CN110708338A - Internal and external network data interaction system and method based on three-layer network architecture - Google Patents
Internal and external network data interaction system and method based on three-layer network architecture Download PDFInfo
- Publication number
- CN110708338A CN110708338A CN201911068447.1A CN201911068447A CN110708338A CN 110708338 A CN110708338 A CN 110708338A CN 201911068447 A CN201911068447 A CN 201911068447A CN 110708338 A CN110708338 A CN 110708338A
- Authority
- CN
- China
- Prior art keywords
- message
- server
- layer
- network
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000003993 interaction Effects 0.000 title claims abstract description 21
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000002955 isolation Methods 0.000 claims abstract description 18
- 230000005540 biological transmission Effects 0.000 claims abstract description 6
- 238000004891 communication Methods 0.000 claims abstract description 5
- 238000004519 manufacturing process Methods 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000036632 reaction speed Effects 0.000 abstract description 2
- 230000002411 adverse Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an internal and external network data interaction system based on a three-layer network architecture and a method thereof, belonging to the technical field of network communication, and comprising an isolation layer, an information server layer and an internal network data service layer, wherein the isolation layer comprises a firewall and a request proxy server which is communicated with an external network through the firewall; the message service layer comprises a message server which is communicated with the request proxy server through a network cable; the intranet data service layer comprises a service logic server, the service logic server is communicated with the message server through a network cable, the technical problem of real-time data interaction between an intranet and an intranet is solved, the intranet and the intranet data service layer adopts a three-layer network architecture, realizes data interaction between the intranet and the intranet by means of a java message server, and is low in cost, high in safety, good in response real-time performance, high in reaction speed, unlimited in file transmission format and good in compatibility.
Description
Technical Field
The invention belongs to the technical field of network communication, and particularly relates to an internal and external network data interaction system and method based on a three-layer network architecture.
Background
Due to the particularity of some enterprises, the system developed by the enterprises analyzes that the analyzed data source belongs to confidential data, is not suitable for being disclosed in an external network environment, and can cause extremely serious adverse effects if data leakage occurs. Therefore, a secure way is used to provide the extranet access to the intranet data.
The currently known schemes for implementing data interaction between internal and external networks include three types:
1. using the gatekeeper mapping function: that is, the external network machine of the designated ip segment is configured in the network gate, and only the designated service provided by the machine of the designated ip and port can be accessed. This is most convenient but not safe.
2. The file synchronization function: the method needs an external network server and an internal network server, interface service programs are respectively deployed on the internal and external network servers, shared file sisters are respectively established on internal and external network machines, and a network gate is provided for file synchronization (from the internal network to the external network and from the external network to the internal network). Although this approach is relatively secure, it is not responsive in real time and the user experience is poor.
3. Database synchronization: there is a requirement on the transmission format of the data file, and the data in the table cannot be of a big data type.
The technical scheme generally has the technical defects of high cost, poor safety, non-real-time response, low reaction speed, unfriendly file transmission format and the like.
Disclosure of Invention
The invention aims to provide an internal and external network data interaction system and method based on a three-layer network architecture, which solve the technical problem of real-time data interaction between an internal network and an external network.
In order to realize the purpose, the invention adopts the following technical scheme:
an internal and external network data interaction system based on a three-layer network architecture comprises an isolation layer, an information server layer and an internal network data service layer, wherein the isolation layer comprises a firewall and a request proxy server, and the request proxy server is communicated with an external network through the firewall;
the message service layer comprises a message server which is communicated with the request proxy server through a network cable;
the intranet data service layer comprises a service logic server which is communicated with the message server through a network cable.
Preferably, the isolation layer is deployed in a small network area between the enterprise internal network and the external network.
Preferably, the message server performs asynchronous message transmission through the JMS service.
Preferably, the service logic server accesses a network segment and a port corresponding to the message server, and the service logic server communicates with the enterprise internal network.
An internal and external network data interaction method based on a three-layer network architecture comprises the following steps:
step 1: establishing the internal and external network data interaction system based on the three-layer network architecture;
step 2: establishing a message queue production module in the request proxy server in the isolation layer, wherein the message queue production module formulates a message queue and sends a message request to the message server in the message service layer according to the sequence of the message queue;
and step 3: the message server in the message service layer stores the message request and returns the result of the message request to the request proxy server;
the message server adopts JMS service to carry out asynchronous communication: JMS is an application program interface in Java message service, and an API about MOM (message oriented middleware) in a Java platform is used for sending messages between two application programs or in a distributed system;
and 4, step 4: establishing a message queue monitor in the service logic server in the intranet data service layer, wherein the message queue monitor is used for monitoring message requests stored by the message server;
the service logic server responds to the message request and sends a response result to the message server, and the message server returns the response result to the request proxy server as a result of the message request.
Preferably, when step 2 is executed, the requesting proxy server can only access the network segment and the port corresponding to the message server.
Preferably, when step 3 is executed, the message service layer is always in a visited state, and cannot actively visit the isolation layer or the intranet data service layer.
The invention relates to a data interaction system based on three-layer network and a method thereof, which solves the technical problem of real-time data interaction between the internal network and the external network.
Drawings
FIG. 1 is a system architecture diagram of the invention.
Detailed Description
Example 1:
as shown in fig. 1, the system for data interaction between an internal network and an external network based on a three-layer network architecture includes an isolation layer, a message server layer, and an internal network data service layer, where the isolation layer includes a firewall and a request proxy server, and the request proxy server communicates with the external network through the firewall;
the message service layer comprises a message server which is communicated with the request proxy server through a network cable;
the intranet data service layer comprises a service logic server which is communicated with the message server through a network cable.
Preferably, the isolation layer is deployed in a small network area between the enterprise internal network and the external network.
Preferably, the message server performs asynchronous message transmission through the JMS service.
Preferably, the service logic server accesses a network segment and a port corresponding to the message server, and the service logic server communicates with the enterprise internal network.
The external network is an external network such as the internet connected by an enterprise, and the internal network is an internal network of the enterprise.
Example 2:
the method for interacting data between an internal network and an external network based on a three-layer network architecture, shown in embodiment 2, is implemented on the basis of the system for interacting data between the internal network and the external network based on the three-layer network architecture, shown in embodiment 1, and includes the following steps:
step 1: establishing the internal and external network data interaction system based on the three-layer network architecture;
step 2: establishing a message queue production module in the request proxy server in the isolation layer, wherein the message queue production module formulates a message queue and sends a message request to the message server in the message service layer according to the sequence of the message queue;
in this embodiment, the extranet request is sent to the DMZ layer, where the request is parsed or the sent file is isolated and sterilized, and if the parsing is successful or no threat is found, the request proxy server of the layer sends a message to the message server of the message service layer, where the DMZ layer is a "minimized zone" layer, that is, an isolation region in the present invention, which is also referred to as a "demilitarized zone". The method is a buffer area between a non-safety system and a safety system, which is set for solving the problem that an access user of an external network can not access an internal network server after a firewall is installed. The buffer zone is located within a small network area between the enterprise internal network and the external network.
And step 3: the message server in the message service layer stores the message request and returns the result of the message request to the request proxy server;
the message server adopts JMS service to carry out asynchronous communication: JMS is an application program interface in Java message service, and an API about MOM (message oriented middleware) in a Java platform is used for sending messages between two application programs or in a distributed system;
and 4, step 4: establishing a message queue monitor in the service logic server in the intranet data service layer, wherein the message queue monitor is used for monitoring message requests stored by the message server;
the service logic server responds to the message request and sends a response result to the message server, and the message server returns the response result to the request proxy server as a result of the message request.
And a message listener is arranged on a service logic server of the intranet data service layer, the message server of the message service layer is monitored in real time to determine whether corresponding information exists, and if so, corresponding message data is acquired.
The intranet data service layer acquires the information sent by the extranet, performs service processing according to the specific information, encrypts the processed service data and returns the encrypted service data to the request proxy server of the DMZ layer according to the monitored original path of the information path, and accordingly intranet data is sent to the extranet.
Preferably, when step 2 is executed, the requesting proxy server can only access the network segment and the port corresponding to the message server.
Preferably, when step 3 is executed, the message service layer is always in a visited state, and cannot actively visit the isolation layer or the intranet data service layer.
The invention relates to an internal and external network data interaction system and a method thereof based on a three-layer network architecture, which solve the technical problem of real-time data interaction between an internal network and an external network.
Claims (7)
1. An internal and external network data interaction system based on a three-layer network architecture is characterized in that: the system comprises an isolation layer, an information server layer and an intranet data service layer, wherein the isolation layer comprises a firewall and a request proxy server, and the request proxy server is communicated with an extranet through the firewall;
the message service layer comprises a message server which is communicated with the request proxy server through a network cable;
the intranet data service layer comprises a service logic server which is communicated with the message server through a network cable.
2. The system according to claim 1, wherein said system comprises: the isolation layer is deployed in a small network area between an enterprise internal network and an external network.
3. The system according to claim 1, wherein said system comprises: the message server performs asynchronous message transmission through the JMS service.
4. The system according to claim 2, wherein said system comprises: and the business logic server accesses the network segment and the port corresponding to the message server, and is communicated with the enterprise internal network.
5. An internal and external network data interaction method based on a three-layer network architecture is characterized in that: the method comprises the following steps:
step 1: establishing the internal and external network data interaction system based on the three-layer network architecture;
step 2: establishing a message queue production module in the request proxy server in the isolation layer, wherein the message queue production module formulates a message queue and sends a message request to the message server in the message service layer according to the sequence of the message queue;
and step 3: the message server in the message service layer stores the message request and returns the result of the message request to the request proxy server;
the message server adopts JMS service to carry out asynchronous communication: JMS is an application program interface in Java message service, and an API about MOM (message oriented middleware) in a Java platform is used for sending messages between two application programs or in a distributed system;
and 4, step 4: establishing a message queue monitor in the service logic server in the intranet data service layer, wherein the message queue monitor is used for monitoring message requests stored by the message server;
the service logic server responds to the message request and sends a response result to the message server, and the message server returns the response result to the request proxy server as a result of the message request.
6. The method according to claim 5, wherein said method comprises: and when the step 2 is executed, the request proxy server can only access the network segment and the port corresponding to the message server.
7. The method according to claim 5, wherein said method comprises: when step 3 is executed, the message service layer is always in an accessed state, and cannot actively access the isolation layer or the intranet data service layer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911068447.1A CN110708338A (en) | 2019-11-05 | 2019-11-05 | Internal and external network data interaction system and method based on three-layer network architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911068447.1A CN110708338A (en) | 2019-11-05 | 2019-11-05 | Internal and external network data interaction system and method based on three-layer network architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110708338A true CN110708338A (en) | 2020-01-17 |
Family
ID=69204283
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911068447.1A Pending CN110708338A (en) | 2019-11-05 | 2019-11-05 | Internal and external network data interaction system and method based on three-layer network architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110708338A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112218269A (en) * | 2020-10-10 | 2021-01-12 | 中车青岛四方机车车辆股份有限公司 | Train information security gateway system, data transmission method and locomotive |
| CN113079156A (en) * | 2021-03-31 | 2021-07-06 | 国网浙江省电力有限公司信息通信分公司 | Intranet and extranet information interaction system |
| CN113259328A (en) * | 2021-04-22 | 2021-08-13 | 深圳前海益链网络科技有限公司 | Internal and external network data interaction system of power grid |
| CN113438299A (en) * | 2021-06-22 | 2021-09-24 | 中国农业银行股份有限公司 | File transmission method and transmission device |
| CN113438197A (en) * | 2020-03-23 | 2021-09-24 | 中国移动通信集团云南有限公司 | Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition |
| CN114285586A (en) * | 2020-09-17 | 2022-04-05 | 英业达科技有限公司 | Data transmission and maintenance system with safety and convenient maintenance and method thereof |
| CN114448723A (en) * | 2022-03-16 | 2022-05-06 | 成都思鸿维科技有限责任公司 | Network access method and related device |
| CN114765627A (en) * | 2021-01-14 | 2022-07-19 | 京东科技控股股份有限公司 | Data transmission method, device, storage medium and computer program product |
| CN114911872A (en) * | 2022-07-18 | 2022-08-16 | 北京智芯微电子科技有限公司 | Intranet and extranet data synchronization method, device and system, extranet server and storage medium |
| CN117914627A (en) * | 2024-03-15 | 2024-04-19 | 北方健康医疗大数据科技有限公司 | Data element circulation system based on DMZ network architecture |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100049698A1 (en) * | 2008-08-25 | 2010-02-25 | Sap Ag | Operational information providers |
| CN102263993A (en) * | 2011-09-02 | 2011-11-30 | 上海文广互动电视有限公司 | User information management method for interactive studio |
| CN108881213A (en) * | 2018-06-13 | 2018-11-23 | 山东浪潮商用系统有限公司 | JMS instant message service system based on intranet and extranet secure interactive |
| CN108965320A (en) * | 2018-08-08 | 2018-12-07 | 湖南中车时代通信信号有限公司 | A kind of system and method for general railway intranet and extranet data interaction |
-
2019
- 2019-11-05 CN CN201911068447.1A patent/CN110708338A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100049698A1 (en) * | 2008-08-25 | 2010-02-25 | Sap Ag | Operational information providers |
| CN102263993A (en) * | 2011-09-02 | 2011-11-30 | 上海文广互动电视有限公司 | User information management method for interactive studio |
| CN108881213A (en) * | 2018-06-13 | 2018-11-23 | 山东浪潮商用系统有限公司 | JMS instant message service system based on intranet and extranet secure interactive |
| CN108965320A (en) * | 2018-08-08 | 2018-12-07 | 湖南中车时代通信信号有限公司 | A kind of system and method for general railway intranet and extranet data interaction |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113438197A (en) * | 2020-03-23 | 2021-09-24 | 中国移动通信集团云南有限公司 | Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition |
| CN113438197B (en) * | 2020-03-23 | 2022-11-01 | 中国移动通信集团云南有限公司 | Multi-stage cascade communication system, method, computer device and medium for cross-network acquisition |
| CN114285586A (en) * | 2020-09-17 | 2022-04-05 | 英业达科技有限公司 | Data transmission and maintenance system with safety and convenient maintenance and method thereof |
| CN112218269B (en) * | 2020-10-10 | 2022-12-30 | 中车青岛四方机车车辆股份有限公司 | Train information security gateway system, data transmission method and locomotive |
| CN112218269A (en) * | 2020-10-10 | 2021-01-12 | 中车青岛四方机车车辆股份有限公司 | Train information security gateway system, data transmission method and locomotive |
| CN114765627B (en) * | 2021-01-14 | 2024-09-20 | 京东科技控股股份有限公司 | Data transmission method, device, storage medium and computer program product |
| CN114765627A (en) * | 2021-01-14 | 2022-07-19 | 京东科技控股股份有限公司 | Data transmission method, device, storage medium and computer program product |
| CN113079156A (en) * | 2021-03-31 | 2021-07-06 | 国网浙江省电力有限公司信息通信分公司 | Intranet and extranet information interaction system |
| CN113259328A (en) * | 2021-04-22 | 2021-08-13 | 深圳前海益链网络科技有限公司 | Internal and external network data interaction system of power grid |
| CN113259328B (en) * | 2021-04-22 | 2023-01-10 | 国网青海省电力公司 | Internal and external network data interaction system for power grid |
| CN113438299A (en) * | 2021-06-22 | 2021-09-24 | 中国农业银行股份有限公司 | File transmission method and transmission device |
| CN114448723A (en) * | 2022-03-16 | 2022-05-06 | 成都思鸿维科技有限责任公司 | Network access method and related device |
| CN114911872A (en) * | 2022-07-18 | 2022-08-16 | 北京智芯微电子科技有限公司 | Intranet and extranet data synchronization method, device and system, extranet server and storage medium |
| CN117914627A (en) * | 2024-03-15 | 2024-04-19 | 北方健康医疗大数据科技有限公司 | Data element circulation system based on DMZ network architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110708338A (en) | Internal and external network data interaction system and method based on three-layer network architecture | |
| US10148705B2 (en) | Enterprise client-server system and methods of providing web application support through distributed emulation of websocket communications | |
| US7228337B1 (en) | Methods and apparatus for providing a network service to a virtual machine | |
| US20170034174A1 (en) | Method for providing access to a web server | |
| EP3343364A1 (en) | Accelerator virtualization method and apparatus, and centralized resource manager | |
| CN102868728B (en) | Network proxy method based on virtual channel in virtual desktop infrastructure (VDI) environment | |
| US9455947B2 (en) | Apparatus and method of enabling to transceive data using a plurality of heterogeneous networks selectively through a fixed host address | |
| CA2611776A1 (en) | Method and communication unit for communicating between communication apparatuses | |
| CN110351233A (en) | A kind of two-way transparent transmission technology based on safety isolation network gate | |
| US20240214472A1 (en) | Communication protocol conversion method, and device, system, and gateway device | |
| CN106453309B (en) | Security audit method and PC terminal | |
| CN109450766A (en) | A kind of access processing method and device of workspace grade VPN | |
| CN105743868B (en) | A kind of data collection system and method for supporting encryption and non-encrypted agreement | |
| US20190114442A1 (en) | Application programming interface bridge for transporting a local request from a local client system to a target server system, and method thereof | |
| US8095599B2 (en) | Mail-based web application and document delivery | |
| US8060568B2 (en) | Real time messaging framework hub to intercept and retransmit messages for a messaging facility | |
| JP7082720B2 (en) | Integrated communication gateway system | |
| CN110572394B (en) | Access control method and device | |
| TW201005546A (en) | System and method for using virtual IP addresses in a multi-user server system | |
| CN104753774A (en) | Distributed enterprise integrated access gateway | |
| CN116383840A (en) | Device for providing security support and operating system supporting national security protocol | |
| US20130024543A1 (en) | Methods for generating multiple responses to a single request message and devices thereof | |
| US20210203604A1 (en) | Load balancing method, device and system | |
| CN102255895A (en) | Method and system for data communication between client and server | |
| CN113472875A (en) | Connection multiplexing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200117 |