Disclosure of Invention
The purpose of the invention is as follows: the invention aims to solve the problem of data real-time synchronization of cross-isolation device equipment in an internal and external network integrated mode, and is based on a real-time increment log of a distributed database, a data recovery point mechanism and a multi-tenant mechanism, the real-time synchronization of external information network data to an information internal network is realized by analyzing and decrypting the distributed data log and converting the distributed data log into a special data specification of the isolation device equipment, the real-time performance of data synchronization is realized by a subscription mode, and the safety of the data is realized by the special data specification of the isolation device equipment.
The technical scheme is as follows: in order to achieve the above object, the method for real-time synchronization of distributed databases across secure areas according to the present invention comprises the following steps:
(1) acquiring real-time incremental log data, and solving the problems of instantaneity of acquisition of incremental data of a distributed database and multi-tenant channels;
(2) converting real-time incremental log data, and solving the problem of private protocol conversion of a distributed database log decryption and isolation device;
(3) synchronizing real-time incremental data, and decrypting data synchronization and data recovery point mechanism from an external network to an internal network.
The real-time incremental log data acquisition in the step (1) comprises the following steps:
(1.1) evaluating the data scale of a business database table, making a multi-tenant configuration strategy, and configuring a multi-tenant real-time data increment channel in a distributed database;
(1.2) modifying data synchronization parameter configuration, including tenant name, tenant address, user name, password, abnormal retry times, filtering rules, black and white lists and the like, and configuring according to a real-time data synchronization channel mode of each tenant;
and (1.3) starting a real-time data increment acquisition program, reading a data recovery point log, acquiring a synchronization point, and subscribing and consuming the increment log of the distributed database in real time.
The real-time incremental log data conversion in the step (2) comprises the following steps:
(2.1) acquiring tenant real-time incremental log data in real time, and filtering the database log data which does not need to be synchronized according to configured filtering rules;
(2.2) analyzing a real operation data table of log data aiming at the logs needing to be processed in real time in an incremental manner, directly filtering the data table logs in a blacklist, and turning the data needing to be processed to the next step;
(2.3) acquiring the name, the column type, the character set, the column value, whether encryption is performed or not and the encryption type of the newly added data log, processing the time type according to standard time, and performing decryption processing according to the step (2.6) for the encrypted column;
(2.4) aiming at the newly added data log, acquiring an updated data table name, an updated column type, a character set, a value before the updated column, a value after the updated column, whether encryption and an encryption type are required or not, processing the time type according to standard time, and carrying out decryption processing aiming at the encrypted column in the step (2.6);
(2.5) acquiring a deleted data table name, a data table primary key name, a primary key value and the like aiming at the deleted data log;
(2.6) respectively executing decryption according to the decryption types corresponding to the encryption types aiming at the data of the encryption columns, and processing the decrypted data as the content of the proprietary protocol message of the isolation device;
and (2.7) converting the analyzed message content into a message in the professional SQ L protocol format of the isolation device and synchronizing in real time.
The real-time incremental log data synchronization in the step (3) comprises the following steps:
(3.1) calling an isolation device equipment interface, and establishing connection with an intranet database through an isolation device;
(3.2) calling a SQ L protocol message special for the isolation device to call a data transmission interface of the isolation device, so as to realize real-time synchronization of data;
and (3.3) recording the data recovery point log after the interface call is successful, continuously processing the next incremental data log, calling the interface call failure according to the configured failure rule, and stopping the tenant synchronization program if the interface call failure still fails after the exception handling strategy is completed.
The database is deployed in an information internal and external network mode as a whole, and interaction is carried out according to a proprietary data protocol of the isolation setting device.
The synchronization parameter configuration in the step (1) comprises a tenant name, a tenant address, a user name, a password, abnormal retry times, a filtering rule and a black and white list, and is configured according to a real-time data synchronization channel mode of each tenant;
the invention ensures the real-time performance of data synchronization through a data subscription mechanism of a distributed database; the data synchronization reliability under the conditions of database exception, network exception or synchronization program exception is ensured by adopting a data recovery point log-based mode; through a multi-tenant subscription mode, tenant division is carried out according to the data scale of a service data table, and the system can still quickly respond under a high-performance and load mode; the real-time synchronization of data from an information outer network to an information inner network is realized through the specific JDBC specification of the isolation device equipment, and the safety of the data is ensured; in order to ensure the data security of the information external network, the invention automatically realizes data decryption and synchronization aiming at the data encrypted by the external network.
Has the advantages that: compared with the prior art, the invention has the following remarkable advantages: 1. a set of complete and feasible solution is provided for the synchronization of the distributed databases across the safe regions, and the safety protocol of the isolation device is used for ensuring the safety and reliability of data transmission; 2. a multi-tenant data synchronization mechanism can be realized, and the real-time data synchronization efficiency under the conditions of high performance and load is guaranteed; 3. the personalized data encryption and decryption mechanism is realized, and the method can flexibly adapt to various types of data encryption and decryption; 4. the method has a perfect data check point mechanism, a flexible data filtering rule and a flexible data synchronization exception handling mechanism, can realize real-time synchronization from an external network to an internal network, and lays a foundation for data real-time monitoring, cross-data associated service query analysis and data value mining in an internal and external network integrated deployment mode.
Detailed Description
The following detailed description of specific embodiments of the invention refers to the accompanying drawings.
Fig. 1 is a schematic diagram of an overall architecture of the present invention, in which an internal and external network deployment mode is adopted in the overall system, the external network is composed of a multi-tenant subscription, real-time incremental log data acquisition, analysis, synchronization, a proprietary data protocol and a data recovery point log, and each component interacts with each other through an interface, and data load is realized through the multi-tenant subscription mode, data security is realized through the proprietary data protocol, and data reliability is guaranteed through the data recovery point log.
FIG. 2 is a flow chart of real-time data processing according to the present invention, which mainly comprises the following steps:
step 1: acquiring an incremental data log in real time through a multi-tenant subscription mode, judging whether a log database meets filtering requirements or not, directly filtering the data which does not meet the requirements, and carrying out next processing on the data which meets the requirements;
step 2: judging whether the data table is in the range of the synchronous blacklist or not aiming at the database data which is not filtered, if so, filtering, not carrying out next processing in the range, and acquiring the real table name of the data table in the judging process, wherein the acquired real table name is shown in figure 3;
step 3, acquiring the operation type of the real-time incremental data log, judging whether the operation type is DM L (Insert, Update and Delete), and skipping if the operation type is DD L;
step 4, acquiring log types of the real-time incremental data DM L, and respectively processing according to different types;
and 5: analyzing the column name, the type, the encryption type and the data field value of the acquired data aiming at the newly added class data; analyzing and acquiring column names before and after updating, data values before and after updating, whether encryption is performed, encryption types, main keys and the like aiming at the updated data; analyzing and acquiring a deleted primary key column and a primary key value aiming at the deleted class data; processing the analyzed data, and decrypting the data needing to be decrypted, wherein the data decryption process is shown in fig. 4;
step 6, converting the analyzed data according to a proprietary data protocol (NDS SQ L) of the isolation device into an NDS SQ L statement supported by the isolation device;
and 7: and calling the NDS driving interface to submit the processed proprietary data protocol message, updating a data recovery point when the processing is successful and failed, wherein the data recovery point has the function as shown in FIG. 5.