isolation characteristic is broken essentially, and certain safety risk exists.
Disclosure of Invention
The invention aims to provide a low-cost data exchange mode between physical isolation networks.
To achieve the above object, in one aspect, the present invention provides a method for exchanging data between physically isolated networks, which is used for exchanging data between a first network and a second network isolated from each other, wherein the first network is connected to a first computer, the second network is connected to a second computer, the first computer and the second computer are both connected to a KVM switch, and the KVM switch is connected to a storage device, and the method includes:
the first computer acquires a data migration request and acquires corresponding data in a first network as data to be migrated according to the data migration request;
and controlling the KVM switch to switch between the first computer and the second computer, so that the storage equipment on the KVM switch is mounted and switched between the first computer and the second computer, and the data information in the storage equipment is exchanged.
Further, the controlling the KVM switch to switch between the first computer and the second computer, so that the storage device on the KVM switch is mounted and switched between the first computer and the second computer, and the exchanging of the data information in the storage device is realized, including:
controlling the KVM switcher to switch to the first computer and migrate the data to be migrated to the storage equipment;
and controlling the KVM switcher to switch to the second computer, and enabling the data to be migrated in the storage device to the second computer.
Further, the controlling the KVM switch to the first computer and migrate the data to be migrated to the storage device includes:
the first computer stores data to be migrated into a cache queue and continuously monitors the data migration request;
the first computer monitors a KVM control domain switching event in real time and waits for the storage equipment on the KVM switcher to be mounted when the KVM control domain is switched to the local computer;
and when the mounting of the storage equipment is finished, migrating the data to be migrated in the cache queue to the storage equipment.
Further, the controlling the KVM switch to the second computer, the second computer to migrate the data in the storage device, comprising:
the second computer monitors a KVM control domain switching event in real time and waits for the storage equipment on the KVM switcher to be mounted when the KVM control domain is switched to the local computer;
and when the mounting of the storage equipment is finished, reading the data to be migrated on the storage equipment and storing the data to be migrated to the local.
Further, after reading the data to be migrated on the storage device and storing the data to the local after the storage device is mounted, the method further includes:
and the second computer calls a data sending interface to carry out instant push on the data to be migrated.
Further, the KVM switch comprises a keyboard, a display and a mouse, the controlling the KVM switch to switch between the first computer and the second computer comprises:
controlling the mouse to move according to the set moving track, and switching the display to control the state of a first computer;
when the display is switched to control the first computer state time t1Then, controlling the mouse to move to switch the display to a state for controlling a second computer;
when the display is switched to control the first computer state time t2And then, repeatedly executing the control of the mouse to move according to the set moving track, and switching the display to the state of controlling the first computer.
In another aspect, a data exchange system between physically isolated networks is adopted, including a first computer and a second computer respectively connected to the physically isolated networks, and a data exchange device connected to the first computer and the second computer, the data exchange device including: KVM switch, storage device and operating means all are connected with the KVM switch, wherein:
the storage device is used for storing data information to be exchanged;
the KVM switch is used for switching between the first computer and the second computer, so that the storage device on the KVM switch is mounted and switched between the first computer and the second computer, and the exchange of data information in the storage device is realized.
Furthermore, the KVM switch comprises a mouse, a display and a keyboard, the data exchange device further comprises a control panel and a driving device, an output end of the control panel is connected with the driving device, and a driving end of the driving device is connected with the mouse;
the driving device is used for receiving the movement track information output by the control panel and driving the mouse to move according to the movement track information.
Furthermore, the driving device comprises a motor and a driving rod, a rotating shaft of the motor is connected with one end of the driving rod, and the other end of the driving rod is connected with the mouse through a warp rope.
Compared with the prior art, the invention has the following technical effects: the present invention utilizes the KVM switch to switch between the first computer and the second computer, so that the storage device on the KVM switch can be switched between the two physically isolated first computer and the second computer, when the KVM switch is switched to the state of controlling the first computer, the data to be migrated is transferred to the storage device, and when the KVM switch is switched to the second computer, the second computer acquires the data in the storage device and sends the data to the designated data interface, thereby completing the transfer of the data from the first network to the second network. In the scheme, the two networks of the first computer and the second computer are still in an isolation state when the two networks are in an unopened state, while in the traditional network gate scheme, the two networks are in an interconnected state and have a large amount of potential security threats. Meanwhile, only a KVM switcher and the like are needed, and the cost is low.
Drawings
The following detailed description of embodiments of the invention refers to the accompanying drawings in which:
FIG. 1 is a flow diagram of a method for data exchange between physically isolated networks;
FIG. 2 is a schematic workflow diagram of a first computer;
FIG. 3 is a schematic workflow diagram of a second computer;
FIG. 4 is a schematic diagram of a mouse movement control process;
FIG. 5 is a block diagram of a data switching system between physically isolated networks;
fig. 6 is a schematic diagram of the connection of the driving device and the mouse.
Detailed Description
To further illustrate the features of the present invention, refer to the following detailed description of the invention and the accompanying drawings. The drawings are for reference and illustration purposes only and are not intended to limit the scope of the present disclosure.
As shown in fig. 1, the present embodiment discloses a method for exchanging data between physically isolated networks, which is used to exchange data between a first network and a second network isolated from each other, where the first network is connected to a first computer, the second network is connected to a second computer, both the first computer and the second computer are connected to a KVM switch, and the KVM switch is connected to a storage device, including the following steps S1 to S2:
s1, the first computer acquires a data migration request and acquires corresponding data in the first network as data to be migrated according to the data migration request;
the first computer completes data exchange with the third-party application through the service interface, so that the third-party application can send a data migration request to the first computer through the service interface, and the data migration request carries data information to be transferred to the second network.
And S2, controlling the KVM switch to switch between the first computer and the second computer, so that the storage device on the KVM switch is mounted and switched between the first computer and the second computer, and exchanging data information in the storage device is realized.
The KVM switcher comprises a mouse, a keyboard and a display, wherein the storage device and the display are connected with the KVM, a display interface on the computer is connected to an input end of the KVM, and then the display is connected to an output end of the KVM. Under high security requirements, the KVM switch cannot open an interface for programming control switching, and can be manually switched. The mouse movement can also be automatically controlled, as shown in fig. 4, the process is as follows:
1) the control panel outputs and controls the mouse to move according to the set moving track, so that the display is switched to control the state of the first computer;
2) when the display is switched to control the first computer state time t1Then, controlling the mouse to move to switch the display to a state for controlling a second computer;
3) when the display is switched to control the first computer state time t2Thereafter, step 1) is repeatedly performed.
Further, the step S2 specifically includes the following steps S21 to S22:
s21, controlling the KVM switcher to switch to the first computer and migrating the data to be migrated to the storage device;
s22, controlling the KVM switch to the second computer, and transferring the data to be migrated from the storage device to the second computer.
It should be noted that, by controlling the movement of the mouse, the control switching of the mouse between the first computer and the second computer is completed, so that the storage device on the KVM controller is constantly switched between the first computer and the second computer, and the first computer is idleTime t1Transferring the data to be migrated acquired from the first network to the storage device, and allowing the second computer to be in idle time t2The data retrieved from the storage device is transferred to the second computer. It should be understood that the idle time t1And an idle time t2Are all constant and t1And t2May or may not be equal.
Further, the above step S21: controlling the KVM switch to the first computer and migrate the data to be migrated to the storage device, comprising the following steps S211 to S213:
s211, the first computer stores the data to be migrated into a cache queue and continuously monitors the data migration request;
s212, the first computer monitors a KVM control domain switching event in real time, and waits for the storage device on the KVM switch to be mounted when the KVM control domain is switched to the local computer;
and S213, when the mounting of the storage equipment is finished, migrating the data to be migrated in the cache queue to the storage equipment.
It should be noted that, as shown in fig. 2, two services mainly exist in the first computer, a data migration request receiving service and a data migration service, where the data migration request receiving service process includes:
a) starting a receiving service for monitoring a data migration request, and testing the availability of the local service;
b) monitoring the data migration request in real time, judging whether the data migration request is monitored, if the data migration request is monitored, executing the step c), and if the data migration request is not monitored, repeatedly executing the step b);
c) and b), acquiring corresponding data from the first network as data to be migrated according to the data migration request service, storing the data to be migrated into a cache queue according to a certain format, and then repeatedly executing the step b). Wherein, according to a certain format, for example, text information is written as txt, photos are written as jpg, etc
The data migration service process comprises the following steps:
d) judging whether an event for switching the control domain of the KVM switcher to the local is monitored, if so, executing the step e), and if not, executing the step d);
e) when an event that the control domain of the KVM switcher is switched to the local computer is monitored, waiting for the storage equipment to be mounted;
f) after the storage device is mounted, migrating the data of the cache queue, and migrating the data to a specific position path;
g) waiting for the KVM switch to switch the control domain, and returning to step d) to continue monitoring the subsequent events after the control domain is switched away from the local computer.
Further, the above step S22: and controlling the KVM switcher to switch to the second computer, and enabling the data to be migrated in the storage device to the second computer. Includes the following steps S221 to S222:
s221, the second computer monitors a KVM control domain switching event in real time, and waits for the storage device on the KVM switch to be mounted when the KVM control domain is switched to the local computer;
s222, when the mounting of the storage device is completed, reading the data to be migrated on the storage device, and storing the data to be migrated to the local.
As shown in fig. 3, the process of reading the data in the storage device by the second computer includes:
h) starting related services to monitor the event that the control domain of the KVM switch is switched to the local computer, and judging whether the event that the control domain of the KVM switch is switched to the local computer is monitored, if so, executing the step i), and if not, executing the step h);
i) waiting for the mounting of the storage equipment to be completed;
j) after the mounting of the storage equipment is finished, detecting information of the change of the storage content of the storage equipment, automatically going to an appointed position to obtain data to be migrated, copying the read data to the local, and then executing the step h);
k) and after the acquired data is processed to a certain extent, calling a data interface, and asynchronously sending the read data. The data processing mainly comprises reading the data, formatting the data according to the specification defined by the data interface, and sending the data to a specified interface.
It should be noted that the second computer sends the data to be migrated in the first network to the data interface of the second network, and performs automatic distribution, such as sending the data to a designated person or group through the wechat of the wide area network. The data interface can select a corresponding data interface according to an application scenario, such as a WeChat or other third-party data publishing interface.
As shown in fig. 5, this embodiment discloses a data exchange system between physically isolated networks, which includes a first computer and a second computer respectively connected to the physically isolated networks, and a data exchange device connected to the first computer and the second computer, where the data exchange device includes: KVM switch and storage device, storage device and KVM switch are connected, wherein:
the storage device is used for storing data information to be exchanged;
the KVM switch is used for switching between the first computer and the second computer, so that the storage device on the KVM switch is mounted and switched between the first computer and the second computer, and the exchange of data information in the storage device is realized.
As shown in fig. 5-6, the data exchange device further includes a control board and a driving device, an output end of the control board is connected to the driving device, and a driving end of the driving device is connected to the mouse;
the driving device is used for receiving the movement track information output by the control panel and driving the mouse to move according to the movement track information.
Specifically, the control panel can be arduino, raspberry group etc. and drive arrangement in this embodiment can include motor 1, motor 2 and two actuating levers, and the output of development board is connected with two motors respectively, and motor 1's pivot is connected with an actuating lever one end, and motor 2's pivot is connected with another actuating lever one end, the other end of two actuating levers with mouse warp rope connects. Wherein, the development board control motor rotates, and the motor control actuating lever lets the rope drive mouse removal. The problem that the mouse moving range is too short due to the fact that the mouse is directly driven by a pulley on a motor is solved, the mouse cannot be moved from a screen A to a screen B, and therefore KVM switching cannot be completed. In the embodiment, one section of the driving rod is fixed on the motor, and one end of the driving rod is tied with a rope, so that the rope drives the mouse to move, the moving range of the mouse can be expanded, and the KVM switching is realized.
The present solution is described in detail below with a specific embodiment:
in the embodiment, aiming at the connection between a hardware platform and a network, the trajectory control of the mouse is controlled by taking an Arduino control panel as a basic control panel; a computer with common Windows 7 is used as a first computer and a second computer in different networks. Moreover, the USB flash disk on the KVM switcher is in a read-write mode in the computer and in a readable mode in the second computer, and the specific configuration and the runtime environment thereof are introduced in the following; the first network is an intranet environment and cannot be directly connected with an extranet; the second network is an extranet environment and may connect to internet services such as WeChat. Specific examples of the various parts are described below:
(1) control panel
In the control panel, with Arduino control panel as the basic board, control step motor to control the removal of mouse. The Ardunio control panel programming language mainly uses C language to control 2 motors to rotate simultaneously, and the movement control of the mouse is completed. The working flow of the control board is according to the principle shown in fig. 4, wherein the initialization position of the mouse is that 2 motors are all in a 0 ° state, so that the mouse is at the uppermost position; when the mouse is controlled to move to the computer 1, the 2 motors are all in a 0-degree state, and the mouse is positioned at the uppermost position; idle time t1We take 10 seconds; when the mouse is controlled to move to the computer 2, the 2 motors are all in a state of 180, and the state is in the lowest position; idle time t2We take 10 seconds. For the above process, the execution is performed in a loop state, the execution can be automatically performed as long as the control board is powered on, no additional instruction is needed, the execution is stopped, and the power supply of the control board is used for supplying power to the USB interface.
(2) First computer
First computer is in factIn the embodiment, the computer of the intranet has an operating system windows 7sp1, and is mainly used for receiving data of other services, such as an alarm service, of the intranet and storing the data at an idle time t1And transferring to the U packing list in intervals. The specific flow is shown in fig. 2, and the method mainly realizes that the flow is uniformly managed by adopting a mode of combining the golang language and the python language and adopting nginx as a preposed service.
The program written in the golang language correspondingly receives the service for the migration data, monitors the 8080 port in the http service mode after the program is started, automatically accesses the self service after the program is started, and tests the effectiveness of the service. When the migration data receiving service receives the data, the data is automatically issued to a message queue service, here we use nsq service (open source software) written by golang, so as to complete the unloading of the buffer queue. For safety, the nginx + self-signed certificate mode is adopted, a 443 port of the HTTPS is enabled, data is received, the data is forwarded to an 8080 port in the local machine, and anonymity and safety of the data on an intranet are guaranteed. Therefore, from the perspective of other services within the intranet, such as an alarm service, it accesses 443 ports instead of 8080 ports directly.
The program written by Python language is corresponding to data migration service, and after the program is started, the program automatically monitors the event of change of the USB flash disk to an operating system, so that the corresponding event notification can be obtained when the USB flash disk is plugged and unplugged, and meanwhile, the program also automatically monitors nsq specific topics of the service, so that the transferred data to be migrated is obtained. When the KVM control domain is switched, the USB flash disk attached to the KVM control domain is automatically plugged into the first computer or the second computer or automatically unplugged from the first computer or the second computer. Therefore, the determination of the KVM control domain switch can be obtained by monitoring the USB flash disk event. When the data migration service obtains the data to be migrated from the nsq service, the data is automatically copied to a specific physical disk, and the data is migrated after waiting for the insertion of a U disk in a queue inside the program. And when the data migration service finds that the USB flash disk is inserted, automatically copying the data to be migrated to the USB flash disk from the queue and the physical disk position.
3) Second computer
The second computer is a computer which can access the public network in the embodiment, and the operating system of the second computer is windows 7sp1, and the second computer is mainly used for sending the migrated data to the service of the public network, namely sending the migrated data to a specific group through WeChat to complete the final migration of the data. The specific flow is shown in fig. 4, which mainly adopts python language as programming language.
After the program on the second computer is started, the WeChat is logged in first, and the two-dimensional code is displayed on an interface for a user to scan under the condition that the WeChat needs to scan the two-dimensional code. And after the WeChat login is successful, automatically monitoring the changed event of the USB flash disk to the operating system, so that the corresponding event notification can be obtained when the USB flash disk is plugged in and pulled out. And when the program finds that the USB flash disk is inserted, automatically sending data from the USB flash disk, and sending the data to the appointed group through the logged-in WeChat to finish the final data migration.
In the data exchange method between the physical isolation networks disclosed in this embodiment, data exchange is realized in a physical manner, so that the isolation of the network is maintained, and migration of a data area is in a controllable range, that is, a data interface is set by itself, and only certain services are connected, so that migration of other data cannot be completed, and malicious programs and other malicious traffic are avoided. Meanwhile, the storage device is configured differently on different computers, for example, the second computer is in a read-only state and cannot write data, so that network flow and files on an external network are prevented from flowing into the first network of the internal network, and the security is good. Meanwhile, the hardware part of the scheme only needs to be provided with the KVM switcher, the storage device, the control panel, the driving device and the two computers, and the cost is greatly reduced compared with that of the traditional network gate.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (7)
1. A method for exchanging data between physical isolation networks is characterized in that the method is used for exchanging data between a first network and a second network which are isolated from each other, the first network is an intranet environment, the second network is an extranet environment, the first network is connected with a first computer, the second network is connected with a second computer, the first computer and the second computer are both connected with a KVM switch, the KVM switch is connected with a storage device, the storage device is in a read-write mode in the first computer and in a readable mode in the second computer, the method is further provided with a control board and a driving device, the output end of the control board is connected with the driving device, and the driving end of the driving device is connected with a mouse of the KVM switch, and the method comprises the following steps:
the first computer acquires a data migration request, and acquires corresponding data in a first network as data to be migrated according to the data migration request, specifically: the switching of the control domain of the KVM switcher is obtained by monitoring storage equipment events, when the data migration service obtains data to be migrated from nsq service, the data to be migrated is automatically copied to a physical disk, and the data to be migrated is migrated after the storage equipment is inserted in a queue inside a program; when the data migration service finds that the storage equipment is inserted, automatically copying data to be migrated to the storage equipment from the queue and the physical disk position;
the second computer is configured to send the data migrated from the storage device to a public network service, and complete final migration of the data, and specifically includes: monitoring storage equipment events, automatically acquiring data from the storage equipment after the storage equipment is inserted, and sending the data to an appointed group through a logged WeChat to finish final data migration;
the driving device is used for receiving the movement track information output by the control panel and driving the mouse to move according to the movement track information so as to control the mouse to move according to the set movement track and enable the display to be switched to a state for controlling the first computer; when the display is switched to control the first computer state time t1Then, controlling the mouse to move to switch the display to a state for controlling a second computer; when the display is switched to control the first computer state time t2Then, the mouse is controlled to move according to the set moving track, so that the display is switched to a state for controlling the first computer, and the display is switched to a state for controlling the first computerThe storage equipment on the KVM switcher carries out mounting switching between the first computer and the second computer, and data information in the storage equipment is exchanged.
2. The method of claim 1, wherein controlling the KVM switch to switch between the first computer and the second computer such that the storage device on the KVM switch is mounted between the first computer and the second computer, the data exchange between the storage device is achieved, the method comprising:
controlling the KVM switcher to switch to the first computer and migrate the data to be migrated to the storage device;
and controlling the KVM switcher to switch to the second computer, and migrating the data to be migrated in the storage device to the second computer.
3. The method of physically isolating inter-network data exchange of claim 2, wherein the controlling the KVM switch to the first computer and migrate the data to be migrated to the storage device comprises:
the first computer stores data to be migrated into a cache queue and continuously monitors the data migration request;
the first computer monitors a KVM control domain switching event in real time and waits for the storage equipment on the KVM switcher to be mounted when the KVM control domain is switched to the local computer;
and when the mounting of the storage equipment is finished, migrating the data to be migrated in the cache queue to the storage equipment.
4. The method of claim 2, wherein said controlling said KVM switch to said second computer to migrate said data to be migrated in said storage device to said second computer comprises:
the second computer monitors a KVM control domain switching event in real time and waits for the storage equipment on the KVM switcher to be mounted when the KVM control domain is switched to the local computer;
and when the mounting of the storage equipment is finished, reading the data to be migrated on the storage equipment and storing the data to be migrated to the local.
5. The method for exchanging data between physically isolated networks according to claim 4, wherein after the data to be migrated on the storage device is read and stored locally when the storage device is mounted, the method further comprises:
and the second computer calls a data sending interface to carry out instant push on the data to be migrated.
6. A data exchange system between physical isolation networks comprises a first computer and a second computer which are respectively connected with the physical networks which are isolated from each other, and a data exchange device which is connected with the first computer and the second computer, and is characterized in that the first network is an intranet environment, the second network is an extranet environment, and the data exchange device comprises: a KVM switch and a storage device, the storage device being connected to the KVM switch, the storage device being in a read/write mode in a first computer and being in a readable mode in a second computer, wherein:
the storage device is used for storing data information to be exchanged;
the KVM switcher comprises a mouse, a display and a keyboard, and is characterized in that the data exchange device also comprises a control panel and a driving device, wherein the output end of the control panel is connected with the driving device, and the driving end of the driving device is connected with the mouse;
the driving device is used for receiving the movement track information output by the control panel and driving the mouse to move according to the movement track information so as to switch the display to control the state of the first computer; when the display is switched to control the first computer state time t1Then, controlling the mouse to move to switch the display to a state for controlling a second computer; when the display is switched to control the first computer state time t2Then, the mouse is controlled to move according to the set moving track repeatedly, so that the display is switched to control the first computerThe state is that the storage equipment on the KVM switcher is subjected to mounting switching between the first computer and the second computer, and data information in the storage equipment is exchanged;
the first computer acquires a data migration request, and acquires corresponding data in a first network as data to be migrated according to the data migration request, specifically: the switching of the control domain of the KVM switcher is obtained by monitoring storage equipment events, when the data migration service obtains data to be migrated from nsq service, the data to be migrated is automatically copied to a physical disk, and the data to be migrated is migrated after the storage equipment is inserted in a queue inside a program; when the data migration service finds that the storage equipment is inserted, automatically copying data to be migrated to the storage equipment from the queue and the physical disk position;
the second computer is configured to send the data migrated from the storage device to a public network service, and complete final migration of the data, and specifically includes: monitoring storage equipment events, automatically acquiring data from the storage equipment after the storage equipment is inserted, and sending the data to an appointed group through the logged WeChat to finish final data migration.
7. The system of claim 6, wherein the driving device comprises a motor and a driving rod, a rotating shaft of the motor is connected with one end of the driving rod, and the other end of the driving rod is connected with the mouse through a cord.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910446755.7A CN110062010B (en) | 2019-05-27 | 2019-05-27 | Data exchange method and system between physical isolation networks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910446755.7A CN110062010B (en) | 2019-05-27 | 2019-05-27 | Data exchange method and system between physical isolation networks |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110062010A CN110062010A (en) | 2019-07-26 |
| CN110062010B true CN110062010B (en) | 2021-11-12 |
Family
ID=67324715
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910446755.7A Active CN110062010B (en) | 2019-05-27 | 2019-05-27 | Data exchange method and system between physical isolation networks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110062010B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111277563A (en) * | 2020-01-07 | 2020-06-12 | 中孚信息股份有限公司 | KVM switcher and method based on physical isolation |
| CN112291229A (en) * | 2020-10-26 | 2021-01-29 | 浪潮云信息技术股份公司 | Method for realizing government affair system service data exchange under isolated network environment |
| CN112333286A (en) * | 2020-11-24 | 2021-02-05 | 北京紫云智能科技有限公司 | Pre-hospital information and emergency department information data safety sharing system |
| CN113238674A (en) * | 2021-07-13 | 2021-08-10 | 云宏信息科技股份有限公司 | KVM switcher, data transmission method of computer, storage medium and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1652513A (en) * | 2005-02-07 | 2005-08-10 | 张继强 | Double network isolation computer apparatus |
| CN101025772A (en) * | 2006-02-24 | 2007-08-29 | 韩燕� | Time-division isolation data exchange method and device |
| CN105809047A (en) * | 2016-04-05 | 2016-07-27 | 武汉烽火众智数字技术有限责任公司 | Data security exchange system and method between different networks |
| CN206212037U (en) * | 2016-08-30 | 2017-05-31 | 德为显示科技股份有限公司 | Medical treatment display all-in-one |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011058552A2 (en) * | 2009-11-10 | 2011-05-19 | High Sec Labs Ltd. | Secure kvm system having multiple emulated edid functions |
| CN103957172B (en) * | 2014-04-30 | 2017-07-04 | 无锡中科软信息技术有限公司 | A kind of inside and outside network physical isolation network data automatic switch-board |
| CN105577695B (en) * | 2016-02-24 | 2018-07-13 | 上海卓繁信息技术股份有限公司 | Automatically control the control method of DEU data exchange unit and its control system |
-
2019
- 2019-05-27 CN CN201910446755.7A patent/CN110062010B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1652513A (en) * | 2005-02-07 | 2005-08-10 | 张继强 | Double network isolation computer apparatus |
| CN101025772A (en) * | 2006-02-24 | 2007-08-29 | 韩燕� | Time-division isolation data exchange method and device |
| CN105809047A (en) * | 2016-04-05 | 2016-07-27 | 武汉烽火众智数字技术有限责任公司 | Data security exchange system and method between different networks |
| CN206212037U (en) * | 2016-08-30 | 2017-05-31 | 德为显示科技股份有限公司 | Medical treatment display all-in-one |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110062010A (en) | 2019-07-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110062010B (en) | Data exchange method and system between physical isolation networks | |
| JP5198584B2 (en) | Enhanced server virtual machine configuration for server-based clients | |
| US20100057865A1 (en) | Transferable Debug Session in a Team Environment | |
| US9270785B2 (en) | System and method for a distributed virtual desktop infrastructure | |
| US9250959B2 (en) | Recording medium virtual network control method and information processing apparatus for virtual network control | |
| CN105765923B (en) | The method of the connection of client to non-managed service is provided in client-server remote access system | |
| US20200120159A1 (en) | Computer system providing mirrored saas application sessions and related methods | |
| CN104901923B (en) | A kind of virtual machine access mechanism and method | |
| EP2766820B1 (en) | System and method for a distributed virtual desktop infrastructure | |
| US20100064004A1 (en) | Synchronizing documents by designating a local server | |
| US11070630B2 (en) | Computer system providing SAAS application session state migration features and related methods | |
| JP2006260551A5 (en) | ||
| CN110785985A (en) | Establishing secure communications over an internet of things (IOT) network | |
| JP6900918B2 (en) | Learning device and learning method | |
| WO2019205669A1 (en) | Method, device, system and electronic device for controlling elevator | |
| US20080021978A1 (en) | Mechanism for universal media redirection control | |
| US7822857B2 (en) | Methods and systems for sharing remote access | |
| US20110289580A1 (en) | Network security system and remote machine isolation method | |
| CN106303429B (en) | Remote configuring method and device | |
| CN108255547B (en) | Application program control method and device | |
| CN114217900A (en) | Remote control method, device and system, computing equipment and storage medium | |
| WO2022067160A1 (en) | Remote network and cloud infrastructure management | |
| CN202257550U (en) | Re-orientating system for USB (Universal Series Bus) equipment | |
| KR102141850B1 (en) | System, Server, Terminal, and Method for Virtual Mobile Infrastructure | |
| JP2008217272A (en) | Remote operation system and method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |