CN110213338A - A kind of clustering acceleration calculating method and system based on cryptographic calculation - Google Patents

A kind of clustering acceleration calculating method and system based on cryptographic calculation Download PDF

Info

Publication number
CN110213338A
CN110213338A CN201910386486.XA CN201910386486A CN110213338A CN 110213338 A CN110213338 A CN 110213338A CN 201910386486 A CN201910386486 A CN 201910386486A CN 110213338 A CN110213338 A CN 110213338A
Authority
CN
China
Prior art keywords
task
node
computing unit
cluster
calculating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910386486.XA
Other languages
Chinese (zh)
Inventor
孙波
李应博
张伟
夏光升
司成祥
郝振江
张建松
陈军
李胜男
毛蔚轩
盖伟麟
侯美佳
董建武
张泽亚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Rui Digital Security System Ltd By Share Ltd
National Computer Network and Information Security Management Center
Original Assignee
Tianjin Rui Digital Security System Ltd By Share Ltd
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Rui Digital Security System Ltd By Share Ltd, National Computer Network and Information Security Management Center filed Critical Tianjin Rui Digital Security System Ltd By Share Ltd
Priority to CN201910386486.XA priority Critical patent/CN110213338A/en
Publication of CN110213338A publication Critical patent/CN110213338A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Abstract

The invention belongs to field of computer technology, in particular to a kind of clustering based on cryptographic calculation accelerates to calculate method and system, the acceleration calculation method includes: to receive computations task, inquire cluster the Resources list, wherein, the cluster resource list includes cpu resource utilization rate, memory source utilization rate;According to the cluster resource list, optimal clustered node is selected, sends the computations task to the optimal clustered node;The optimal clustered node receives and uses the first computing unit and/or the second computing unit to execute the computations task, returns to task computation result.The present invention uses the computing cluster with load balancing, improves task computation speed and efficiency, and the encryption and decryption calculating of the mainstreams rivest, shamir, adelmans such as RSA2048, ECC, shared key is suitble to calculate.

Description

A kind of clustering acceleration calculating method and system based on cryptographic calculation
Technical field
The invention belongs to field of computer technology, in particular to a kind of clustering based on cryptographic calculation accelerates calculation method And system.
Background technique
Http protocol be used to transmit information between Web browser and Website server, and http protocol is with clear-text way Content is sent, the data encryption of any mode is not provided, if attacker has intercepted between Web browser and Website server Transmitting message, so that it may information therein is directly understood, it is therefore, very dangerous using http protocol transmission privacy information.
In order to guarantee these private data energy encrypted transmissions, then Netscape devises Secure Socket Layer SSL (Secure Sockets Layer) agreement, i.e. secure transport layer protocol TLS (Transport Layer Security), for being assisted to HTTP The data of view transmission are encrypted, thus the HTTPS that has just been born.In simple terms, HTTPS agreement is by TLS/SSL+HTTP agreement Building carries out encrypted transmission, the network protocol of authentication, than http protocol safety.
TLS/SSL agreement has the function of authentication, information encryption and completeness check, although making HTTPS opposite HTTP has very big advantage, also just because of TLS/SSL agreement has used asymmetric key exchange technology in information ciphering process, So that HTTPS performance and speed seriously reduce.
Currently, the encryption and decryption in the mainstreams asymmetric key exchange algorithm such as RSA2048, ECC calculates, shared key calculates etc. The complexity of calculating task is higher, consumes to the CPU time excessive.
In traditional data calculation processing, it is hard that the computing capability of server depends on CPU, memory of server etc. itself The computing capability of part condition, single server is limited after all, and some calculating tasks, such as RSA2048, ECC mainstream are asymmetric The encryption and decryption of Encryption Algorithm calculates, shared key computation complexity is higher, larger to CPU consumption, and not only high load capacity occupies calculating Resource also reduces the traffic handing capacity of software.
Summary of the invention
In view of the above-mentioned problems, the present invention provides a kind of, the clustering based on cryptographic calculation accelerates calculation method, described to add Fast calculation method includes:
Computations task is received, inquires cluster the Resources list, wherein the cluster resource list includes that cpu resource makes With rate, memory source utilization rate;
According to the cluster resource list, optimal clustered node is selected, sends the computations task to described optimal Clustered node;
The optimal clustered node receives and uses the first computing unit and/or the second computing unit to execute the encryption meter Calculation task returns to task computation result.
Further, the reception computations task, inquiry cluster the Resources list include:
Front end service system calls front-end proxy agent interface to send the computations task,
Front-end proxy agent receives and caches the computations task, connects clustered control service, inquires cluster the Resources list, The clustered control service returns to cluster resource list;
Described to select optimal clustered node according to cluster resource list, sending calculating task to optimal clustered node includes:
Front-end proxy agent selects optimal clustered node according to the cluster resource list, send the computations task to Optimal clustered node.
Further, the optimal clustered node receives and uses the first computing unit and/or the second computing unit to execute The computations task, returning to task computation result includes:
The optimal clustered node receives and caches the computations task, returns to front-end proxy agent task and receives successfully;
Front-end proxy agent interface returns to the call result of computations task described in operation system;
The optimal clustered node executes the computations using the first computing unit and/or the second computing unit and appoints Business;
The optimal clustered node returns to front-end proxy agent task computation result;
Front-end proxy agent caches the task computation result;
Front end service system calls front-end proxy agent interface to carry out task computation result queries;
Front-end proxy agent interface returns to task computation result described in front end service system.
Further, the acceleration calculation method further include:
Information collection services timing acquiring nodal information, and connection clustered control service sends the nodal information;
Clustered control service receives the nodal information, updates the cluster resource list.
Further, the method for the optimal clustered node of selection includes:
Judge whether the memory usage of first node and second node meets first threshold:
When the memory usage of two nodes is all satisfied first threshold or first threshold is not satisfied, two nodes are selected The low node of middle CPU usage is as optimal clustered node;
When the memory usage of only one node meets first threshold, judge whether the CPU usage of the node is full Sufficient second threshold: if meeting second threshold, using the node node high as free time degree;If being unsatisfactory for second threshold, select CPU usage is low in two nodes node is selected as optimal clustered node.
Further, described to select the node that CPU usage is low in two nodes to include: as optimal clustered node
When the low node of the CPU usage phase simultaneous selection memory usage of two nodes is as optimal clustered node.
Further, described to be abided by using the first computing unit and/or the second computing unit execution computations task Calculating task dispatching method is followed, the calculating task dispatching method includes:
Count calculating time of a variety of calculating tasks on the first computing unit and the second computing unit;
According to statistical result, judge that current calculating task calculates estimated on the first computing unit and the second computing unit Deadline, the Estimated Time Of Completion include the task amount not completed on the first computing unit or the second computing unit and current The time is calculated required for calculating task;
By the current distribution of computation tasks first computing unit or second computing unit short to Estimated Time Of Completion.
The present invention also provides a kind of, and the clustering based on cryptographic calculation accelerates computing system, the acceleration computing system packet It includes:
Front-end proxy agent service subsystem inquires cluster the Resources list, according to the cluster for receiving computations task The Resources list selects optimal clustered node, sends the computations task to the optimal clustered node;
Service subsystem is calculated, for receiving and executing described add using the first computing unit and/or the second computing unit Close calculating task returns to task computation result.
Further, the acceleration computing system further include:
Information collection service subsystem is used to timing acquiring clustered node information, sends the clustered node information;
Clustered control service subsystem receives the clustered node information, according to the clustered node information, described in update Cluster resource list.
Further, the calculating service subsystem includes:
Task transceiver module returns to task computation result for receiving the computations task;
First computing unit executes the computations task using cipher card;
Second computing unit executes the computations task using CPU;
Calculating task scheduler module, according to calculating task dispatching method, to the first computing unit or the first computing unit point With the computations task;
High-speed communication module, for realizing described between the front-end proxy agent subsystem and the calculating service subsystem add The quick transmission of close calculating task and task computation result.
The present invention uses the computing cluster with load balancing, undertakes the needs run in single computer originally The magnanimity calculating task for consuming resource executes calculating task according to certain calculating task dispatching method using CPU, cipher card, Reduce calculation server CPU, memory computing resource occupies, raising task computation speed and efficiency, the master such as suitable RSA2048, ECC Flow the encryption and decryption calculating of rivest, shamir, adelman, shared key calculates.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right Pointed structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root Other attached drawings are obtained according to these attached drawings.
Fig. 1 shows a kind of clustering based on cryptographic calculation of the present invention and accelerates calculation method workflow schematic diagram;
Fig. 2 shows the optimal clustered node selection method schematic diagrames of the embodiment of the present invention;
Fig. 3 shows the calculating task dispatching method work flow diagram of the embodiment of the present invention;
A kind of clustering based on cryptographic calculation that Fig. 4 shows the embodiment of the present invention accelerates the system framework of computing system Figure;
A kind of clustering based on cryptographic calculation that Fig. 5 shows the embodiment of the present invention accelerates the system deployment of computing system Schematic diagram;
A kind of clustering based on cryptographic calculation that Fig. 6 shows the embodiment of the present invention accelerates the system structure of computing system Figure;
Fig. 7 shows the calculating task traffic control flow diagram of the embodiment of the present invention;
Fig. 8 shows the front-end proxy agent subsystem work flow chart of the embodiment of the present invention;
Fig. 9 shows the task transmitting-receiving operation schematic diagram of the embodiment of the present invention;
The task that Figure 10 shows the embodiment of the present invention sends and receives asynchronous working schematic diagram;
Figure 11 shows the CPU and cipher card parallel computation schematic diagram of the embodiment of the present invention;
Figure 12 shows the algorithm that the Openssl engine interface library of the embodiment of the present invention is supported;
Figure 13 shows the calculating service subsystem workflow schematic diagram of the embodiment of the present invention;
Figure 14 shows data transmission stream journey schematic diagram in the homepage management of the embodiment of the present invention;
Figure 15 shows the present invention and accelerates to calculate working-flow schematic diagram.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical solution in the embodiment of the present invention clearly and completely illustrated, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
The calculating to encrypting and decrypting, sign test of signing in asymmetric key exchange algorithm is not limited in the present invention, it is applicable Applied widely in the calculating of the various algorithms run on PCI operation card, CPU, the embodiment of the present invention is to asymmetric close The calculating of enciphering and deciphering algorithm in key exchange algorithm illustrates.
Cluster is one group of computer that is mutually indepedent, being interconnected by high speed network, they constitute a group, and with single The mode of system is managed, and when a client and cluster interact, cluster seems an independent server.It is every in cluster Platform computer is considered as a node of cluster, i.e. clustered node.Cluster has robustness, and separate unit node server failure does not influence The operation of other servers, it is easily flexible, it can add or reduce easily node server.
The clustering that the present invention provides a kind of based on cryptographic calculation accelerates calculation method, as shown in Figure 1, mainly include with Lower step.
Step 1: receiving and caches calculating task, inquires cluster the Resources list.
In the present embodiment, background system receives and caches calculating task, the collection of the clustered node of triggering connection configuration setting Group control service processes inquire cluster the Resources list.Wherein, calculating task is encryption or decryption calculates work, such as access one When the address HTTPS, the certificate chain of address is verified, needs that signature is decrypted.All collection of clustered control service management Group node, provides cluster resource list, and cluster resource list includes that the cpu resource utilization rate memory source of clustered node uses Rate.Clustered control service returns to cluster resource list according to inquiry request.In the present embodiment, clustered node is encryption/decryption meter A series of systems of executive capability are calculated, multiple systems can be deployed in different terminals or identical server terminal.
Cluster middleware Zookeeper can be used in clustered control service, it is an efficient distributed coordination service, The services such as configuration information management, name, distributed synchronization, cluster management, database switching can be provided.Using cluster middleware Zookeeper carries out cluster management, and each open source cluster middleware Zookeeper visualized management tool of synthesis is carried out cluster pipe Reason is designed and developed.
Step 2: according to cluster resource list, selecting optimal clustered node, and received calculating task is sent to optimal collection Group node.
A kind of acceleration calculation method of cluster of the present invention uses cluster load balancing method, collects according in cluster resource list The resource utilization of group node chooses idle clustered node ranking, using the minimum node of resource utilization as optimal cluster Node gives distribution of computation tasks to optimal clustered node, realizes the dynamic load leveling between the clustered node of rear end.
Optimal clustered node, that is, more idle clustered node, the i.e. relatively low clustered node of resource utilization, due to Encryption and decryption operation mainly still consumes cpu resource, and the consumption of memory is less, so during selecting optimal clustered node, In the case where being filled with sufficient threshold value inside, most important or comparison node CPU usage, memory usage is as secondary comparison Factor.Under normal circumstances, the lower node of CPU usage is more idle.It is each according to the collected cluster of information collection service institute The resource of node uses list, compares and obtains optimal clustered node.
As shown in Fig. 2, directly carrying out the rule of idle degrees sequence in two nodes are as follows:
Judge whether the memory usage of first node and second node meets first threshold:
When the memory usage of two nodes is all satisfied first threshold or is not satisfied, CPU in two nodes is selected to make The node for the using rate low node high as free time degree;
When the memory usage of only one node meets first threshold, judge whether the CPU usage of the node is full Sufficient second threshold: if meeting second threshold, using the node node high as free time degree;If being unsatisfactory for second threshold, select Select CPU usage is low in two nodes the node node high as free time degree.
The above-mentioned node for selecting CPU usage is low in two nodes node high as free time degree further includes in two nodes The low node of CPU usage phase simultaneous selection memory usage as idle node.
Illustratively, compare two node resource utilization rates of A, B, select detailed process such as Fig. 2 institute of more idle node Show, first determine whether node memory utilization rate is less than memory usage threshold value, for example, memory usage threshold value is 90%;Its It is secondary to judge whether node cpu utilization rate is less than CPU usage threshold value, for example, CPU usage threshold value is 90%;Furthermore compare A, B The lower node of CPU usage is selected as most by the CPU usage of two nodes if the CPU usage of two nodes is unequal Excellent clustered node further compares the memory usage of two nodes, by memory if the CPU usage of two nodes is equal The lower node of utilization rate is selected as optimal clustered node.
The selection method of optimal clustered node according to Fig.2, table 1 list two node different resource utilization rates of A, B In the case of optimal clustered node selection result.
The selection result of optimal clustered node in the case of 1 A of table, B node different resource utilization rate
Optimal clustered node is more idle node, is not most idle clustered node, because the resource of each node makes It is not but timing in real time with the acquisition of rate, so optimal clustered node is not necessarily node the most idle.If Acquisition in real time will consume many resources, and see for a long time, and the resource service condition of each node of cluster generally tends to balance , it can't differ too many, therefore timing acquiring.
Step 3: optimal clustered node receives, caches and execute calculating task, caches and returns to task computation result.
Optimal clustered node receives calculating task, caching calculating task to task buffer queue, and execution unit delays from task Queue reading calculating task is deposited to be calculated.
Because the calculating task that cluster is capable of handling is magnanimity, and the calculating of some tasks be it is more time consuming, Caching is to be able to receive and process each calculating task, lose each calculating task and task computation result will not It loses.
The computing unit for executing calculating task includes the first computing unit and the second computing unit, illustratively, the first meter Calculating unit is CPU, and the second computing unit is PIC operation card (such as cipher card), and corresponding worker thread is CPU active line respectively Journey, cipher card worker thread.
Cipher card is a kind of PCI operation card, is high performance fundamental cryptographic equipment, is the important component of cryptographic hardware platform One of, be widely used in a variety of encryption devices such as signature verification service device, vpn gateway, it is main complete encryption, decryption, signature, The functions such as sign test.
CPU worker thread, cipher card worker thread is respectively started, worker thread is according to calculating task dispatching method, to CPU Or cipher card distributes calculating task, CPU worker thread, cipher card worker thread execute calculating task respectively, calculated result are write Enter buffer queue.When operation system inquires calculating task result, task computation result is returned to operation system.
Calculating task dispatching method includes study stage and allocated phase.Wherein,
In the study stage:
CPU and cipher card respectively calculate various calculating tasks;
Read calculating time and the task quantity that calculating task is completed on CPU and cipher card;
Calculate separately arithmetic speed of the every kind of task on CPU and cipher card.
In allocated phase:
According to CPU arithmetic speed and cipher card arithmetic speed, calculates separately and calculated needed for the calculating task not completed on CPU Time T2 is calculated needed for the calculating task not completed on time T1 and cipher card;
According to CPU arithmetic speed and cipher card arithmetic speed, calculating needed for task to be calculated calculates on CPU is calculated separately Time T3 and task to be calculated calculate time T4 needed for calculating on cipher card;
Calculating task more to be calculated calculates Estimated Time Of Completion (T1+T3) and calculating task to be calculated on CPU Estimated Time Of Completion (T2+T4) is calculated on cipher card;
If (T1+T3) is greater than (T2+T4), by distribution of computation tasks to be calculated to cipher card;If (T1+T3) is less than Equal to (T2+T4), by distribution of computation tasks to be calculated to CPU.
Illustratively, calculating task dispatching method workflow is as shown in figure 3, include the following steps.
(1) initialization calculating task dispatches process;
(2) inquiry calculating task whether there is, if it is present go to step (3), if it does not, at one section of delay Between execute step (2) again;
(3) this batch calculating task is taken out from caching;
(4) it calculates separately and calculates time and this batch calculating task needed for this batch calculating task calculates on CPU close The time is calculated needed for calculating on code card, is denoted as T1 and T2 respectively;
(5) calculating for calculating needed for the calculating task not completed on CPU and not completing on time T1 and cipher card is calculated separately Required by task calculates time T2;
(6) compare (T1+T3) and (T2+T4), if (T1+T3) is greater than (T2+T4), this batch distribution of computation tasks is given Cipher card, on the contrary distribute to CPU.
(7) CPU or cipher card execute calculating task, cache to calculated result, then return to step (2).
Calculating task is sent and calculated result return can carry out in batches, makes full use of bandwidth, is realized high-throughput, is subtracted as far as possible System performance caused by few network overhead reduces.
Step 4: timing acquiring clustered node information, by clustered node information update to cluster resource list and database.
Timing acquiring clustered node information, clustered node information include the resource utilization of clustered node, task situation etc. Information.Wherein, resource utilization includes the information such as cpu resource utilization rate and memory source utilization rate;Task situation includes current The information such as task amount, completed task amount and unfinished task amount.
It connects clustered control service and sends collected nodal information, clustered control service is according to collected nodal information Update cluster resource list.Clustered control service is connected, all nodal informations of cluster are read, all nodal informations are updated to number According to library.
A kind of clustering based on cryptographic calculation of the present invention accelerates calculation method by the way of cluster, is loaded using cluster Balance policy undertakes the magnanimity calculating task for needing to consume resource run in single computer originally;Meanwhile using CPU, Cipher card executes calculating task according to certain calculating task dispatching method, can reduce calculation server CPU, memory calculates money Source occupies, and improves task computation speed and efficiency, is suitble to the encryption and decryption meter of the mainstreams rivest, shamir, adelmans such as RSA2048, ECC It calculates, shared key calculates.
The present invention also provides a kind of, and the clustering based on cryptographic calculation accelerates computing system, which is Framework of uniting includes the layers such as hardware layer, hardware interface encapsulated layer, rear end computing cluster layer, front-end proxy agent interface layer, calling service layer It is secondary, as shown in Figure 4.
Hardware layer, which provides to calculate, services supported hardware, including the hardware devices such as PCI operation card and CPU.Cipher card is A kind of PCI operation card is to emphasize high performance fundamental cryptographic equipment, is one of the important component of cryptographic hardware platform, answers extensively In a variety of encryption devices such as signature verification service device, vpn gateway.
Openssl of the hardware interface encapsulated layer to cipher card based on Openssl calculating interface and based on Intel optimization Interface carry out secondary encapsulation, provide support cipher card and CPU collaboration operation external call interface, for front-end proxy agent interface layer into Row, which calculates, to be called.On the computer network, Openssl is the software library packet an of open source code, and application program can be used This packet avoids eavesdropping, while confirming the identity of other end connectionist to securely communicate.It is based on Intel optimization Refer to the optimization for making full use of the new commands such as AVX2 instruction set and MULX, ADCX, ADOX, RORX, RDSEED to carry out.
Rear end computing cluster layer is responsible for the transmitting-receiving management of calculating task, hardware enclosure interface is called to execute calculating task, and Calculated result is cached, front-end proxy agent interface is sent to.Calculating task includes the tasks such as encrypting and decrypting, signature sign test.
Rear end computing cluster layer is mainly made of calculating service, clustered control service, information collection service, calculates services package Include Thrift communication service frame, task transceiver module, computing module.Thrift can be used as high performance communication middleware, Support data (object) serializing and a plurality of types of RPC services.RPC (Remote Procedure Call Protocol) clothes Business refers to (RFC-1831) remote procedure call protocol, and one kind requesting service by network from remote computer program, without It should be understood that the agreement of underlying network technology.
Task transceiver module is responsible for receiving front-end and acts on behalf of all kinds of calculating tasks sent by exchange network, is responsible for calculate As a result front-end proxy agent is returned to by exchange network, the interface function that the API communication initialization and API for responding front-end proxy agent are closed. Caching mechanism is used to received calculating task and calculated result, including without lock task queue and without lock result queue.
Front-end proxy agent interface layer is responsible for the inquiry of clustered node, the caching of calculating task and transmission, the reception of calculated result, Caching and inquiry, the tasks such as control of task traffic volume.
Calling service layer is responsible for calling front-end proxy agent interface, sends calculating task, fetches task action result;It further include hair Identity after identity registration and execution before sending calculating task is nullified.
A kind of clustering based on cryptographic calculation of the present invention accelerates computing system to be broadly divided into front end services and rear end cluster Two parts are calculated, system deployment schematic diagram is as shown in Figure 5.
Front end services part is made of front-end proxy agent interface layer, calling service layer, is deployed on front-end server, mainly with Front-end business is docked, and calculating task is issued rear end computing cluster by interface, and return to calculated result.
Front end services part includes front-end proxy agent software and operation system, because common server system has had business system System, so operation system is not emphasis of the invention.
PC cluster part is made of hardware layer, hardware interface encapsulated layer, rear end computing cluster layer, is deployed in rear end cluster It include six modules such as high-speed communication, task transmitting-receiving, the first computing unit, the second computing unit, log recording on server.
PC cluster part includes hardware and software, and the difference of hardware and common server is, in existing server hardware On the basis of cipher card is installed.
Front end services part is docked with PC cluster part, and calculating task is issued rear end PC cluster by interface Part, and return to calculated result.
PC cluster part includes high-speed communication, task transmitting-receiving, information collection, the first computing unit interface, the second calculating The modules such as unit interface, calculating task scheduling, log recording.
A kind of clustering based on cryptographic calculation of the present invention accelerates to calculate system construction drawing as shown in fig. 6, the system is by preceding End agency, calculating service, information collection service, clustered control service, the service of information storage, cluster management service six subsystems Composition.
Front-end proxy agent subsystem is made of service interfacing, data transmit-receive module and task allocating module.Wherein, service interfacing Module receives the related computing tasks sent of operation system by general-purpose interface and is cached, to realize flow control;It is responsible for The calculated result of rear end computing cluster is returned into front end service system.Support multiple business, interface is unified, and to different business It is numbered, to distinguish different front-end businesses;Can carry out that resource use etc. to business it is necessary limit, reduce as far as possible to existing The influence of operation system, seamlessly transits operation system.
Data transmit-receive module, which is responsible for calculate by the exchange network between front-end server and rear end cluster server, appoints Business is distributed to rear end cluster server, is responsible for receiving the calculated result that rear end cluster returns.
Resource utilization, task situation of the task allocating module according to node each in the cluster of rear end, by calculating task point It is fitted on optimal clustered node, realizes the dynamic load leveling between the cluster server of rear end.The signal of task assignment process For figure as shown in fig. 7, front-end proxy agent receives the calculating task that operation system is sent, triggering front-end proxy agent passes through cluster middleware Cluster resource list is inquired to cluster middleware Zookeeper and is obtained in the channel Zookeeper, according to node each in the Resources list CPU, memory source utilization rate, the calculate node for selecting resource utilization minimum is as optimal clustered node, front-end proxy agent handle Calculating task is sent to calculate node by UDP message form.Calculate node executes calculating task, yet by UDP message form Calculated result is returned to front-end proxy agent.
Front-end proxy agent subsystem work process is as shown in figure 8, include the following steps.
(1) cluster management, identity registration
Operation system sends identity registration request by service interfacing module forward end agency, and front-end proxy agent calls identity note Volume interface, identity registration interface are initiated the request of cluster resource list query by data transmit-receive module rear end cluster service, are obtained Take optimal clustered node server info.Rear end cluster service initiates the connection foundation request to optimal clustered node server, builds Vertical communication channel, and the unique identity of rear end cluster service generation is received, in front end generation, is returned to by data transmit-receive module Reason.
(2) calculating task is sent in service interfacing
Operation system calls the task transmission interface of service interfacing module, and front-end proxy agent receives business task, and by task Information cache is to task queue.After identity registration success, front-end proxy agent starts task and sends worker thread, reads buffer queue, Mission bit stream Batch sending is given to rear end cluster service by data transmit-receive module.
(3) task result is obtained in service interfacing
After identity registration success, front-end proxy agent starts task and obtains worker thread, is collected to the back-end by data transmit-receive module Group's service is initiated to obtain the request of task computation result, and result cache Map is written in the batch results that rear end cluster service is sent.Industry Business system calls the task of service interfacing module to obtain interface, and front-end proxy agent query task caches Map, and it is logical to obtain corresponding result It crosses service interfacing module and returns to operation system.
(4) identity is nullified
Operation system sends identity de-registration request by service interfacing module forward end agency, and front-end proxy agent calls identity note Pin joint mouth, identity nullify interface and initiate identity de-registration request by data transmit-receive module rear end cluster service.Rear end cluster clothes Interface channel is closed in business, discharges resource.
Calculating service subsystem includes task transmitting-receiving, calculating task scheduling, the first computing unit, the second computing unit, height Six speed communication, log recording modules.
Task transceiver module is responsible for all kinds of calculating that the data transmit-receive module of receiving front-end agency is sent by exchange network Task is responsible for calculated result returning to front-end proxy agent by exchange network.
Between front-end proxy agent and task transceiver module, planned network communications protocol forms communication interface, completes calculating task The correct return issued with result.Illustratively, as shown in figure 9, task is sent and result returns and uses UDP message transmission, Udp protocol has high reliability because having affirmation mechanism, retransmission mechanism, consistency detection.
Task is sent and result return can carry out in batches, makes full use of bandwidth, is realized high-throughput, is reduced network to the greatest extent and open System performance caused by selling reduces.As shown in Figure 10, task sends and receives asynchronous progress, realizes a set of efficient calculated result Feed back to the mechanism of user.
Calculating task scheduler module core function is to realize the scheduling of various encryption and decryption calculating tasks, is mainly responsible for calling envelope The cipher card and CPU unified interface of dress read task queue, execute encryption and decryption calculating task, accomplish that cipher card, CPU task close Reason scheduling and distribution, give full play to the performance of the two.
Cipher card externally provides the crypto engine based on Openssl, and the present invention is based on the calculating of CPU to be referred to using Intel Enable the Openssl of optimization, two kinds of Openssl there is the conflict called, thus the parallel computation of CPU and cipher card need to this two Kind Openssl carries out secondary encapsulation, and CPU is executed calculating task with cipher card and striven according to calculating task dispatching method using multithreading It robs formula scheduling to execute, as shown in figure 11.
Based on above two Openssl, calculating is executed by cipher card and CPU respectively.Due to cipher card public key calculation, such as Encryption and sign test calculate fast not as good as CPU;Cipher card private key operation, such as decryption and signature, it is faster than CPU.Therefore in calculating task It needs to carry out necessary setting in response to this when scheduling.The present invention opens CPU execution unit, private key fortune using public key calculation more Calculate the modes for opening cipher card execution unit more.
Illustratively, the first computing unit executes calculating task using PCI operation card (such as cipher card), can be by simple The cipher card of different manufacturers different model is supported in flexible configuration.The present invention is based on Openssl standard interfaces to be developed, at present It is not necessary to modify programs can support for cipher card based on Openssl engine.The Openssl interface library and sheet that cipher card manufacturer provides Openssl interface library used in inventing has conflict, by by way of two kinds of Openssl interface libraries of dynamic independent loads, incites somebody to action Two kinds of interfaces extract respectively, and separation is called.When substitution ciphers card, substitution ciphers card Openssl interface library is only needed. Figure 12 shows the algorithm of Openssl engine interface library support, including canonical algorithm, expansion algorithm.
On the computer network, Openssl is the software library packet an of open source code, this can be used in application program Packet avoids eavesdropping, while confirming the identity of other end connectionist to securely communicate.
Cipher card supports to include but is not limited to following algorithm, and asymmetric key exchange algorithm has:
RSA:RSA512, RSA1024, RSA2048, RSA4096;
DH:DH-1024, DH-2048, DH-3072;
DHE:DHE-1024, DHE-2048, DHE-3072;
ECDH:ECDHP256, ECDHP384, ECDHP521, ECDH-secp192k1, ECDH-secp224k1, ECDH- secp192r1、ECDH-secp224r1、ECDH-secp256r1、ECDH-secp384r1、ECDH-secp521r1、ECDH- brainpoolP256r1,ECDH-brainpoolP384r1,ECDH-brainpoolP512r1;
ECDHE:ECDHE-secp192k1, ECDHE-secp224k1, ECDHE-secp192r1, ECDHE- secp224r1、ECDHE-secp256r1、ECDHE-secp384r1、ECDHE-secp521r1、ECDHE-brainpoolP 256r1、ECDHE-brainpoolP384r1、ECDHE-brainpoolP512r1。
Digital Signature Algorithm has:
RSA:RSA512, RSA1024, RSA2048, RSA4096;
DSA:DSA512, DSA1024, DSA2048;
ECDSA:ECDSAP256, ECDSAP384, ECDSAP521, ECDSA-secp192k1, ECDSA-secp224k1, ECDSA-secp256k1、ECDSA-secp192r1、ECDSA-secp224r1、ECDSA-secp256r1、ECDSA- secp384r1、ECDSA-secp521r1、ECDSA-brainpoolP256r1、ECDSA-brainpoolP384r1、ECDSA- brainpoolP512r1。
CPU computing module executes the computations task using CPU.The present invention is based on the progress of Openssl standard interface Exploitation loads the Openssl interface library based on Intel optimization and carries out CPU operation, and asymmetric encryption and decryption, signature is supported to test Card, key exchange etc. various canonical algorithms, can flexible choice arbitrarily support that algorithm is calculated.
High-speed communication module, which is mainly realized, is used to realize between front-end proxy agent subsystem and calculating service subsystem that calculating is appointed The quick transmission of business and task computation result is supported certain concurrent.
High-speed communication provides guarantee by following four condition:
(1) UDP is communicated;
(2) HP Socket high performance communication frame;
(3) multi-thread data is sent;
(4) the end-to-end congestion control under udp protocol is realized by the control strategy of receiving end and transmitting terminal.
Wherein, the control strategy of receiving end and transmitting terminal refers to using simple sliding window protocol, is sent by calculating End and receiving end two-way time interval, dynamically to adjust the transmission rate of transmitting terminal.Socket model uses asynchronous message, rather than Obstruction mode.
Congestion control refers to that one window size of setting, transmitting terminal have been sent in window after all packets, calculates packet loss, so Dynamic adjustment transmission time interval afterwards.According to packet loss number and which packet loss, transmitting terminal, transmitting terminal are notified by receiving end Time interval is sent by all means.If transmitting terminal finds that this does not have packet loss, continue to send following packet.When a window After completely correct transmission, two-way time RTT (Round-Trip Time) is recalculated, according to current network congestion situation, adjustment Send interval.
Logger module carries out the information such as the type of calculating task, quantity, processing time according to certain journal format Record, and it is saved in disk.
It is as shown in figure 13 to calculate service subsystem workflow, specifically includes following steps.
(1) system initialization
System initialization reads system configuration, setting network processes thread pool parameter, worker thread parameter etc., initialization Connect Session queue.It calculates the connection session (Session) that service subsystem is each client and is provided with a team Column.
(2) interface initialization
Interface initialization mainly includes difference loading pin card Openssl interface library, the CPU based on Intel optimization Openssl interface library constructs interface engine.
(3) task receives
Front-end proxy agent calls task transceiver module calculating task to be sent to the calculating service of optimal clustered node, calculates clothes Business receives, caches calculating task.
(4) calculating task is dispatched
CPU worker thread, cipher card worker thread is respectively started in calculating task scheduling, and worker thread is according to calculating task tune The task queue that algorithm reads caching task is spent, the first computing unit interface (such as CPU operation interface) or the second calculating are called Unitary operation interface (such as cipher card operation interface) executes the first computing unit (such as CPU operation) or the second computing unit fortune It calculates (such as cipher card operation), buffer queue is written into calculated result.
(5) task result returns
Front-end proxy agent inquires the calculated result of calculating task by task transceiver module, calculates service corresponding and calculates knot Fruit returns to front-end proxy agent.
Calculating task dispatching method includes study stage and allocated phase.Wherein,
In the study stage:
CPU and cipher card respectively calculate various calculating tasks;
Read calculating time and the task quantity that calculating task is completed on CPU and cipher card;
Calculate separately arithmetic speed of the every kind of task on CPU and cipher card.
In allocated phase:
According to CPU arithmetic speed and cipher card arithmetic speed, calculates separately and calculated needed for the calculating task not completed on CPU Time T2 is calculated needed for the calculating task not completed on time T1 and cipher card;
According to CPU arithmetic speed and cipher card arithmetic speed, calculating needed for task to be calculated calculates on CPU is calculated separately Time T3 and task to be calculated calculate time T4 needed for calculating on cipher card;
Calculating task more to be calculated calculates Estimated Time Of Completion (T1+T3) and calculating task to be calculated on CPU Estimated Time Of Completion (T2+T4) is calculated on cipher card;
If (T1+T3) is greater than (T2+T4), by distribution of computation tasks to be calculated to cipher card;If (T1+T3) is less than Equal to (T2+T4), by distribution of computation tasks to be calculated to CPU.
Illustratively, calculating task dispatching method workflow is as shown in figure 3, include the following steps.
(1) initialization calculating task dispatches process;
(2) inquiry calculating task whether there is, if it is present go to step (3), if it does not, at one section of delay Between execute step (2) again;
(3) this batch calculating task is taken out from caching;
(4) it calculates separately and calculates time and this batch calculating task needed for this batch calculating task calculates on CPU close The time is calculated needed for calculating on code card, is denoted as T1 and T2 respectively;
(5) calculating for calculating needed for the calculating task not completed on CPU and not completing on time T1 and cipher card is calculated separately Required by task calculates time T2;
(6) compare (T1+T3) and (T2+T4), if (T1+T3) is greater than (T2+T4), this batch distribution of computation tasks is given Cipher card, on the contrary distribute to CPU.
(7) CPU or cipher card execute calculating task, cache to calculated result, then return to step (2).
Clustered control service subsystem manages all clustered nodes, and the cpu resource that forward end agency provides clustered node makes With the current task amount of rate and memory source utilization rate ranking and clustered node, completed task amount, unfinished task Ranking is measured, optimal clustered node is selected by front-end proxy agent.
Cluster middleware, i.e. cluster middleware Zookeeper can be used in clustered control service, it is one efficient point Cloth coordination service can provide the services such as configuration information management, name, distributed synchronization, cluster management, database switching. Cluster management is carried out using cluster middleware Zookeeper, by each open source cluster middleware Zookeeper visualized management of synthesis Tool carries out designing and developing for cluster management.
Information collection service subsystem includes collection of resources, three task acquisition, clustered control service interaction modules.
CPU, the memory usage of collection of resources module acquisition calculate node.Calling system function reads CPU usage, interior Utilization rate is deposited, acquisition data packet is generated.
Task acquisition module acquires current task amount, completed task amount, the unfinished task amount etc. of calculate node Information, reads the task daily record of the service of calculating, and formats, and generates acquisition data packet.
Collected node data is notified clustered control service, clustered control service to adopt by clustered control service interaction module With cluster middleware Zookeeper, process is notified to include initialization, connection cluster middleware Zookeeper, write data, disconnect Four steps.
Cluster management services WEB subsystem and provides cluster management interface, can monitor the equipment and cipher card in cluster The states such as state, including hardware resource, operating system, faulty equipment and cipher card can be alerted.Cluster management Servicing WEB subsystem includes five homepage, node display, alarm management, system administration, user management modules.
Cluster management services Web subsystem and is different from cluster middleware Zookeeper, they are two different subsystems System.The calculating that cluster management service Web subsystem is more focused on the resource service condition and each business that show each node of cluster is appointed Business statistics etc..Cluster middleware Zookeeper is mainly used for monitoring the working condition of each node of cluster, does not close with business itself System.
Home view includes the information of entire cluster server, and it is total, close to specifically include national aggregated pattern figure, server Code card sum, task quantity, resources occupation rate, warning information etc..As shown in figure 14, the cluster server that home view is shown It is total that information data is maintained in database, and when home view is shown, home view calls data acquisition interface, and data obtain Interface polls database is taken, obtains the data that home view needs to show, and the data are returned into home view.
Node display module has querying node and statistical function, and query function is according to IP, fuzzy query node state, essence True inquirying card state.Statistical function shows the CPU of day part and the utilization rate of memory in one day with line chart.
Node display information is comprising node server information, the IP including node server, on-line time, node state, Include cipher card state, cpu frequency memory size, task amount etc..
Alarm management module includes warning information displaying, alarm inquiry, fills in handling suggestion function.
Warning information shows to include alarm time, and node ID, IP, card ID alert classification, alarm description, state, processing meaning See.Alarm inquiry function is according to IP query warning period, alarm status.Wherein, alarm status includes alerting processed, alarm It is untreated.To untreated alarm, handling suggestion is filled in.
System management module is the management to system business, including business information is shown, business editor, business enables, industry Business deactivate etc. functions.
Business information shows that information includes traffic ID, business description, CPU usage, memory usage, and service condition is appointed Business amount, CPU use threshold value, and memory uses threshold value.Business editting function modifies to the information of business, and what can be modified has industry Business description, CPU threshold value, memory threshold.When business enables, clicking enabling button can come into force.After coming into force, it can be transported on server The row task.When business deactivates, clicking deactivation button can be deactivated.After deactivating, then server will not be handled business.
User management module function includes user query, and user is newly-increased, and user's modification, user deletes, user's enabledisable Etc. functions.User query include pressing user name, user type inquiry.User is newly-increased to need to fill in user name, and password confirms close Yard, it is saved after the information such as user type.It can be enabled on user list, deactivate user.It supports user information modification and deletes Operation.
It includes three database processing, clustered control service interaction, data processing modules that information, which is put in storage service subsystem,.
Database processing module be responsible for is interacted with database, calling bottom data bank interface, execute connection, inquiry, The operations such as increase, deletion, modification.
Clustered control service interaction (cluster middleware Zookeeper interaction) module is read from cluster middleware Zookeeper Take clustered node information, cluster middleware Zookeeper interaction flow include initialization, connection cluster middleware Zookeeper, It reads data, disconnect four steps.
The data that data processing module processing is read from cluster middleware Zookeeper, including data format, number According to parsing, inquiry etc..
Figure 15 shows the present invention and accelerates to calculate working-flow schematic diagram, and as shown in figure 15, illustratively, front end is set There is M front-end server, the M front-end server that be the 1st, 2,3 respectively ..., each front-end server includes operation system and front end Agency.Rear end is equipped with computing cluster, database and cluster management subsystem.Computing cluster is made of N number of calculate node, is respectively 1st, 2,3 ... N number of calculate node server, each calculate node server is mutually indepedent, is interconnected by high speed network, their structures It is managed at a group, and with the mode of triangular web.Each calculate node include calculate service, information collection service and Clustered control service.Database and cluster management subsystem can be deployed in the individual server independently of clustered node, It can be deployed on clustered node server, data interaction is carried out by software interface and clustered node.
A kind of clustering based on cryptographic calculation of the present invention accelerates the workflow of computing system as follows:
(1) front end service system calls front-end proxy agent interface to issue computation requests.
(2) front-end proxy agent receives and caches calculating task, the clustered node clustered control service of connection configuration setting.
(3) clustered control services return node the Resources list.
(4) front-end proxy agent selects optimal rear end calculate node server and connects.
(5) rear end calculate node caches calculating task.
(6) rear end calculate node returns to front-end proxy agent task and receives successfully.
(7) front-end proxy agent interface returns to front end service system calculating task call result.
(8) rear end calculate node executes calculating task.
(9) rear end calculate node returns to front-end proxy agent task computation result.
(10) front-end proxy agent caches task computation result.
(11) front end service system calls front-end proxy agent interface to carry out task computation result queries.
(12) front-end proxy agent interface returns to front end service system task computation result.
(13) information collection service timing acquiring nodal information (resource utilization, task situation etc.).
(14) information collection service connection clustered control service sends collected nodal information.
(15) all nodal informations of cluster are read in information storage service connection clustered control service, and number is written in cluster information According to library.
(16) it cluster management subsystem reading database data and shows.
Because the calculating task that cluster is capable of handling is magnanimity, and the calculating of some tasks is that elapsed time is long, caching It is to be able to receive and process each calculating task, lose each calculating task and task computation result will not.Separately Outside, it calculates service and receives calculating task, although task computation cannot be returned to immediately as a result, front-end proxy agent can be returned to immediately Interface task receives successful message, calls the operation system of front-end proxy agent interface to know that task is sent successfully, can so protect Whether card operation system timely learning task sends success, if sending failure, operation system can be retransmitted.
A kind of clustering based on cryptographic calculation provided by the invention accelerates computing system to have robustness, separate unit cluster section Point server failure does not influence the operation of other servers, easily flexible, can facilitate addition or reduce node server.Accelerate to calculate system System calculates service processing by the acquisition to each node resource of cluster occupancy data, by the node of front-end proxy agent selection relative free Calculating task, achievees the purpose that load balancing, and can with the increase of cluster interior joint number, the computing capability of expansion system, Improve the calculated performance of whole system.
Although the present invention is described in detail referring to the foregoing embodiments, those skilled in the art should manage Solution: it is still possible to modify the technical solutions described in the foregoing embodiments, or to part of technical characteristic into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The spirit and scope of scheme.

Claims (10)

1. a kind of clustering based on cryptographic calculation accelerates calculation method, which is characterized in that the acceleration calculation method includes:
Receive computations task, inquire cluster the Resources list, wherein the cluster resource list include cpu resource utilization rate, Memory source utilization rate;
According to the cluster resource list, optimal clustered node is selected, sends the computations task to the optimal cluster Node;
The optimal clustered node receives and uses the first computing unit and/or the second computing unit to execute the computations times Business returns to task computation result.
2. acceleration calculation method according to claim 1, which is characterized in that the reception computations task, query set Group the Resources list include:
Front end service system calls front-end proxy agent interface to send the computations task,
Front-end proxy agent receives and caches the computations task, connects clustered control service, inquires cluster the Resources list, described Clustered control service returns to cluster resource list;
Described to select optimal clustered node according to cluster resource list, sending calculating task to optimal clustered node includes:
Front-end proxy agent selects optimal clustered node according to the cluster resource list, sends the computations task to optimal Clustered node.
3. acceleration calculation method according to claim 2, which is characterized in that the optimal clustered node receives and uses One computing unit and/or the second computing unit execute the computations task, return to task computation result and include:
The optimal clustered node receives and caches the computations task, returns to front-end proxy agent task and receives successfully;
Front-end proxy agent interface returns to the call result of computations task described in operation system;
The optimal clustered node executes the computations task using the first computing unit and/or the second computing unit;
The optimal clustered node returns to front-end proxy agent task computation result;
Front-end proxy agent caches the task computation result;
Front end service system calls front-end proxy agent interface to carry out task computation result queries;
Front-end proxy agent interface returns to task computation result described in front end service system.
4. acceleration calculation method according to claim 3, which is characterized in that the acceleration calculation method further include:
Information collection services timing acquiring nodal information, and connection clustered control service sends the nodal information;
Clustered control service receives the nodal information, updates the cluster resource list.
5. acceleration calculation method according to claim 1-4, which is characterized in that the optimal clustered node of selection Method include:
Judge whether the memory usage of first node and second node meets first threshold:
When the memory usage of two nodes is all satisfied first threshold or first threshold is not satisfied, select in two nodes The low node of CPU usage is as optimal clustered node;
When the memory usage of only one node meets first threshold, judge whether the CPU usage of the node meets Two threshold values: if meeting second threshold, using the node node high as free time degree;If being unsatisfactory for second threshold, two are selected The low node of CPU usage is as optimal clustered node in a node.
6. acceleration calculation method according to claim 5, which is characterized in that CPU usage in two nodes of the selection Low node includes: as optimal clustered node
When the low node of the CPU usage phase simultaneous selection memory usage of two nodes is as optimal clustered node.
7. -4,6 described in any item acceleration calculation methods according to claim 1, which is characterized in that described to calculate list using first Member and/or the second computing unit execute the computations task and follow calculating task dispatching method, the calculating task scheduling Method includes:
Count calculating time of a variety of calculating tasks on the first computing unit and the second computing unit;
According to statistical result, the estimated completion that current calculating task calculates on the first computing unit and the second computing unit is judged Time, the Estimated Time Of Completion include the task amount not completed on the first computing unit or the second computing unit and current calculating The calculating time that required by task is wanted;
By the current distribution of computation tasks first computing unit or second computing unit short to Estimated Time Of Completion.
8. a kind of clustering based on cryptographic calculation accelerates computing system, which is characterized in that the acceleration computing system includes:
Front-end proxy agent service subsystem inquires cluster the Resources list, according to the cluster resource for receiving computations task List selects optimal clustered node, sends the computations task to the optimal clustered node;
Service subsystem is calculated, by receiving and executing based on the encryption using the first computing unit and/or the second computing unit Calculation task returns to task computation result.
9. acceleration computing system according to claim 8, which is characterized in that the acceleration computing system further include:
Information collection service subsystem is used to timing acquiring clustered node information, sends the clustered node information;
Clustered control service subsystem receives the clustered node information, according to the clustered node information, updates the cluster The Resources list.
10. accelerating computing system according to claim 8 or claim 9, which is characterized in that the calculating service subsystem includes:
Task transceiver module returns to task computation result for receiving the computations task;
First computing unit executes the computations task using cipher card;
Second computing unit executes the computations task using CPU;
Calculating task scheduler module distributes institute to the first computing unit or the first computing unit according to calculating task dispatching method State computations task;
High-speed communication module, for realizing the encryption meter between the front-end proxy agent subsystem and the calculating service subsystem The quick transmission of calculation task and task computation result.
CN201910386486.XA 2019-05-09 2019-05-09 A kind of clustering acceleration calculating method and system based on cryptographic calculation Pending CN110213338A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910386486.XA CN110213338A (en) 2019-05-09 2019-05-09 A kind of clustering acceleration calculating method and system based on cryptographic calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910386486.XA CN110213338A (en) 2019-05-09 2019-05-09 A kind of clustering acceleration calculating method and system based on cryptographic calculation

Publications (1)

Publication Number Publication Date
CN110213338A true CN110213338A (en) 2019-09-06

Family

ID=67785747

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910386486.XA Pending CN110213338A (en) 2019-05-09 2019-05-09 A kind of clustering acceleration calculating method and system based on cryptographic calculation

Country Status (1)

Country Link
CN (1) CN110213338A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021051582A1 (en) * 2019-09-17 2021-03-25 平安科技(深圳)有限公司 Host performance monitoring method and apparatus for server cluster, device, and storage medium
CN112799807A (en) * 2021-01-25 2021-05-14 武汉华大基因技术服务有限公司 Cluster task pre-scheduling distribution method, device, medium and computer equipment
CN112866223A (en) * 2021-01-12 2021-05-28 北京金山云网络技术有限公司 Routing method and device for homomorphic encryption request
CN117714056A (en) * 2024-02-05 2024-03-15 中国船舶集团有限公司第七〇七研究所 Service-oriented special password service system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105631343A (en) * 2014-10-29 2016-06-01 航天信息股份有限公司 Password operation realization method and device based on encryption card and server
CN105743898A (en) * 2016-02-03 2016-07-06 成都比特信安科技有限公司 Static data decryption method based on big data environment
EP3297247A1 (en) * 2016-09-20 2018-03-21 Certicom Corp. In-vehicle encrypted networking
WO2018068351A1 (en) * 2016-10-10 2018-04-19 网宿科技股份有限公司 Node routing method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105631343A (en) * 2014-10-29 2016-06-01 航天信息股份有限公司 Password operation realization method and device based on encryption card and server
CN105743898A (en) * 2016-02-03 2016-07-06 成都比特信安科技有限公司 Static data decryption method based on big data environment
EP3297247A1 (en) * 2016-09-20 2018-03-21 Certicom Corp. In-vehicle encrypted networking
WO2018068351A1 (en) * 2016-10-10 2018-04-19 网宿科技股份有限公司 Node routing method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021051582A1 (en) * 2019-09-17 2021-03-25 平安科技(深圳)有限公司 Host performance monitoring method and apparatus for server cluster, device, and storage medium
CN112866223A (en) * 2021-01-12 2021-05-28 北京金山云网络技术有限公司 Routing method and device for homomorphic encryption request
CN112866223B (en) * 2021-01-12 2022-11-08 北京金山云网络技术有限公司 Routing method and device for homomorphic encryption request
CN112799807A (en) * 2021-01-25 2021-05-14 武汉华大基因技术服务有限公司 Cluster task pre-scheduling distribution method, device, medium and computer equipment
CN117714056A (en) * 2024-02-05 2024-03-15 中国船舶集团有限公司第七〇七研究所 Service-oriented special password service system

Similar Documents

Publication Publication Date Title
CN111787073B (en) Current limiting fusing platform for unified service and method thereof
CN110213338A (en) A kind of clustering acceleration calculating method and system based on cryptographic calculation
US10200251B2 (en) Methods and apparatus for accessing selectable application processing of data packets in an adaptive private network
US7337314B2 (en) Apparatus and method for allocating resources within a security processor
KR102050188B1 (en) Microservice system and method thereof
US7661130B2 (en) Apparatus and method for allocating resources within a security processing architecture using multiple queuing mechanisms
CN113079159B (en) Edge computing network system based on block chain
US7657933B2 (en) Apparatus and method for allocating resources within a security processing architecture using multiple groups
CN108683747A (en) Resource acquisition, distribution, method for down loading, device, equipment and storage medium
CN110365752A (en) Processing method, device, electronic equipment and the storage medium of business datum
Danzi et al. Communication aspects of the integration of wireless IoT devices with distributed ledger technology
Doan et al. FAST: Flexible and low-latency state transfer in mobile edge computing
CN111754216A (en) Automatic switching method for payment link
US11805033B2 (en) Monitoring of IoT simulated user experience
US20230137879A1 (en) In-flight incremental processing
CN110188022A (en) A kind of clustering performance test method and system based on Java
US9621438B2 (en) Network traffic management
CN110417782A (en) A kind of system and method for the transmission of Intelligent hardware message
US11231969B2 (en) Method for auditing a virtualised resource deployed in a cloud computing network
Dickel et al. Evaluation of autoscaling metrics for (stateful) IoT gateways
KR20230075456A (en) Operation of Distributed Deterministic Networks
Kumar et al. quicSDN: Transitioning from TCP to QUIC for Southbound Communication in SDNs
US20240048495A1 (en) Systems and methods for networked microservices flow control
Kassem et al. Utilisation profiles of bridging function chain for healthcare use cases
Oseghale Leveraging proactive flow to improve scalability in software defined networking/Oseghale Osemudiamen Victor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190906

RJ01 Rejection of invention patent application after publication