CN111314357A - Secure data management system and method thereof - Google Patents
Secure data management system and method thereof Download PDFInfo
- Publication number
- CN111314357A CN111314357A CN202010108331.2A CN202010108331A CN111314357A CN 111314357 A CN111314357 A CN 111314357A CN 202010108331 A CN202010108331 A CN 202010108331A CN 111314357 A CN111314357 A CN 111314357A
- Authority
- CN
- China
- Prior art keywords
- management unit
- function
- server
- servers
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1031—Controlling of the operation of servers by a load balancer, e.g. adding or removing servers that serve requests
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1034—Reaction to server failures by a load balancer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
- Hardware Redundancy (AREA)
Abstract
The invention provides a safe data management system and a method thereof, wherein the system comprises: a management module and a plurality of function servers; each functional server internally bears one or more virtualized logical servers, and each logical server adopts different operating systems and different data encryption algorithms; and the management module is used for monitoring the state of the function server and adjusting the resources of the function server. The invention solves the problem of lower data security under the condition of mass data in the related technology.
Description
Technical Field
The invention relates to the field of computers, in particular to a safe data management system and a method thereof.
Background
The contemporary society is an information age, people live with mass data every day, and the security of the data is guaranteed, so that the benefit of an operation subject is concerned, and the rights and interests of users are influenced. At present, some problems exist under the condition of mass data, firstly, in the current information technology, the security of a topological structure of a gateway cannot be guaranteed, the possibility of being invaded exists, or the data can be exposed to the outside even if the data is operated by an unintentional mistake during use, so that the data security problem occurs; secondly, when the system processes mass data, due to the factors of resource management strategies, resource distribution is unbalanced, so that part of servers are overloaded to generate abnormal phenomena, and data leakage or other data security problems are easily generated under abnormal conditions; moreover, although the data in the network seems to be capable of adopting safety protection and supervision in time, the data cannot be monitored due to the particularity and complexity of the data form, the particularity lies in that the data form needs to be converted according to a certain medium, otherwise, the data cannot be uniformly mined, the data is in a non-prevention state in the conversion process, and the complexity lies in that the diversity of the data types cannot reach a perfect state when a safety management platform is constructed.
In view of the above problems in the related art, no effective solution exists at present.
Disclosure of Invention
The embodiment of the invention provides a safe data management system and a method thereof, which at least solve the problem of low data safety under the condition of mass data in the related technology.
According to an embodiment of the present invention, there is provided a data management system including: a management module and a plurality of function servers; each functional server internally bears one or more virtualized logical servers, and each logical server adopts different operating systems and different data encryption algorithms; and the management module is used for monitoring the state of the function server and adjusting the resources of the function server.
According to another embodiment of the present invention, there is provided a data management method based on a data management system including: a management module and a plurality of function servers; each functional server internally bears one or more virtualized logical servers, and each logical server adopts different operating systems and different data encryption algorithms; the management module monitors the state of the function server and adjusts the resources of the function server.
The management module in the data management system can monitor the data in the logic servers and adjust the resources, so that the control of the resources is realized, one or more virtualized logic servers are loaded in each function server, and each logic server adopts different operating systems and different data encryption algorithms, so that malicious codes cannot find the rule of data encryption, the safety of the data is ensured, and the problem of low data safety under the condition of mass data in the related technology is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic diagram of a data management system according to an embodiment of the present invention;
FIG. 2 is a first diagram illustrating an alternative configuration of a data management system according to an embodiment of the present invention;
FIG. 3 is a second diagram of an alternative configuration of a data management system according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an alternative architecture of a data management system according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a Zuul gateway cluster according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a function server according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
Example 1
In this embodiment, a data management system is provided, and fig. 1 is a schematic structural diagram of a data management system according to an embodiment of the present invention, as shown in fig. 1, the system includes: a management module 11 and a plurality of function servers 12; each functional server internally bears one or more virtualized logical servers, and each logical server adopts different operating systems and different data encryption algorithms; and the management module is used for monitoring the state of the function server and adjusting the resources of the function server.
The management module in the data management system in this embodiment can monitor data in the logic servers and adjust resources, so as to control resources, and each function server internally bears one or more virtualized logic servers, and each logic server adopts different operating systems and different data encryption algorithms, so that malicious codes cannot find a rule of data encryption, so as to ensure the security of data, and further solve the problem of low data security in the related art under the condition of mass data.
It should be noted that the operating system involved in the embodiment includes at least one of the following: a Linux operating system, a Windows operating system and a Mac operating system; the encryption algorithm involved in this embodiment includes at least one of: an IDEA encryption algorithm, an RSA encryption algorithm, and an AES encryption algorithm. Of course, the operating system and the encryption algorithm are only examples, and in other embodiments of the present application, corresponding adjustment may be performed according to actual needs, where the adjustment may be based on a combination of the operating system and the encryption algorithm, or a new addition of another operating system and an encryption algorithm.
Optionally, as shown in fig. 2, the management module 11 in this embodiment includes: a first management unit 111, a second management unit 112, and a third management unit 113; wherein the content of the first and second substances,
a first management unit 111, configured to register a plurality of function servers and monitor a state of a registered function server; in a specific embodiment, the first management unit 111 is a Eureka registry; the Eureka registration center is used for registering a plurality of function servers and monitoring the state of the registered function servers.
A second management unit 112, configured to perform balanced allocation on resources of the multiple function servers; in a specific embodiment, the second management unit 111 may be selected as a Ribbon load balancing unit; the Ribbon load balancing unit is used for balancing the resources of the called function servers.
And a third management unit 113 configured to control the function server in which the abnormality occurs. The third management unit 113 is a Hystix fuse in a specific embodiment; the Hystix fuse is used for performing service degradation on the functional server with the abnormal condition.
Through the first management unit 111, the second management unit 112 and the third management unit 113 in the management module, load balancing of a plurality of registered function servers is achieved, and an effect of improving resource allocation is achieved.
As shown in fig. 3, the management module 11 in this embodiment further includes: a plurality of gateways 114; the code of each gateway uses different encryption and decryption mechanisms for reverse proxy resolution of the uniform resource locator. Because the code of each gateway uses different encryption and decryption mechanisms for reverse proxy analysis of the URL, a round robin mechanism is used inside, different gateways can be moved every time a request is received, and the request is subjected to two steps of encryption and decryption of different algorithms, and then whether the request passes through the gateway can be judged, so that illegal access caused by the loophole of the gateway can be reduced.
The present application will be illustrated with reference to specific embodiments of this example;
this embodiment provides a data security management system based on SpringCloud combined with virtualization technology, as shown in fig. 4, the system includes: clustering of Zuul gateways, Ribbon load balancing, Hystix fuses and Eureka registries and function servers
As shown in fig. 5, Zuul gateways are deployed in a cluster manner, codes of each gateway are not multiplexed, but different encryption and decryption mechanisms are used for reverse proxy analysis of urls by the codes of each gateway, a round robin mechanism is used inside, different gateways are moved every time a request is received, and after the request is encrypted and decrypted by different algorithms, judgment on whether the request passes through the gateway is completed, so that illegal access caused by vulnerabilities of the gateways can be reduced.
In addition, the Eureka registration center, Ribbon load balancing and Hystix fuses are tools for governing the function server by a SpringCloud framework; wherein, the Eureka registration center cluster is used for registering each function server, the registered function server is governed by the Eureka registration center, and the state of each function server can be monitored.
The Ribbon load balancing mechanism can be directly used in an Eureka registration center, and the Eureka registration center can be matched with the Ribbon load balancing mechanism to realize balanced distribution of each server resource when each function server is called.
The Hystix fuse can also be directly used in the Eureka registration center, when one of the function servers is abnormal, the Hystix fuse can degrade the service of the server, and the resources originally distributed by the Ribbon load balance can reduce the processing task of the abnormal server, even the resource is not operated, so that the abnormal server can be repaired by maintenance personnel.
As shown in fig. 6, a server is internally split into multiple virtualized logical servers by using virtualization technology in a functional server, each virtual server may employ a different operating system and a different data encryption algorithm, and the operating systems are, for example: the system comprises a Linux operating system, a Windows operating system, a Mac operating system and the like, wherein encryption algorithms such as an IDEA (identity authentication algorithm), an RSA (rivest-Shamir-Adleman) encryption algorithm, an AES (advanced encryption Standard) encryption algorithm and the like are combined through different operating systems and different encryption algorithms, and the same environment as less as possible exists between each logic server in one function server.
The system in the embodiment provides a data protection mode based on the Zuuul gateway, realizes resource allocation based on SpringCloud micro-service architecture management, and reduces data monitoring loopholes on the premise of virtualization.
Based on the data management system in the foregoing embodiment, this embodiment further provides a data management method based on the data management system, where the data management system includes: a management module and a plurality of function servers; each functional server internally bears one or more virtualized logical servers, and each logical server adopts different operating systems and different data encryption algorithms;
the method comprises the following steps: step S102, the management module monitors the state of the function server and adjusts the resources of the function server.
In an optional implementation manner of this embodiment, the management module in this embodiment includes: a first management unit, a second management unit and a third management unit; based on this, the method of this embodiment further includes:
step S102-11, a first management unit registers a plurality of function servers and monitors the state of the registered function servers;
step S102-12, the second management unit performs balanced distribution on the resources of the plurality of function servers;
in step S102-13, the third management unit controls the function server in which the abnormality occurs.
Wherein the first management unit is a Eureka registration center; the Eureka registration center is used for registering a plurality of function servers and monitoring the state of the registered function servers. The second management unit is a Ribbon load balancing unit; the Ribbon load balancing unit is used for balancing the resources of the called function servers. The third management unit is a Hystix fuse; the Hystix fuse is used for performing service degradation on the functional server with the abnormal condition.
Optionally, the management module in this implementation further includes: a plurality of gateways; based on this, the method of this embodiment further includes:
in step S102-14, the code of each gateway uses different encryption and decryption mechanisms for reverse proxy resolution of the uniform resource locator.
By the method of the embodiment, a data protection mode based on the Zuul gateway is provided; a resource allocation mode based on SpringCloud micro-service architecture governance is provided, and a mode for reducing data monitoring vulnerability on the premise of virtualization is provided.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A data management system, comprising: a management module and a plurality of function servers; each functional server internally bears one or more virtualized logical servers, and each logical server adopts different operating systems and different data encryption algorithms; and the management module is used for monitoring the state of the function server and adjusting the resources of the function server.
2. The system of claim 1, wherein the management module comprises: a first management unit, a second management unit and a third management unit; wherein the content of the first and second substances,
the first management unit is used for registering the plurality of function servers and monitoring the state of the registered function servers;
the second management unit is used for performing balanced distribution on resources of the plurality of function servers;
and the third management unit is used for controlling the abnormal function server.
3. The system of claim 2, wherein the first management unit is a Eureka registry;
the Eureka registration center is used for registering a plurality of function servers and monitoring the state of the registered function servers.
4. The system of claim 2, wherein the second management unit is a robbon load balancing unit;
and the Ribbon load balancing unit is used for balancing the resources of the called function servers.
5. The system of claim 2, wherein the third management unit is a Hystix fuse;
the Hystix fuse is used for performing service degradation on the functional server with the abnormal condition.
6. The system of claim 1, wherein the management module further comprises: a plurality of gateways; the code of each gateway uses different encryption and decryption mechanisms for reverse proxy resolution of the uniform resource locator.
7. The system of claim 1, wherein the operating system comprises at least one of: a Linux operating system, a Windows operating system and a Mac operating system; the encryption algorithm includes at least one of: an IDEA encryption algorithm, an RSA encryption algorithm, and an AES encryption algorithm.
8. A data management method based on a data management system, the data management system comprising: a management module and a plurality of function servers; each functional server internally bears one or more virtualized logical servers, and each logical server adopts different operating systems and different data encryption algorithms;
the management module monitors the state of the function server and adjusts the resources of the function server.
9. The method of claim 8, wherein the management module comprises: a first management unit, a second management unit and a third management unit; the method further comprises the following steps:
the first management unit registers the plurality of function servers and monitors the state of the registered function servers;
the second management unit performs balanced distribution on the resources of the plurality of function servers;
and the third management unit controls the abnormal function server.
10. The method of claim 8, wherein the management module further comprises: a plurality of gateways; the method further comprises the following steps:
the code of each gateway uses different encryption and decryption mechanisms for reverse proxy resolution of the uniform resource locator.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010108331.2A CN111314357B (en) | 2020-02-21 | 2020-02-21 | Secure data management system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010108331.2A CN111314357B (en) | 2020-02-21 | 2020-02-21 | Secure data management system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111314357A true CN111314357A (en) | 2020-06-19 |
| CN111314357B CN111314357B (en) | 2021-01-15 |
Family
ID=71160136
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010108331.2A Active CN111314357B (en) | 2020-02-21 | 2020-02-21 | Secure data management system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111314357B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103167041A (en) * | 2013-03-28 | 2013-06-19 | 广州中国科学院软件应用技术研究所 | System and method for supporting cloud environment application cluster automation deployment |
| CN103202002A (en) * | 2010-09-08 | 2013-07-10 | 思杰系统有限公司 | Systems and methods for self-load balancing access gateways |
| US20150039489A1 (en) * | 2012-12-06 | 2015-02-05 | Miami International Securities Exchange, LLC | Electronic Trading Platform and Method Thereof |
| CN104519140A (en) * | 2015-01-08 | 2015-04-15 | 浪潮(北京)电子信息产业有限公司 | Server system for distributed parallel computing and management method thereof |
| CN106713389A (en) * | 2015-11-13 | 2017-05-24 | 深圳云联讯数据科技有限公司 | Monitoring method and system |
| US20180103018A1 (en) * | 2016-10-10 | 2018-04-12 | Citrix Systems, Inc. | Systems and methods for executing cryptographic operations across different types of processing hardware |
| WO2019134005A1 (en) * | 2017-12-26 | 2019-07-04 | Cooner Jason | Architecture, systems, and methods used in carbon credit and block chain systems |
| CN110266705A (en) * | 2019-06-25 | 2019-09-20 | 珠海格力电器股份有限公司 | A kind of control method and system |
| WO2019179473A1 (en) * | 2018-03-23 | 2019-09-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods and devices for chunk based iot service inspection |
| CN110661842A (en) * | 2019-08-12 | 2020-01-07 | 广州亦云信息技术股份有限公司 | Resource scheduling management method, electronic equipment and storage medium |
-
2020
- 2020-02-21 CN CN202010108331.2A patent/CN111314357B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103202002A (en) * | 2010-09-08 | 2013-07-10 | 思杰系统有限公司 | Systems and methods for self-load balancing access gateways |
| US20150039489A1 (en) * | 2012-12-06 | 2015-02-05 | Miami International Securities Exchange, LLC | Electronic Trading Platform and Method Thereof |
| CN103167041A (en) * | 2013-03-28 | 2013-06-19 | 广州中国科学院软件应用技术研究所 | System and method for supporting cloud environment application cluster automation deployment |
| CN104519140A (en) * | 2015-01-08 | 2015-04-15 | 浪潮(北京)电子信息产业有限公司 | Server system for distributed parallel computing and management method thereof |
| CN106713389A (en) * | 2015-11-13 | 2017-05-24 | 深圳云联讯数据科技有限公司 | Monitoring method and system |
| US20180103018A1 (en) * | 2016-10-10 | 2018-04-12 | Citrix Systems, Inc. | Systems and methods for executing cryptographic operations across different types of processing hardware |
| WO2019134005A1 (en) * | 2017-12-26 | 2019-07-04 | Cooner Jason | Architecture, systems, and methods used in carbon credit and block chain systems |
| WO2019179473A1 (en) * | 2018-03-23 | 2019-09-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods and devices for chunk based iot service inspection |
| CN110266705A (en) * | 2019-06-25 | 2019-09-20 | 珠海格力电器股份有限公司 | A kind of control method and system |
| CN110661842A (en) * | 2019-08-12 | 2020-01-07 | 广州亦云信息技术股份有限公司 | Resource scheduling management method, electronic equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 何钦: "基于VT_x技术的Xen虚拟磁盘加密系统设计", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 夏鹏: "基于微服务架构的信用信息共享交换系统的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111314357B (en) | 2021-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11863588B2 (en) | Dynamically tailored trust for secure application-service networking in an enterprise | |
| US20190158462A1 (en) | Secure application delivery system with dial out and associated method | |
| JP2022545040A (en) | Methods, systems, kits, and apparatus for providing end-to-end secure private 5th generation telecommunications | |
| US20060224897A1 (en) | Access control service and control server | |
| EP4236206B1 (en) | Actively monitoring encrypted traffic by inspecting logs | |
| EP2332285A1 (en) | Methods and systems for securely managing virtualization platform | |
| US11675889B1 (en) | Systems and methods for data integrity and confidentiality within a computing system | |
| US10944720B2 (en) | Methods and systems for network security | |
| US8656154B1 (en) | Cloud based service logout using cryptographic challenge response | |
| EP3994595B1 (en) | Execution environment and gatekeeper arrangement | |
| US20230179576A1 (en) | System and method for providing a dynamically reconfigurable integrated virtual environment | |
| Baiardi et al. | Securing a community cloud | |
| US20130166677A1 (en) | Role-based access control method and apparatus in distribution system | |
| Kang et al. | A strengthening plan for enterprise information security based on cloud computing | |
| CN111314357B (en) | Secure data management system and method thereof | |
| Gu et al. | Secure mobile cloud computing and security issues | |
| US20230048251A1 (en) | Methods and systems for providing virtual desktop infrastructure via secure classified remote access as a service | |
| Babu et al. | A secure virtualized cloud environment with pseudo-hypervisor IP based technology | |
| Singh et al. | A Study on Secure Network Slicing in 5G | |
| WO2023286985A1 (en) | Security device user authentication method using cookies | |
| Udayakumar | Design and Deploy Security for Infrastructure, Data, and Applications | |
| Ali et al. | Research Article A Maturity Framework for Zero-Trust Security in Multiaccess Edge Computing | |
| CN115130116A (en) | Business resource access method, device, equipment, readable storage medium and system | |
| Sajay | Security Issues in Cloud Computing: An Overview | |
| KR20150059382A (en) | Host security device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |