CN110430259B - Data service system, server, and computer-readable storage medium - Google Patents
Data service system, server, and computer-readable storage medium Download PDFInfo
- Publication number
- CN110430259B CN110430259B CN201910711050.3A CN201910711050A CN110430259B CN 110430259 B CN110430259 B CN 110430259B CN 201910711050 A CN201910711050 A CN 201910711050A CN 110430259 B CN110430259 B CN 110430259B
- Authority
- CN
- China
- Prior art keywords
- server
- data
- service
- network
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The invention discloses a data service system, a server and a computer readable storage medium, and belongs to the technical field of internet. The system comprises: the access server is used for providing access service for at least one block chain platform; the storage server is used for providing a load-balanced distributed data storage function; the storage server comprises a cloud hard disk and a file storage, wherein the cloud hard disk is used for storing data to be stored in a multi-copy redundant mode, and the file storage has a shared storage function; and the block chain service Baas bus is used for providing a secure data channel between each server, between the host and the server and between the at least one access server and the external network.
Description
The application is a divisional application with application date of 2018, 4, month and 16, application number of 201810339750.X, and invention name of 'data service system, method, server and computer readable storage medium'.
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a data service system, a server, and a computer-readable storage medium.
Background
With the development of internet technology, a block chain technology is gradually developed, which is a technical system that is commonly maintained by multiple parties, stores data in a block chain structure, uses cryptography to ensure transmission and access safety, and can realize consistent storage, falsification and repudiation of the data. The data service system is used for realizing each technology in the block chain technology system. A plurality of nodes exist in the data service system, and each node stores transaction data in a blockchain data structure record. A block chain is a chain structure composed of a plurality of blocks. The block is used for recording transaction and state results occurring within a period of time, and is a common recognition of the current account book state; the chain is formed by connecting blocks in series according to the occurrence sequence and is a log record of the whole state change. Users typically create a blockchain network space in a network platform in which to implement a desired service.
In the related art, taking a multi-organization blockchain network provided by an IBM (International Business Machines Corporation) network platform as an example, in the IBM network platform, after a user logs in a cloud account of the IBM network platform, a server displays a current network creation wizard page, and the user can input a network name and a network address on the current network creation wizard page, and select whether to allow the member to add a peer node of another address; and after accepting the default governing rules and strategies of the IBM blockchain network platform, clicking a submit button, thereby creating a blockchain network space. The user may then add multiple peers in the blockchain network space. The user establishes a channel among the multiple peer nodes based on the option of creating the channel, so that the multiple peer nodes associated with the same channel can view the transaction with each other, and the peer nodes outside the channel cannot view the transaction. And selecting a chain code by a user, installing an intelligent contract in the created channel based on the chain code, and deploying an application program corresponding to the service required by the user to the created blockchain network space so that the user realizes the required service in the blockchain network space through the application program.
Disclosure of Invention
To solve the problems of the related art, embodiments of the present invention provide a data service system, a server, and a computer-readable storage medium. The technical scheme is as follows:
in a first aspect, a data service system is provided, the system comprising:
the access server is used for providing access service for at least one block chain platform;
the storage server is used for providing a load-balanced distributed data storage function;
the storage server comprises a cloud hard disk and a file storage, the cloud hard disk is used for storing data to be stored in a multi-copy redundant mode, and the file storage has a shared storage function;
and the block chain service Baas bus is used for providing a secure data channel between each server, between the host and the server and between the at least one access server and the external network.
In a second aspect, a server is provided, which includes a processor and a memory, where at least one instruction is stored in the memory, and the instruction is loaded and executed by the processor to implement the operation performed by any network device in the data service system according to the first aspect.
In a third aspect, a computer-readable storage medium is provided, in which at least one instruction is stored, and the instruction is loaded and executed by a processor to implement the operation performed by any network device in the data service system according to the first aspect.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, the data service system can provide access service through at least one access server, provide a distributed data storage function with balanced load through a storage server, provide a multi-copy redundancy mode storage function provided by a cloud hard disk, share a storage function of file storage and provide a data transmission service provided by a block chain service Baas bus, realize distributed load balance and distributed storage, enable the data storage of the data service system to be more flexible, greatly improve the efficiency and convenience of data storage and reduce the risk of data loss.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a data service system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a data service system according to an embodiment of the present invention;
fig. 3 is a schematic logical structure diagram of a data service system according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a distributed load balancing and storage architecture according to an embodiment of the present invention;
FIG. 5 is a flow chart of a data service method provided by an embodiment of the invention;
fig. 6 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of a data service system according to an embodiment of the present invention. Referring to fig. 1, the data service system includes: at least one access server, a plurality of hosts, and a plurality of container clusters, a storage server, and a Baas (Block chain Service) bus.
The access server is used for providing access service for at least one blockchain platform and providing functions of blockchain management and viewing based on web pages for users.
The access server is located at an access layer of the blockchain network, as shown in fig. 2, the access server may include a Restful (Representational State Transfer, representing a State Transfer interface) API (application program interface), an SDK, and the like, and a user may access the blockchain network platform through the access server, view a public link in the blockchain network platform, log in a personal account of the user in the blockchain network platform, and view data in a personal private network of the user. Meanwhile, the user can manage the personal account in the block chain network platform and set the authority of the private network. For example, permissions are set to allow access only to audits and regulators.
In one possible design, the access server is further configured to provide private network configuration services based on the plurality of hosts and the plurality of container clusters. The access server can provide an entrance for creating a private network in a webpage, and when a user needs to define a private blockchain network, the access server can configure the private network for the user based on the entrance.
In the blockchain network platform, the access server may be configured to receive a blockchain network creation instruction, the blockchain network creation instruction being configured to instruct creation of a private network of the user in the blockchain network platform; the access server may perform private network configuration based on the blockchain network creation instruction. In the private network configuration process, the access server may determine the target host, acquire the address of the target private network VPC, and allocate the target private network based on the address of the target VPC. Further, a user may select a plurality of containers, the plurality of containers may form a target container cluster, the target host may deploy a target container cluster selected by the user, and the target container cluster may deploy a plurality of service types required by the user. The access server determines a target container cluster and obtains a target blockchain engine and a mirror image, and deploys the blockchain engine in the target private network space by running the mirror image through the target container cluster running on the target host. Then, the access server acquires the target external network domain name, and stores the address of the target private network, the target external network domain name and the mapping relation between the mirror image paths in an associated manner.
After the user logs in the personal account in the blockchain network platform, a blockchain network creation instruction in the blockchain network platform can be triggered, so that the own private network is defined in the blockchain platform. When the access server receives a blockchain network creation instruction, the access server can prompt a user to select a host providing service in a current webpage, and the user can select a target host in a user area and in an available area according to the area where the alternative host is located and the available area of each area.
It should be noted that the target Host may be a CDH (Cloud Virtual Machine differentiated Host). The CDH is previously deployed with a virtualization system, and a user can implement a desired service based on the virtualization system. In the embodiment of the present invention, the access server may further define a plurality of special sub-machines on the host, and configure the CPU, the memory, and the like of the special sub-machines. The Virtual machines created by the user through the established virtualization system using the physical resources of the dedicated host machines are dedicated to the dedicated sub machines, one CVM (Cloud Virtual Machine) instance can be deployed on one dedicated sub Machine, and thus a Cloud server instance cluster can be deployed on the target host Machine. Creating a dedicated sub-machine on the CDH, i.e., a process of dividing physical server resources into a plurality of virtual machines.
After the user selects the target host, a private network can be defined in the blockchain network platform based on the IP address. The user may specify the IP address group in the form of a CIDR (class Inter-Domain Routing) block. The access server configures a private network for the user based on the set of IP addresses specified by the user. And, the access server can configure the regional attributes of the private network for the user. For example, the user may select north china (beijing) as the usage area, and the access server may use the north china (beijing) selected by the user as the regional attribute of the private network. Of course, the access server may also automatically match the area where the current location is located or the area close to the current location for the user according to the current location of the user. The access server then adds the user-selected target host to the private network.
It should be noted that a Private network (VPC) is a hostable service resource provided by a blockchain network platform, and includes Cloud service resources such as a Cloud server, load balancing, and a Cloud database. The user can customize network segment division, IP address, routing strategy and the like, the basic information of the private network is customized, and the user can set the access authority of the private network, so that other users can not access without authorization, and network isolation is realized. The CIDR block realizes the integral division of the network by combining the IP address and the mask based on the IP address defined by the user. Taking 10.1.0.0/16 as an example, the IP of the private network selected by the user is to the left of the slash and the mask of the private network is to the right of the slash. The size of the space of the private network is adjusted by setting the size of the mask. The private network comprises 2 IP addresses (32-mask), and the 10.1.0.0/16 network block contains 65536 IP addresses at most. In addition, the private network has a regional attribute, for example, private network a has a regional attribute of south china (guangzhou), and a user cannot create a VPC across regions.
In one possible design, the user may also define at least one subnet within the private network, wherein the access server creates the subnet based on a selected availability zone that is within the residence of the private network. Correspondingly, the target host is added to the private network, that is, a special sub-machine is added to each sub-network of the private network.
In the embodiment of the present invention, the blockchain network platform may further provide a CCS (Cloud Container Service), where the Cloud Container Service is a highly scalable high-performance Container management Service, and after a user defines a target host and a private network, an application may be quickly and efficiently run on a target Container cluster through the CCS Service.
After the access server configures the target host for the user, the access server can also create a target container cluster for the user based on the cloud container service provided by the blockchain network platform, and deploy the service required by the user on the target container cluster. Wherein the target container cluster comprises a plurality of identically configured containers. When a container creating instruction is received, the access server realizes the creation of a target container cluster through the process of creating a cluster and creating a service. Wherein the cluster may run a set of required cloud resources for a plurality of containers included in the target container cluster. In the embodiment of the invention, the cluster can be a host, a load balancer and other cloud resources. The service may be a microservice composed of a target container cluster and rules that access the target container cluster.
The process of creating the cluster may be: the access server acquires basic information of a cluster set in a current webpage by a user, and creates the cluster for the user based on the basic information. Meanwhile, the access server can also display the created cluster in a cluster list for the user to view. Wherein, the basic information of the cluster may include: cluster name, charging mode, region, available area, node network, container network, cluster description and the like.
The access server uses the target private network as a network operating space corresponding to the target container cluster, and the node network of the cluster can be a certain subnet in the private network. The container network is a distribution network of containers in the target container cluster, and the access server can take a network corresponding to a private network segment in the node network as the container network. The access server can automatically allocate an IP address segment with a proper size for the kubernets service according to the upper limit of the service quantity in the cluster selected by the user, and meanwhile, the container network automatically allocates a 24-bit network segment for each cloud host in the cluster to allocate the IP address of the Pod (instance) for the host.
The access server acquires basic information of the service set by the user, and acquires a mounting path corresponding to the target container cluster and storage equipment corresponding to the target container cluster. In the embodiment of the present invention, the target container cluster may be mounted on the target host. The access server acquires the configuration information of the target container cluster to be created, and creates the target container cluster for the user based on the configuration information. Wherein, the configuration information may include the name, mirror image, etc. of the target container cluster.
In the embodiment of the present invention, the plurality of hosts and the plurality of container clusters are configured to provide mutually isolated private network services for a plurality of users based on private network configuration performed by the plurality of users through the access server.
The target host can be a CDH host, the CDH host can provide exclusive physical server resources for users, the requirements of user resource exclusive sharing, resource physical isolation, safety and compliance are met, and each user can realize resource isolation through the exclusive CDH host. And the access server can realize the isolation of private networks among different users through the CDH host by configuring an IP address and a routing strategy.
As shown in fig. 2, a plurality of containers are provided on a blockchain network platform, and are organized and managed by a kubernets orchestration tool, which defines in advance the functions in the containers for implementing a certain service type, so that one or more service types can be deployed on a target container cluster, so as to enable a user's private network. In addition, in the actual operation process of the services, the kubernets orchestration tool can also perform resource scheduling, dynamic scaling and the like on a plurality of services operated on the container cluster.
It should be noted that, through the CCS service, the Docker application can be started and stopped, the complete state of the cluster can be queried, and various cloud services can be used, without installing, operating and maintaining, or expanding the cluster management infrastructure on the blockchain network platform, by simply calling the API. In addition, Kubernets can provide a series of complete functions such as deployment operation, resource scheduling, service discovery, dynamic expansion and the like for containerized applications, and can help users to quickly realize containerized deployment, expansion and management of application programs, so that the service processing efficiency is greatly improved.
The multiple hosts and multiple container clusters of the blockchain network platform may also be used to run blockchain engines of private network services for multiple users through the multiple container clusters. In the embodiment of the invention, the access server can acquire a target blockchain engine and a mirror image, and the mirror image is operated through the target container cluster, so that the deployment of the blockchain engine is realized in the private network space. The blockchain engine is configured with an algorithm for guiding the whole business process, such as a consensus algorithm, and the blockchain engine may be deployed on a target container cluster, and the target container cluster may run the target blockchain engine to complete the business required by the user. Wherein, the user can customize the mirror image, or select a mirror image from the block chain network platform.
Further, the access server may further obtain a target external network domain name, associate a mirror image path of the target container cluster, a private network address corresponding to the target container cluster and the target external network domain name, and store a mapping relationship between the mirror image path, the private network address and the target external network domain name, thereby establishing a correspondence relationship between an external network, an internal network and the container cluster, and implementing automatic deployment of the container cluster by running a block chain engine on the target container. In an embodiment of the present invention, the data service system starts a blockchain engine on the target container cluster, thereby implementing automated deployment of the blockchain engine in the private network space.
In fact, as shown in fig. 3, the data service system may logically deploy a BaaS interface, a hyper book (hyper leg), a smart contract (Corda), and multiple Docker container clusters managed based on kubernets orchestration, the multiple container clusters are mounted on multiple hosts, a business system of a user may access the data service system through the BaaS interface, and an administrator of the data service system may monitor the multiple container clusters based on a BaaS background. Of course, the data service system may also provide some other services based on the private network, such as big data analysis, artificial intelligence, cloud security, automated operation and maintenance, and the like.
It should be noted that, in the above manner, multiple users may customize their own target private networks based on IP addresses in the private networks, and implement network isolation between the private networks of multiple users through the security group and the ACL (Access Control List) of the private networks. Moreover, a plurality of blockchain engines corresponding to a plurality of different container clusters can be provided, the operating system disk of the target host adopts a CBS cloud disk, the storage service of CFS and CRS is used, and each storage device can be deployed in a physical enclosure or privatized deployment based on the security requirement of a user, so that independent management and control operation and maintenance can be supported. In addition, at least three parts of stored data can be backed up based on the storage service of the CBS cloud disk, the CFS and other equipment, and the synchronization with urban real-time data and the synchronization in semi-real time in different places are supported, so that the safety, the flexibility and the practicability of a data service system are greatly improved.
In addition, the data service system can also provide integrated security protection from a network, a host to data, service security and the like, and ensure that the service of the user can be safely operated, for example, services such as industry authentication security compliance, network isolation, DDoS (Distributed Denial of service) protection, vulnerability scanning, host protection, service continuity guarantee, security management, auditing and the like are provided to realize platform security, and the security of user data is greatly improved.
It should be noted that, in the prior art, a blockchain Network is generally created for a user in a conventional Vlan (Virtual Local Area Network) Network to implement blockchain service, but in the conventional Network, all users on a blockchain Network platform share a common Network resource pool, Network isolation cannot be performed between the user and other users, and a management device uniformly allocates an IP address to the user, so that the user cannot customize a private Network. In the embodiment of the invention, the user can freely define the network segment division, the IP address and the routing strategy, and the access server can automatically deploy the block chain service for the user based on the user requirement, thereby greatly improving the deployment efficiency. Meanwhile, the user can realize multi-layer security protection through a security group, an ACL and the like, so that the flexibility and the security of the block chain service are greatly improved.
In one possible design, the data service system further supports a migration function of the target container cluster, and the user may also migrate the target container cluster. The access server is further configured to: when a migration instruction of the target container cluster is received, the access server may modify the private network address corresponding to the target container cluster in the mapping relationship into a migrated private network address based on the private network address corresponding to the target container cluster, thereby implementing dynamic migration of the target container cluster in the private network.
In an embodiment of the present invention, the data service system further includes a Baas bus, and the Baas bus is used for providing a secure data channel between the servers, between the host and the servers, and between the at least one access server and the external network.
The Baas bus is used for providing an encryption and decryption function of interactive data and a function of issuing and maintaining a digital certificate. The data service system can call an encryption and decryption algorithm and a key storage service provided by a hardware encryption machine through an interface of the Baas bus, and a digital Certificate issuing and maintaining function provided by a CA (Certificate Authority) center of a designated organization, and the hardware encryption machine and the CA center function can be deployed in a physical enclosure, or privately deployed for each user, and support independent management and control, so that the security of encryption, decryption and authentication is greatly improved.
In one possible design, in the blockchain network platform, any blockchain organization other than a certain alliance chain may issue join requests to the alliance chain to share transaction data of members of the alliance chain. When the access server receives the join request of other members, the access server realizes the rapid join of other members through the secure channel provided by the Baas bus. The Baas bus can be docked by a third party platform or docked in a private network to realize rapid joining. When the access server receives a joining request of any other block chain organization, if the joining request is initiated by a third party platform, the joining server is in butt joint with the third party platform through a private line or an ipsec (security virtual private network) VPN provided by the Baas bus; or, when the access server receives a join request of any other blockchain organization, if the join request is initiated through any private network in the system, the access server performs peer-to-peer connection with any private network through the Baas bus. When the connection is made, the Baas bus calls the certification service of the CA center through an interface, the permission verification is carried out on the join request of other block chain organizations, and the communication connection is established between the Baas bus and the other block chain organizations through a consensus algorithm, wherein the other block chain organizations can call the digital certificate of the CA center through the Baas bus first and then initiate the join request to the current alliance chain.
It should be noted that, when the auditing organization needs to supervise each member of the federation chain, the auditing organization can directly supervise and audit each member through the intervening server on the premise of authorization of each member. Of course, the authorization of each member in the alliance chain to the monitoring information can be obtained by the way that other members initiate the joining request and are in butt joint, and supervision and audit of each member is realized by establishing butt joint.
In the embodiment of the invention, the data service system further comprises a storage server, and the storage server is used for providing a load-balanced distributed data storage function. The Storage server may include CBS (Cloud Block Storage) and CFS (Cloud File Storage).
It should be noted that the CBS may provide data storage at a data block level, the cloud hard disk may automatically perform multi-copy redundancy storage on data to be stored by using a multi-copy distributed mechanism, and when any one copy fails, data migration and recovery may be performed quickly, so as to avoid a single point failure risk of the data, and greatly improve reliability of data storage. Moreover, the CBS can be used for carrying out persistent storage on data and can be mounted on any running instance in the same available area, and the data storage service can be provided for the instance without closing or restarting a server, so that the efficiency and the convenience of data storage are greatly improved.
The CFS has a shared storage function, and the shared storage function is a function in which a plurality of CVMs can share the same storage space through an NFS (Network File System) protocol. In addition, the CFS can also automatically and elastically expand the storage capacity of the file system according to the size of the file capacity, so that a user can use different schemes to realize cross-available-area and cross-network file access according to the actual condition of the service of the user, the space can be adjusted based on the current storage condition, and the storage flexibility is improved.
In one possible design, the data service system schedules devices within the system based on their load. As shown in fig. 4, the data service system may access the access request to the server nearest to the access request through a domain name resolution function of dnpost; for an external network except the private network, the data service system can distribute the service request to a router corresponding to the service type according to the service type of the service request, and dynamically schedule the service request through the load balancing function of the gateway TGW; for the private network, the data service system can dynamically schedule the service request in the available servers according to the loads of the servers associated with the Baas bus.
In addition, in the embodiment of the present invention, the storage server is further configured to implement disaster recovery and backup functions of the data service system. As shown in fig. 4, the CDH host and the target container cluster in the data service system perform backup storage of multiple copies through CBS and CFS, for example, store 3-point data in different rooms in the same city. In addition, the user can also synchronize or semi-synchronize to store in different places through the customized mirror image, so that the risk of data loss is reduced.
In one possible design, the data server system may issue monitoring and operation and maintenance services through the target blockchain engine based on the interface of the Baas bus, allowing other blockchain organizations to subscribe to the monitoring and operation and maintenance services; and, the monitoring and operation and maintenance services published by other block chain engines can be subscribed and used through the interface of the Baas bus. The BaaS bus can be used for adaptively monitoring operation and maintenance interfaces according to different block chain engines. Meanwhile, different blockchain platforms can use interfaces of the BaaS bus to order functions of CA, encryption and decryption, key storage, cloud OS and the like.
In a possible design, the private network can support dynamic migration of a target container cluster based on an IP address, a service running on the target container cluster can be subjected to online hot migration, and even if a current container is damaged, the service can be run through other containers, so that the disaster tolerance capability of the target container cluster is greatly improved. The Data in the Data security zone can be backed up and stored in the same city or different places through a Data Center Interconnect (DCI) encryption channel. And disaster tolerance among multiple places is realized through the dnspot, and disaster tolerance in the same city is realized through load balancing of an external network. When the members in the alliance chain authorize and permit, the data service system can export and import the data in the blockchain network platform, and orderly arrange the backup and disaster recovery transaction data based on the transaction global unique number, thereby improving the accuracy of backup and disaster recovery.
In the embodiment of the invention, the data service system can provide access service, block chain management and viewing function and private network configuration service through at least one access server; based on a plurality of hosts and a plurality of container clusters, users can customize a network, so that mutually isolated private network services are realized, and a block chain engine of the private network services of the users is operated through the container clusters, so that the data service system can realize the automatic deployment process of the block chain services, the manual operation processes of uploading chain codes and configuring application programs manually by the users, establishing channels and the like are omitted, and the efficiency of actual operation is greatly improved.
Fig. 5 is a flowchart of a data service method provided in an embodiment of the present invention, where the data service method is applied to the data service system in the foregoing embodiment, and as shown in fig. 5, the method includes:
501. the at least one access server provides access service for the at least one blockchain platform and provides webpage-based blockchain management and viewing functions for the user;
502. the access server provides private network configuration service based on a plurality of hosts and a plurality of container clusters;
503. the plurality of hosts and the plurality of container clusters provide mutually isolated private network services for the plurality of users based on private network configuration of the plurality of users through the access server, and run block chain engines of the private network services of the plurality of users through the plurality of container clusters;
504. the storage server provides a load-balanced distributed data storage function;
505. the blockchain service, Baas, bus provides a secure data channel between the various servers, between the host and the servers, and between the at least one access server and the external network.
Optionally, the method further includes:
the access server receives a blockchain network creation instruction, wherein the blockchain network creation instruction is used for instructing to create a private network of a user in a blockchain network platform;
the access server determines a target host, acquires the address of a target private network and allocates the target private network based on the address of the target private network;
the access server determines a target container cluster, acquires a target blockchain engine and a mirror image, runs the mirror image through the target container cluster running on the target host, and realizes the deployment of the blockchain engine in the target private network space;
the access server acquires a target external network domain name, and stores the address of the private network corresponding to the target container cluster, the mapping relation between the target external network domain name and the mirror image path of the target container cluster in an associated manner.
Optionally, the method further includes:
when receiving a migration instruction of a target private network, the access server modifies the address of the private network corresponding to the target container cluster in the mapping relationship into the address of the migrated private network.
Optionally, the method further includes:
the Baas bus provides the encryption and decryption functions of interactive data and the functions of signing and maintaining digital certificates.
Optionally, the method further includes:
when receiving a joining request of any block chain organization, if the joining request is initiated through a third party platform, the access server is in butt joint with the third party platform through a special line or a security virtual private network ipsec VPN provided by the Baas bus;
or, when receiving a join request of any blockchain organization, if the join request is initiated through any private network in the system, the access server performs peer-to-peer connection with any private network through the Baas bus.
Optionally, the method further includes:
when the data service system is in butt joint with any block chain organization, the data service system calls the authentication service of the CA center through the Baas bus, carries out permission verification on the joining request of the block chain organization, and establishes communication connection with any block chain organization through a consensus algorithm, wherein any block chain organization calls the digital certificate of the CA center through the Baas bus and initiates the joining request to the current alliance chain.
Optionally, the method further includes:
the data service system is also used for scheduling each device based on the load condition of each device in the system.
Optionally, the method further includes:
the storage server is also used for realizing disaster recovery and backup functions of the data service system.
In the embodiment of the invention, the data service system can provide access service, block chain management and viewing function and private network configuration service through at least one access server; based on a plurality of hosts and a plurality of container clusters, users can customize a network, so that mutually isolated private network services are realized, and a block chain engine of the private network services of the users is operated through the container clusters, so that the data service system can realize the automatic deployment process of the block chain services, the manual operation processes of uploading chain codes and configuring application programs manually by the users, establishing channels and the like are omitted, and the efficiency of actual operation is greatly improved.
Fig. 6 is a schematic structural diagram of a server according to an embodiment of the present invention, where the server 600 may generate a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 601 and one or more memories 602, where the memory 602 stores at least one instruction, and the at least one instruction is loaded and executed by the processor 601 to implement an operation performed by any network device in the data service system. Of course, the server may also have components such as a wired or wireless network interface, a keyboard, and an input/output interface, so as to perform input/output, and the server may also include other components for implementing the functions of the device, which are not described herein again.
In an exemplary embodiment, a computer-readable storage medium, such as a memory, including instructions executable by a processor in a terminal to perform operations performed by any network device in a data service system in the following embodiments is also provided. For example, the computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A data service system, the system comprising:
the access server is used for providing access service for at least one block chain platform;
the storage server is used for providing a load-balanced distributed data storage function;
the storage server comprises a cloud hard disk and a file storage, the cloud hard disk is used for storing data to be stored in a multi-copy redundant mode, and the file storage has a shared storage function;
and the block chain service Baas bus is used for providing a secure data channel between each server, between the host and the server and between the at least one access server and the external network.
2. The system of claim 1, wherein the data service system is further configured to schedule the devices based on loading of the devices in the system.
3. The system of claim 2, wherein the data service system is further configured to:
accessing the access request to a server nearest to the access request through a domain name resolution function of a domain name resolution tool;
for an external network except a private network, distributing a service request to a router corresponding to the service type according to the service type of the service request, and dynamically scheduling the service request through a load balancing function of a gateway;
and for the interior of the private network, dynamically scheduling the service request in the available servers according to the loads of the servers associated with the Baas bus.
4. The system of claim 1, wherein the storage server is further configured to implement disaster recovery and backup functions of the data service system.
5. The system of claim 4, wherein the data service system is further configured to export and import data in the blockchain network platform, and based on the transaction global unique number, sequentially arrange disaster-tolerant and backup transaction data.
6. The system of claim 4, further comprising:
the system comprises a plurality of hosts and a plurality of target container clusters, and is used for performing backup storage of multiple copies through cloud hard disks and file storage.
7. The system of claim 6, wherein the at least one access server is further configured to:
and providing private network configuration service based on the plurality of hosts and the plurality of target container clusters, wherein the private network supports the target container clusters to perform dynamic migration based on IP addresses.
8. The system of claim 4, wherein the data service system is further configured to:
and the data is supported to be backed up and stored in different places through a data center network cluster encryption channel.
9. A server, comprising a processor and a memory, wherein at least one instruction is stored in the memory, and wherein the instruction is loaded and executed by the processor to perform operations performed by any network device in a data service system according to any one of claims 1 to 8.
10. A computer-readable storage medium having stored therein at least one instruction which is loaded and executed by a processor to perform operations performed by any network device in a data service system of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910711050.3A CN110430259B (en) | 2018-04-16 | 2018-04-16 | Data service system, server, and computer-readable storage medium |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810339750.XA CN108512935B (en) | 2018-04-16 | 2018-04-16 | Data service system, method, server and computer readable storage medium |
| CN201910711050.3A CN110430259B (en) | 2018-04-16 | 2018-04-16 | Data service system, server, and computer-readable storage medium |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810339750.XA Division CN108512935B (en) | 2018-04-16 | 2018-04-16 | Data service system, method, server and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110430259A CN110430259A (en) | 2019-11-08 |
| CN110430259B true CN110430259B (en) | 2020-12-01 |
Family
ID=63382023
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810339750.XA Active CN108512935B (en) | 2018-04-16 | 2018-04-16 | Data service system, method, server and computer readable storage medium |
| CN201910711050.3A Active CN110430259B (en) | 2018-04-16 | 2018-04-16 | Data service system, server, and computer-readable storage medium |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810339750.XA Active CN108512935B (en) | 2018-04-16 | 2018-04-16 | Data service system, method, server and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN108512935B (en) |
Families Citing this family (41)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110933015B (en) * | 2018-09-19 | 2022-03-11 | 阿里巴巴集团控股有限公司 | Data transmission method, device and system |
| CN111045690B (en) | 2018-10-12 | 2023-04-28 | 阿里巴巴集团控股有限公司 | Block chain node service deployment method, device, system, computing equipment and medium |
| CN111124589B (en) * | 2018-10-30 | 2022-12-13 | 中移(苏州)软件技术有限公司 | Service discovery system, method, device and equipment |
| CN111131131B (en) * | 2018-10-31 | 2023-04-18 | 中移(苏州)软件技术有限公司 | Vulnerability scanning method and device, server and readable storage medium |
| CN109471658A (en) * | 2018-11-19 | 2019-03-15 | 四川长虹电器股份有限公司 | A method of the fast construction target drone environment based on container |
| US11762815B2 (en) | 2018-11-23 | 2023-09-19 | Amazon Technologies, Inc. | Multi-framework managed blockchain service |
| US11411921B2 (en) * | 2018-11-23 | 2022-08-09 | Amazon Technologies, Inc. | Enabling access across private networks for a managed blockchain service |
| WO2020106845A1 (en) * | 2018-11-23 | 2020-05-28 | Amazon Technologies, Inc. | Enabling access across private networks for a managed blockchain service |
| CN109286639A (en) * | 2018-11-29 | 2019-01-29 | 郑静 | A kind of digital certificate compatibility control system and application method based on RESTful framework |
| CN109714170B (en) * | 2018-12-20 | 2021-07-20 | 弗洛格(武汉)信息科技有限公司 | Data isolation method in alliance chain and corresponding alliance chain system |
| CN109800056A (en) * | 2019-01-16 | 2019-05-24 | 杭州趣链科技有限公司 | A kind of block chain dispositions method based on container |
| CN109819068B (en) * | 2019-03-19 | 2021-07-30 | 全链通有限公司 | User terminal, block chain domain name resolution method thereof, computer equipment and computer readable storage medium |
| CN109981641B (en) * | 2019-03-26 | 2020-10-02 | 北京邮电大学 | Block chain technology-based safe publishing and subscribing system and publishing and subscribing method |
| CN110022209B (en) * | 2019-03-26 | 2021-06-29 | 创新先进技术有限公司 | Method and equipment for configuring alliance node |
| CN110113243B (en) * | 2019-04-29 | 2021-05-14 | 电子科技大学 | User non-inductive VPN access method based on container technology |
| CN111984722A (en) * | 2019-05-22 | 2020-11-24 | 顺丰科技有限公司 | Block chain data request processing method and device, server and storage medium |
| CN110336753B (en) * | 2019-06-19 | 2021-10-22 | 腾讯科技(深圳)有限公司 | Cross-network-area service calling method, device, equipment and storage medium |
| CN110213114B (en) * | 2019-06-21 | 2024-04-09 | 深圳前海微众银行股份有限公司 | Decentralised network service method, device, equipment and readable storage medium |
| CN110266501B (en) * | 2019-07-08 | 2022-02-11 | 中国联合网络通信集团有限公司 | Block chain node device and block chain network system |
| CN110347509B (en) * | 2019-07-08 | 2021-12-10 | 北京字节跳动网络技术有限公司 | Service framework access system, service request processing method, device and medium |
| CN110401656B (en) * | 2019-07-24 | 2021-11-30 | 西安纸贵互联网科技有限公司 | Block chain management system |
| CN110417896B (en) * | 2019-07-31 | 2022-01-28 | 中国工商银行股份有限公司 | System and method for dynamically networking block chain based on cloud |
| CN110611697B (en) * | 2019-08-02 | 2020-07-07 | 杭州网银互联科技股份有限公司 | Network architecture system and network deployment method of hybrid cloud |
| CN112333131B (en) * | 2019-08-05 | 2023-04-18 | 北京京东振世信息技术有限公司 | Service providing method, block chain network service system and storage medium |
| CN110830546A (en) * | 2019-09-20 | 2020-02-21 | 平安科技(深圳)有限公司 | Available domain construction method, device and equipment based on container cloud platform |
| CN110825353A (en) * | 2019-10-08 | 2020-02-21 | 北京衣念科技发展有限公司 | Novel enterprise-level POS (point of sale) technical framework |
| CN112751694A (en) * | 2019-10-30 | 2021-05-04 | 北京金山云网络技术有限公司 | Management method and device of exclusive host and electronic equipment |
| CN110908801B (en) * | 2019-11-12 | 2022-07-12 | 金蝶软件(中国)有限公司 | Data processing method and device based on block chain, computer equipment and storage medium |
| CN111211930B (en) * | 2019-12-31 | 2022-08-26 | 杭州趣链科技有限公司 | Block chain service disaster-tolerant backup containerized deployment method |
| CN111372205A (en) * | 2020-02-28 | 2020-07-03 | 维沃移动通信有限公司 | Information prompting method and electronic equipment |
| CN111796905B (en) * | 2020-05-22 | 2021-04-16 | 浙商银行股份有限公司 | Method and system for realizing Kubernetes container cloud platform VLAN network |
| CN113810241A (en) * | 2020-06-15 | 2021-12-17 | 北京金山云网络技术有限公司 | Test method and device for kubernets cluster |
| CN113839974A (en) * | 2020-06-23 | 2021-12-24 | 海尔数字科技(上海)有限公司 | Container platform charging method and system |
| US11336566B2 (en) | 2020-06-29 | 2022-05-17 | Sony Group Corporation | Transaction flow management based on operational troubles on a MAAS platform |
| CN111949366B (en) * | 2020-07-07 | 2024-04-05 | 北京思特奇信息技术股份有限公司 | System and method for reversely proxy out-of-container service to inside of container |
| CN112015517B (en) * | 2020-08-05 | 2024-03-29 | 北京链飞未来科技有限公司 | Block chain node dynamic migration method and system based on k8s cluster |
| CN112165381B (en) * | 2020-08-18 | 2023-12-05 | 远景智能国际私人投资有限公司 | Key management system and method |
| CN112256490A (en) * | 2020-11-17 | 2021-01-22 | 珠海大横琴科技发展有限公司 | Data processing method and device |
| CN114666249B (en) * | 2020-12-03 | 2023-07-07 | 腾讯科技(深圳)有限公司 | Traffic collection method and equipment on cloud platform and computer readable storage medium |
| CN114793219B (en) * | 2021-01-25 | 2023-10-24 | 腾讯科技(深圳)有限公司 | Account processing method and device, storage medium and electronic equipment |
| CN112953908A (en) * | 2021-01-28 | 2021-06-11 | 中国工商银行股份有限公司 | Network isolation configuration method, device and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107807991A (en) * | 2017-11-07 | 2018-03-16 | 泰康保险集团股份有限公司 | For handling the method and device of block chain data |
| CN107911421A (en) * | 2017-10-30 | 2018-04-13 | 上海点融信息科技有限责任公司 | For configuring the method for internetwork communication, equipment and computer-readable storage medium in block chain |
Family Cites Families (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420854A (en) * | 2011-11-14 | 2012-04-18 | 西安电子科技大学 | Distributed file system facing to cloud storage |
| US9674080B2 (en) * | 2014-06-27 | 2017-06-06 | Futurewei Technologies, Inc. | Proxy for port to service instance mapping |
| US20160260095A1 (en) * | 2015-03-02 | 2016-09-08 | Dell Products, Lp | Containerized Computational Task Execution Management Using a Secure Distributed Transaction Ledger |
| CN106101242B (en) * | 2016-06-24 | 2019-08-06 | 深圳前海微众银行股份有限公司 | The construction method and device of block chain cloud service platform |
| WO2018031409A1 (en) * | 2016-08-07 | 2018-02-15 | Dot Blockchain Music, Inc. | Distributed data store for managing media |
| EP3504835B1 (en) * | 2016-08-24 | 2021-09-22 | Upgraded Inc. | Digital securitization, obfuscation, policy and commerce of event tickets |
| CN106790513A (en) * | 2016-12-19 | 2017-05-31 | 杜伯仁 | The method that network share service is realized based on block chain |
| CN107147704B (en) * | 2017-04-21 | 2019-12-13 | 杭州趣链科技有限公司 | block chain-oriented universal service middleware system |
| CN107395674A (en) * | 2017-06-14 | 2017-11-24 | 广东网金控股股份有限公司 | A kind of application system accesses the method and device of isomery block platform chain |
| CN107705113B (en) * | 2017-09-06 | 2021-04-13 | 浙江大学 | Block chain cross-border cross-bank payment method and system based on Baas architecture |
| CN107579931B (en) * | 2017-09-08 | 2019-09-10 | 杭州云象网络技术有限公司 | A kind of block chain, that is, Service Source adaptation method based on Kubernetes |
| CN111143177B (en) * | 2019-12-04 | 2023-08-11 | 中国建设银行股份有限公司 | Method, system, device and storage medium for collecting RMF III data of IBM host |
-
2018
- 2018-04-16 CN CN201810339750.XA patent/CN108512935B/en active Active
- 2018-04-16 CN CN201910711050.3A patent/CN110430259B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107911421A (en) * | 2017-10-30 | 2018-04-13 | 上海点融信息科技有限责任公司 | For configuring the method for internetwork communication, equipment and computer-readable storage medium in block chain |
| CN107807991A (en) * | 2017-11-07 | 2018-03-16 | 泰康保险集团股份有限公司 | For handling the method and device of block chain data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110430259A (en) | 2019-11-08 |
| CN108512935B (en) | 2020-08-18 |
| CN108512935A (en) | 2018-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110430259B (en) | Data service system, server, and computer-readable storage medium | |
| US9864727B1 (en) | Providing dynamically scaling computing load balancing | |
| JP5948362B2 (en) | Dynamic migration of computer networks | |
| WO2018095416A1 (en) | Information processing method, device and system | |
| CN109254831B (en) | Virtual machine network security management method based on cloud management platform | |
| EP2875439B1 (en) | Migrating applications between networks | |
| WO2015172362A1 (en) | Network function virtualization network system, data processing method and device | |
| WO2017114363A1 (en) | Packet processing method, bng and bng cluster system | |
| CN111835820A (en) | System and method for realizing cloud management | |
| US20190098107A1 (en) | Geographic location based user computing asset provisioning in distributed computing systems | |
| CN113821268A (en) | Kubernetes network plug-in method fused with OpenStack Neutron | |
| US20200092188A1 (en) | System and method for creating, deploying, and administering distinct virtual computer networks | |
| CN112099913A (en) | Method for realizing safety isolation of virtual machine based on OpenStack | |
| US20230148158A1 (en) | Method and system for managing cloud resources | |
| US20190334874A1 (en) | Concealment of Customer Sensitive Data In Virtual Computing Arrangements | |
| Arnold et al. | Building the IBM Containers cloud service | |
| US11783066B2 (en) | Securely sharing files with user devices based on location | |
| CN115604120B (en) | Multi-cloud cluster resource sharing method, device, equipment and storage medium | |
| CN107682184B (en) | Cloud service platform region resource extended method, device, equipment and storage medium | |
| US20220021532A1 (en) | Tracking Tainted Connection Agents | |
| CN114500450A (en) | Domain name resolution method, device and computer readable storage medium | |
| US11778025B1 (en) | Cross-region directory service | |
| US20240071633A1 (en) | Peer-to-Peer Secure and Scalable Network Architecture | |
| Hoogendoorn et al. | An Introduction to NSX-T | |
| US10599483B1 (en) | Decentralized task execution bypassing an execution service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40014884 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |