CN110083662B - Double-living framework construction method based on platform system - Google Patents
Double-living framework construction method based on platform system Download PDFInfo
- Publication number
- CN110083662B CN110083662B CN201910401666.0A CN201910401666A CN110083662B CN 110083662 B CN110083662 B CN 110083662B CN 201910401666 A CN201910401666 A CN 201910401666A CN 110083662 B CN110083662 B CN 110083662B
- Authority
- CN
- China
- Prior art keywords
- authentication
- service
- data
- machine room
- standby
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000010276 construction Methods 0.000 title claims abstract description 22
- 230000009977 dual effect Effects 0.000 claims abstract description 20
- 230000000694 effects Effects 0.000 claims abstract description 17
- 230000002159 abnormal effect Effects 0.000 claims abstract description 9
- 230000005540 biological transmission Effects 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 claims abstract description 9
- 230000007246 mechanism Effects 0.000 claims abstract description 7
- 238000012423 maintenance Methods 0.000 claims abstract description 4
- 238000000034 method Methods 0.000 claims description 41
- 238000013475 authorization Methods 0.000 claims description 32
- 230000008569 process Effects 0.000 claims description 31
- 230000006870 function Effects 0.000 claims description 16
- 238000011084 recovery Methods 0.000 claims description 13
- 238000013461 design Methods 0.000 claims description 10
- 238000000926 separation method Methods 0.000 claims description 8
- 230000001360 synchronised effect Effects 0.000 claims description 6
- 238000004519 manufacturing process Methods 0.000 claims description 4
- 230000005856 abnormality Effects 0.000 claims description 2
- 238000012550 audit Methods 0.000 claims description 2
- 238000012217 deletion Methods 0.000 claims description 2
- 230000037430 deletion Effects 0.000 claims description 2
- 230000001419 dependent effect Effects 0.000 claims description 2
- 230000002688 persistence Effects 0.000 claims description 2
- 238000012545 processing Methods 0.000 claims description 2
- 230000009466 transformation Effects 0.000 claims description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
- G06F16/24552—Database cache management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
- G06F16/275—Synchronous replication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Computational Linguistics (AREA)
- Hardware Redundancy (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a double-activity architecture construction method based on a platform system, which comprises the following steps: functional decoupling: separating the read-write function of the core unified authentication and the user authentication module, transmitting the write-in data to the interface service module for data writing through an ActiveMQ remote communication proxy message transmission mechanism, wherein the write-in channel is closed or abnormal, the unified authentication and the normal service of the user authentication module are not influenced, and the login authentication and authentication of each information system are guaranteed; according to the characteristics of the service data of the unified authority platform, an optimal dual-activity architecture is considered, the cost is low, the efficiency is high, the reliability is good, a set of dual-activity system scheme is needed to be designed, the system resource utilization rate is improved, the automatic switching of the service of the data center, the zero interruption of the application, the zero loss of the data and the maintenance are realized, the uninterrupted operation is realized, the service requirement of providing service for the outside in 7 x 24 hours is met, and the normal operation of each information system is supported.
Description
Technical Field
The invention relates to the technical field of information systems, in particular to a double-activity architecture construction method based on a platform system.
Background
The information systems built by the current power system are more and more, each information system needs basic platform support for operation, and a unified authority platform, a unified directory, a large data platform, a mass platform and the like are used as important supports for operation of the core information system of the power system. The unified authority platform is used as an entry for logging in each information system, and provides identity authentication service and user authority management service for the information systems in a centralized manner. The stability and reliability of the operation of the unified authority platform become the foundation stones for the normal operation of each information system. In order to improve the stable operation of the platform, the stability, disaster tolerance and bearing capacity of the platform need to be fully considered.
Improving the availability of the system and the evolution route of the effective disaster recovery technology: the system comprises a single machine- > cluster- > main and standby architecture- > remote disaster recovery- > double-activity system, wherein a set of redundant system is built by a traditional main and standby and disaster recovery architecture and can be used as an emergency standby system, effective system emergency and disaster recovery can be provided, but a certain time is needed for system switching, a great deal of waste exists on resources, enterprises pay more attention to the application of the double-activity system more and more recently, the double-activity system can effectively improve the resource utilization rate and the operation pressure of an allocation server, currently, the market supports double-activity software and hardware products, the architecture design and the application are based on a double-data center, the network delay and the effective distance are required by the double-data center, the network delay is generally less than 1ms, the distance is less than 40km, the double-data center only considers the double-activity application of a data layer, the double-activity application of an application layer is not fully considered, and the session sharing inside the application layer cluster and the effective session transfer between clusters have great influence on the application of the double-activity system. The double clusters of the application layer without session sharing can cause the problems of session loss, incapability of saving form data, reauthentication and the like during switching.
Disclosure of Invention
The invention aims to provide a double-living framework construction method based on a platform system, which has the advantages of low cost, high efficiency and good reliability.
In order to achieve the above purpose, the present invention provides the following technical solutions: a dual-activity architecture construction method based on a platform system comprises the following steps:
s1: functional decoupling: separating the read-write function of the core unified authentication and the user authentication module, transmitting the write-in data to the interface service module for data writing through an ActiveMQ remote communication proxy message transmission mechanism, wherein the write-in channel is closed or abnormal, the unified authentication and the normal service of the user authentication module are not influenced, and the login authentication and authentication of each information system are guaranteed;
s2: data synchronization: the data synchronization of the double data centers and the disaster recovery system can adopt the self synchronization function of the Oracle ADG database, the data synchronization of the basic Oracle archive log and the online log is simple to maintain and high in stability, the 1-main-1-standby or 1-main-multi-standby mode is adopted to operate, the on-line switching of the main and standby can be completed in minute-level time, the requirements on network bandwidth and delay are not high, the same city double activity can be made, the different disaster recovery can also be made, and the method is suitable for the application environments of the main and standby and the disaster recovery;
s3: session sharing: the Session is used for representing a continuous connection state, in the process from starting to finishing of a process of a client browser in a B/S architecture, authentication information is usually put into Session control by first login, session sharing problem must be considered in a cluster environment, session sharing among clusters in a dual-activity system is an important design link, session sharing among clusters must be considered in a dual-activity environment, session sharing is realized by using Redis in a unified authority platform dual-activity architecture, and caches are mainly divided into two types, namely local cache use and remote cache synchronization and use.
Further, in step S1, the ActiveMQ remote communication agent allows multiple information systems to share storage, when the writing channel is closed or abnormal, no manual intervention is required to maintain the integrity of the application, an exclusive lock is obtained, so as to ensure that no other ActiveMQ agents can access the database at the same time, no transmission is started or connection is not accepted, and login authentication and authentication are realized in a limited function.
Further, in step S2, a 1 main and 3 standby mode is adopted for deployment, the writing data of the main library is synchronized to two sets of authentication libraries and one set of authorization service standby library at the same time, wherein two sets of core function modules are connected with the two sets of authentication libraries to provide 7 x 24 hours service for the outside without interruption, the main library bears the authorization service writing operation, when the authorization service main library is down, one set of authorization service standby library is lifted to the main library, and the authorization service writing operation is taken over.
Further, for the step S3, the step of using the local cache:
s31: in the authentication process, the authentication bill data generated in the center is written into a local cache cluster;
s32: the method comprises the steps of (1) reading cache data, wherein a local cache cluster mode of priority reading is adopted, and when the local cache data fails to be read, the remote cache cluster data is read;
the step of synchronization and use of the off-site cache:
s33: in the host room authentication process, authentication bill data generated in a host room authentication center is written into a remote standby machine room cache cluster node in an asynchronous queue mode;
s34: in the cluster authentication process of the remote standby machine room, bill information generated by authentication is written into a cache node of the main machine room in an asynchronous queue mode.
Compared with the prior art, the invention has the beneficial effects that:
according to the dual-activity architecture construction method based on the platform system, the optimal dual-activity architecture is considered according to the characteristics of service data of the unified authority platform, the cost is low, the efficiency is high, the reliability is good, a set of dual-activity system scheme is needed to be designed, the utilization rate of system resources is improved, the automatic switching of data center service, zero interruption of application, zero loss of data and maintenance and non-stop operation are realized, the service requirement of providing service for the outside for 7 x 24 hours without interruption is met, and the normal operation of each information system is supported.
Drawings
FIG. 1 is a diagram of a dual active deployment architecture of the present invention;
FIG. 2 is a flow chart of the cache data synchronization of the present invention;
FIG. 3 is a database failover flowchart of the present invention;
FIG. 4 is a flow chart of an authentication database failover in accordance with the present invention;
FIG. 5 is a single-room overall failover flowchart of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be made clear below in conjunction with the drawings in the embodiments of the present invention; it is apparent that the described embodiments are only a part of embodiments of the present invention, but not all embodiments, and all other embodiments obtained by persons skilled in the art without making creative efforts based on the embodiments in the present invention are within the protection scope of the present invention.
Embodiment one:
a dual-activity architecture construction method based on a platform system comprises the following steps:
step one: functional decoupling: the method includes the steps that the read-write functions of a core unified authentication module and a user authentication module are separated, write-in data are transmitted to an interface service module through an ActiveMQ remote communication proxy message transmission mechanism to write-in data, the unified authentication and normal service of the user authentication module is not affected when a write-in channel is closed or abnormal, login authentication and authentication of each information system are guaranteed to a limited extent, the ActiveMQ remote communication proxy allows a plurality of information systems to share and store, when the write-in channel is closed or abnormal, the integrity of an application is maintained without manual intervention, an exclusive lock is obtained, so that no other ActiveMQ proxy can access a database at the same time, transmission is not opened or connection is not accepted, and login authentication and authentication are achieved in a limited function;
step two: data synchronization: the data synchronization of the double data centers and the disaster recovery system can adopt the self-synchronization function of an Oracle ADG database, the data synchronization of a basic Oracle archive log and an online log is simple to maintain and high in stability, a 1 main and 1 standby or 1 main and 1 multi-standby mode is adopted to operate, the on-line switching of the main and the standby can be completed within minute-level time, the requirements on network bandwidth and delay are not high, the same city double activity can be carried out, the different disaster recovery can also be carried out, the method is suitable for the application environment of the main and the standby, the deployment is adopted in a 1 main and 3 standby mode, the writing data of the main library is synchronously synchronized to two sets of authentication libraries and one set of authorization service standby library, wherein the two sets of core function modules are used for connecting the two sets of authentication and authentication service to provide 7 x 24 hours service uninterruptedly, and the main library bears the authorization service writing operation, and is authorized when authorized;
step three: session sharing: the Session is used for representing a continuous connection state, in the process from starting to finishing of a process of a client browser in a B/S architecture, authentication information is usually put into Session control by first login, session sharing problem must be considered in a cluster environment, session sharing among clusters in a dual-activity system is an important design link, session sharing among clusters must also be considered in a dual-activity environment, a Redis is selected for realizing Session sharing by a unified authority platform dual-activity architecture, a Key/Value storage mode is supported, and expiration time can be set according to a Key; the data is directly stored in the memory, and the complexity of the HashMap query operation is similar to O (1); the distributed deployment mode is supported, the Redis has the characteristics of simple operation, quick inquiry, persistence and the like, the session cache is one of typical application scenarios of the Redis, the cache is mainly divided into two types, one is used by a local cache, and the other is used by the remote cache for synchronization and use.
Referring to fig. 2, the steps of using local cache are as follows:
the first section: in the authentication process, the authentication bill data generated in the center is written into a local cache cluster;
the second section: the method comprises the steps of (1) reading cache data, wherein a local cache cluster mode of priority reading is adopted, and when the local cache data fails to be read, the remote cache cluster data is read;
the step of synchronization and use of the off-site cache:
third section: in the host room authentication process, authentication bill data generated in a host room authentication center is written into a remote standby machine room cache cluster node in an asynchronous queue mode;
fourth section: in the cluster authentication process of the remote standby machine room, bill information generated by authentication is written into a cache node of the main machine room in an asynchronous queue mode.
A single sign-on is configured, whether the host computer room is logged in is judged, if the host computer room is logged in, the user is skipped directly, if the host computer room is logged in, whether the address is provided with Session is judged, if the address is not logged in, the value is taken out, whether the value is present is seen, if the value is not present, the skip is ignored, if the value is not present, the user name is taken out, the user information is taken out, and then the user information is set in the Session to complete synchronization.
Embodiment two:
referring to fig. 1, the unified rights platform mainly relates to adjustment on physical architecture in dual-living construction, and mainly comprises the following steps:
building an application environment double-machine room environment:
in the double-activity construction, a set of complete unified authority application deployment environment is respectively built in an A machine room and a B machine room, and request links are switched on an upper application layer through global load balancing.
Read-write separation of database:
and independently building a read-write database for the authorization service in deployment, completing read-write operation of data, maintaining the authority data of the unified authority platform, synchronizing the data to an authentication library through an ADG (automatic dependent gain) synchronization mechanism of Oracle data, ensuring the consistency of the data, and providing database read service for the authentication service, the authentication service and the data synchronization service of the unified authority by the authentication library.
Application read-write separation:
and the read-write separation transformation and deployment of the unified authentication service, the unified authentication service and the data synchronization service are realized, and the interface which needs to perform the addition and deletion operation on the data in the application is stripped through the restful interface and the configuration of the multiple data sources, so that the read-write separation operation on the current application service is realized.
The overall deployment architecture of the double-living construction system can show that the corresponding adjustment is carried out on load balancing, authentication authorization authentication service and audit service in the double-living construction process, and meanwhile, in order to adapt to the double-living construction in different places, a corresponding cache data synchronization scheme is provided in the construction process.
Under the daily condition, the authorized service cluster node of the dual-active standby node does not bear service processing, only query service can be distributed to the standby cluster node, and when the authorized service cluster abnormality occurs in the master node or database downtime occurs, the standby node can rapidly take over authorized read-write service, and the uninterrupted operation is achieved for 7 x 24 hours.
Referring to fig. 3, in the database failover design, when the main production database (authorization database) of the machine room a fails wholly, the authorization standby database of the machine room B is manually switched to the main database by the ADG main-standby switching, so as to provide the read-write service of the authorization service application (authorization) of the machine room B, the whole switching process is in a minute scale, the influence on the authorization production service is small, and meanwhile, the service data of the authorization database of the machine room B is automatically synchronized to the authentication databases operated by the machine rooms a and B. The whole switching process has no influence on authentication and authentication services, and the continuity of key services is ensured.
Referring to fig. 4, in the authentication database failover design, when the authentication database of the machine room a or the machine room B fails, the authentication service access will be automatically switched to another machine room, and in the whole switching process, the authentication service is automatically switched, and the authorization service is not affected.
Referring to fig. 5, in the single-machine-room overall failover design, when the machine room of the a machine room fails, the machine room of the B machine room takes over service access. The whole switching process is minute switching, and the fault of authentication and authentication service is automatically switched.
When the whole machine room of the machine room B fails, the whole machine room of the machine room A takes over service access, the read service and the read-write service fail-over are transparent to users, and the service access is hardly affected by any influence
In summary, the dual-active architecture construction method based on the platform system considers the optimal dual-active architecture according to the characteristics of the service data of the platform with unified authority, has low cost, high efficiency and good reliability, needs to design a set of dual-active system scheme, improves the utilization rate of system resources, realizes automatic switching of the service of the data center, zero interruption of application, zero loss of data and continuous maintenance, meets the service requirement of providing service for the outside for 7 x 24 hours without interruption, and supports the normal operation of each information system.
The foregoing is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art, who is within the scope of the present invention, should be covered by the protection scope of the present invention by making equivalents and modifications to the technical solution and the inventive concept thereof.
Claims (1)
1. The double-activity framework construction method based on the platform system is characterized by comprising the following steps of:
s1: functional decoupling: separating the read-write function of the core unified authentication and the user authentication module, transmitting the write-in data to the interface service module for data writing through an ActiveMQ remote communication proxy message transmission mechanism, wherein the write-in channel is closed or abnormal, the unified authentication and the normal service of the user authentication module are not influenced, and the login authentication and authentication of each information system are guaranteed;
s2: data synchronization: the data synchronization of the double data centers and the disaster recovery system can adopt the self synchronization function of the Oracle ADG database, the data synchronization of the basic Oracle archive log and the online log is simple to maintain and high in stability, the 1-main-1-standby or 1-main-multi-standby mode is adopted to operate, the on-line switching of the main and standby can be completed in minute-level time, the requirements on network bandwidth and delay are not high, the same city double activity can be made, the different disaster recovery can also be made, and the method is suitable for the application environments of the main and standby and the disaster recovery;
s3: session sharing: the Session is used for representing a continuous connection state, in the B/S architecture, the process from starting to finishing of a client browser generally puts authentication information into Session control for the first login, session sharing problem must be considered in a cluster environment, session sharing among clusters in a dual-activity system is an important design link, session sharing among clusters must also be considered in a dual-activity environment, a Redis is selected for realizing Session sharing by a unified authority platform dual-activity architecture, and the caches are mainly divided into two types, namely local cache use and remote cache synchronization and use;
aiming at the step S1, an ActiveMQ remote communication agent allows a plurality of information systems to share and store, when a writing channel is closed or abnormal, the integrity of an application is maintained without manual intervention, an exclusive lock is obtained, so that no other ActiveMQ agents can access a database at the same time, transmission is not opened, connection is not accepted, and login authentication and authentication are realized in a limited function;
aiming at the deployment of a 1 main and 3 standby mode in the step S2, writing data into a main library is synchronized to two sets of authentication libraries and one set of authorization service standby library at the same time, wherein two sets of core function modules are connected with the two sets of authentication libraries to provide 7 x 24 hours service for the outside without interruption, the main library bears the authorization service writing operation, and when the authorization service main library is down, one set of authorization service standby library is lifted to the main library to take over the authorization service writing operation;
for the step S3, the local cache is used:
s31: in the authentication process, the authentication bill data generated in the center is written into a local cache cluster;
s32: the method comprises the steps of (1) reading cache data, wherein a local cache cluster mode of priority reading is adopted, and when the local cache data fails to be read, the remote cache cluster data is read;
the step of synchronization and use of the off-site cache:
s33: in the host room authentication process, authentication bill data generated in a host room authentication center is written into a remote standby machine room cache cluster node in an asynchronous queue mode;
s34: in the cluster authentication process of the remote standby machine room, bill information generated by authentication is written into a cache node of the main machine room in an asynchronous queue mode;
step one: functional decoupling: the method includes the steps that the read-write functions of a core unified authentication module and a user authentication module are separated, write-in data are transmitted to an interface service module through an ActiveMQ remote communication proxy message transmission mechanism to write-in data, the unified authentication and normal service of the user authentication module is not affected when a write-in channel is closed or abnormal, login authentication and authentication of each information system are guaranteed to a limited extent, the ActiveMQ remote communication proxy allows a plurality of information systems to share and store, when the write-in channel is closed or abnormal, the integrity of an application is maintained without manual intervention, an exclusive lock is obtained, so that no other ActiveMQ proxy can access a database at the same time, transmission is not opened or connection is not accepted, and login authentication and authentication are achieved in a limited function;
step two: data synchronization: the data synchronization of the double data centers and the disaster recovery system can adopt the self-synchronization function of an Oracle ADG database, the data synchronization of a basic Oracle archive log and an online log is simple to maintain and high in stability, a 1 main and 1 standby or 1 main and 1 multi-standby mode is adopted to operate, the on-line switching of the main and the standby can be completed within minute-level time, the requirements on network bandwidth and delay are not high, the same city double activity can be carried out, the different disaster recovery can also be carried out, the method is suitable for the application environment of the main and the standby, the deployment is adopted in a 1 main and 3 standby mode, the writing data of the main library is synchronously synchronized to two sets of authentication libraries and one set of authorization service standby library, wherein the two sets of core function modules are used for connecting the two sets of authentication and authentication service to provide 7 x 24 hours service uninterruptedly, and the main library bears the authorization service writing operation, and is authorized when authorized;
step three: session sharing: the Session is used for representing a continuous connection state, in the process from starting to finishing of a process of a client browser in a B/S architecture, authentication information is usually put into Session control by first login, session sharing problem must be considered in a cluster environment, session sharing among clusters in a dual-activity system is an important design link, session sharing among clusters must also be considered in a dual-activity environment, a Redis is selected for realizing Session sharing by a unified authority platform dual-activity architecture, a Key/Value storage mode is supported, and expiration time can be set according to a Key; the data are directly stored in the memory, and the complexity of the HashMap query operation is similar to O1; the distributed deployment mode is supported, the Redis has the characteristics of simple operation, quick inquiry, persistence and the like, the session cache is one of typical application scenarios of the Redis, the cache is mainly divided into two types, one is used by a local cache, and the other is used by synchronization and use of a remote cache;
and (3) a step of using a local cache:
the first section: in the authentication process, the authentication bill data generated in the center is written into a local cache cluster;
the second section: the method comprises the steps of (1) reading cache data, wherein a local cache cluster mode of priority reading is adopted, and when the local cache data fails to be read, the remote cache cluster data is read;
the step of synchronization and use of the off-site cache:
third section: in the host room authentication process, authentication bill data generated in a host room authentication center is written into a remote standby machine room cache cluster node in an asynchronous queue mode;
fourth section: in the cluster authentication process of the remote standby machine room, bill information generated by authentication is written into a cache node of the main machine room in an asynchronous queue mode;
configuring a single sign-on, firstly judging whether the host computer room is logged in, if yes, directly skipping, if no, judging whether the address is provided with a Session, if yes, taking out, if yes, whether the value is found, if no, skipping is ignored, if yes, taking out the user name, taking out the user information, and then setting the user information into the Session to finish synchronization;
the unified authority platform mainly relates to adjustment on physical architecture in double-activity construction, and mainly comprises the following steps:
building an application environment double-machine room environment:
in the double-activity construction, a set of complete unified authority application deployment environment is respectively built in an A machine room and a B machine room, and request links are switched on an upper application layer through global load balancing;
read-write separation of database:
independently building a read-write database for the authorization service in deployment, completing read-write operation of data, realizing maintenance of authority data of a unified authority platform, synchronizing the data to an authentication library through an ADG (automatic dependent gain) synchronization mechanism of Oracle data, ensuring consistency of the data, and providing database read service for the authentication service, the authentication service and the data synchronization service of the unified authority by the authentication library;
application read-write separation:
the read-write separation transformation and deployment of the unified authentication service, the unified authentication service and the data synchronization service are realized, and the interface which needs to carry out the addition and deletion operation on the data in the application is stripped through the restful interface and the configuration of multiple data sources, so that the read-write separation operation on the current application service is realized;
the overall deployment architecture of the double-living construction system can show that the corresponding adjustment is carried out on load balancing, authentication authorization authentication service and audit service in the double-living construction process, and simultaneously, in order to adapt to the double-living construction in different places, a corresponding cache data synchronization scheme is provided in the construction process;
under the daily condition, the authorized service cluster node of the dual-active standby node does not bear service processing, only query service can be distributed to the standby cluster node, and when the authorized service cluster abnormality occurs in the master node or database downtime occurs, the standby node can rapidly take over authorized read-write service, and the uninterrupted operation is achieved for 7 x 24 hours;
the database fault switching design is that when the whole authorization database of the main production database of the machine room A fails, the authorization standby database of the machine room B is manually switched into the main database through ADG main-standby switching, the read-write service of the authorization service application authorization of the machine room B is provided, the whole switching process is of a minute level, the influence on the authorization production service is small, and meanwhile, the service data of the authorization database of the machine room B is automatically synchronized to the authentication databases operated by the machine rooms A and B; the whole switching process has no influence on authentication and authentication services, and the continuity of key services is ensured;
the authentication database is designed in a fault switching way, when the authentication database of the machine room A or the machine room B fails, the authentication service access is automatically switched to the other machine room, and in the whole switching process, the authentication service is automatically switched, and the authorization service is not influenced;
when the whole machine room of the machine room A fails, the whole machine room of the machine room B takes over service access; the whole switching process is minute switching, and the fault of authentication and authentication service is automatically switched;
when the whole machine room of the machine room B fails, the whole machine room of the machine room A takes over service access, and the read service and read-write service fail-over is transparent to users, so that the service access is hardly affected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910401666.0A CN110083662B (en) | 2019-05-15 | 2019-05-15 | Double-living framework construction method based on platform system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910401666.0A CN110083662B (en) | 2019-05-15 | 2019-05-15 | Double-living framework construction method based on platform system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110083662A CN110083662A (en) | 2019-08-02 |
| CN110083662B true CN110083662B (en) | 2024-02-23 |
Family
ID=67420211
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910401666.0A Active CN110083662B (en) | 2019-05-15 | 2019-05-15 | Double-living framework construction method based on platform system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110083662B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110719282B (en) * | 2019-10-10 | 2021-10-29 | 国网山东省电力公司信息通信公司 | Authentication dual-active system based on unified authority |
| CN112003716A (en) * | 2019-12-12 | 2020-11-27 | 军事科学院系统工程研究院网络信息研究所 | Data center dual-activity implementation method |
| CN111178911A (en) * | 2019-12-26 | 2020-05-19 | 朗新科技集团股份有限公司 | Customer service work order processing method and system based on double-activity technology |
| CN111124696B (en) * | 2019-12-30 | 2023-06-23 | 北京三快在线科技有限公司 | Unit group creation, data synchronization method, device, unit and storage medium |
| CN111427608B (en) * | 2020-03-20 | 2023-04-28 | 重庆富民银行股份有限公司 | Gray scale release method for bank core system |
| CN111651747B (en) * | 2020-05-11 | 2024-05-24 | 腾讯科技(深圳)有限公司 | Login bill synchronization system and method and related equipment |
| CN111953808B (en) * | 2020-07-31 | 2023-08-15 | 上海燕汐软件信息科技有限公司 | Data transmission switching method of dual-machine dual-activity architecture and architecture construction system |
| CN112231705B (en) * | 2020-09-23 | 2023-07-28 | 四川中电启明星信息技术有限公司 | Information system reliability improving method based on secondary division |
| CN113766004A (en) * | 2021-07-27 | 2021-12-07 | 深圳市珍爱捷云信息技术有限公司 | Disaster recovery system, method and storage medium based on multi-cloud platform |
| CN114780293A (en) * | 2022-04-26 | 2022-07-22 | 北京科杰科技有限公司 | Remote double-activity disaster recovery method, device and equipment based on hadoop and readable storage medium |
| CN115396296B (en) * | 2022-08-18 | 2023-06-27 | 中电金信软件有限公司 | Service processing method, device, electronic equipment and computer readable storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243195A (en) * | 2013-06-19 | 2014-12-24 | 国家电网公司 | Remote disaster recovery processing method and device |
| CN105187546A (en) * | 2015-09-25 | 2015-12-23 | 南京伍安信息科技有限公司 | Network separation storage system and method of separating and storing files |
| CN106341454A (en) * | 2016-08-23 | 2017-01-18 | 世纪龙信息网络有限责任公司 | Across-room multiple-active distributed database management system and across-room multiple-active distributed database management method |
| CN108958984A (en) * | 2018-08-13 | 2018-12-07 | 深圳市证通电子股份有限公司 | Dual-active based on CEPH synchronizes online hot spare method |
| CN109241175A (en) * | 2018-06-28 | 2019-01-18 | 东软集团股份有限公司 | Method of data synchronization, device, storage medium and electronic equipment |
| CN109710619A (en) * | 2018-12-29 | 2019-05-03 | 中国银联股份有限公司 | A kind of data-base capacity-enlarging method, apparatus and readable medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130007368A1 (en) * | 2011-06-29 | 2013-01-03 | Lsi Corporation | Methods and systems for improved miorroring of data between storage controllers using bidirectional communications |
-
2019
- 2019-05-15 CN CN201910401666.0A patent/CN110083662B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243195A (en) * | 2013-06-19 | 2014-12-24 | 国家电网公司 | Remote disaster recovery processing method and device |
| CN105187546A (en) * | 2015-09-25 | 2015-12-23 | 南京伍安信息科技有限公司 | Network separation storage system and method of separating and storing files |
| CN106341454A (en) * | 2016-08-23 | 2017-01-18 | 世纪龙信息网络有限责任公司 | Across-room multiple-active distributed database management system and across-room multiple-active distributed database management method |
| CN109241175A (en) * | 2018-06-28 | 2019-01-18 | 东软集团股份有限公司 | Method of data synchronization, device, storage medium and electronic equipment |
| CN108958984A (en) * | 2018-08-13 | 2018-12-07 | 深圳市证通电子股份有限公司 | Dual-active based on CEPH synchronizes online hot spare method |
| CN109710619A (en) * | 2018-12-29 | 2019-05-03 | 中国银联股份有限公司 | A kind of data-base capacity-enlarging method, apparatus and readable medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110083662A (en) | 2019-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110083662B (en) | Double-living framework construction method based on platform system | |
| US11360854B2 (en) | Storage cluster configuration change method, storage cluster, and computer system | |
| EP2281240B1 (en) | Maintaining data integrity in data servers across data centers | |
| CN110224871A (en) | A kind of high availability method and device of Redis cluster | |
| CN111130835A (en) | Data center dual-active system, switching method, device, equipment and medium | |
| CN101079896B (en) | A method for constructing multi-availability mechanism coexistence framework of concurrent storage system | |
| CN109800272A (en) | Data cached synchronous method, server, application system and storage device | |
| CN107832138B (en) | Method for realizing flattened high-availability namenode model | |
| CN113515499B (en) | Database service method and system | |
| WO2012145963A1 (en) | Data management system and method | |
| CN102088490B (en) | Data storage method, device and system | |
| CN108958984B (en) | Double-active synchronous online hot standby method based on CEPH | |
| CN112003716A (en) | Data center dual-activity implementation method | |
| CN108964986B (en) | Application-level double-active disaster recovery system of cooperative office system | |
| EP2224341B1 (en) | Node system, server switching method, server device, and data transfer method | |
| CN107135097A (en) | The disaster tolerance system and disaster recovery method filed based on bookkeeping | |
| CN102137161B (en) | File-level data sharing and storing system based on fiber channel | |
| CN110348826A (en) | Strange land disaster recovery method, system, equipment and readable storage medium storing program for executing mostly living | |
| CN107357800A (en) | A kind of database High Availabitity zero loses solution method | |
| CN115878384A (en) | Distributed cluster based on backup disaster recovery system and construction method | |
| CN111541599A (en) | Cluster software system and method based on data bus | |
| CN109165122B (en) | Method for improving disaster recovery capability of application system same city multi-park deployment realized based on block chain technology | |
| CN113127499B (en) | Block chain-based micro-service method, equipment and medium | |
| CN113766004A (en) | Disaster recovery system, method and storage medium based on multi-cloud platform | |
| CN111563719A (en) | Mobile intelligent cloud office platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |