Disclosure of Invention
The invention aims to: the invention aims to solve the problem of real-time data synchronization of cross-isolation device equipment in an internal and external network integrated mode, and based on a real-time incremental log, a data recovery point mechanism and a multi-tenant mechanism of a distributed database, the real-time incremental log is analyzed and decrypted and converted into a special data specification of the isolation device equipment, the real-time synchronization of information external network data to an information internal network is realized, the real-time performance of the data synchronization is realized through a subscription mode, and the safety of the data is realized through the special data specification of the isolation device equipment.
The technical scheme is as follows: in order to achieve the above objective, the method for real-time synchronization of a distributed database across a secure area according to the present invention comprises the following steps:
(1) Acquiring real-time incremental log data, and solving the problems of real-time performance and multi-tenant channels of acquisition of incremental data of a distributed database;
(2) Converting real-time increment log data, and solving the problem of proprietary protocol conversion of a distributed database log decryption and isolation device;
(3) And synchronizing the real-time incremental data, and decrypting the data synchronization from the external network to the internal network and the data recovery point mechanism.
The step (1) of acquiring the real-time incremental log data comprises the following steps:
(1.1) evaluating the data scale of a business database table and formulating a multi-tenant configuration strategy, and configuring a multi-tenant real-time data increment channel in a distributed database;
(1.2) modifying data synchronization parameter configuration including tenant name, tenant address, user name, password, abnormal retry number, filtering rule, blacklist and the like, and configuring according to a real-time data synchronization channel mode of each tenant;
and (1.3) starting a real-time data increment acquisition program, reading a data recovery point log and acquiring a synchronization point, and subscribing and consuming an increment log of the distributed database in real time.
The conversion of the real-time incremental log data in the step (2) comprises the following steps:
(2.1) acquiring tenant real-time incremental log data in real time, and filtering database log data which does not need synchronization according to configured filtering rules;
(2.2) analyzing a real operation data table of log data aiming at the log which needs to be processed in real time in an increment way, directly filtering the log of the data table in a blacklist, and transferring the data which needs to be processed to the next step;
(2.3) aiming at the newly added data log, acquiring the name, the column type, the character set, the column value, whether encryption and encryption type of the newly added data table, processing the time type according to standard time, and carrying out decryption processing aiming at the encryption column by referring to the step (2.6);
(2.4) for the newly added data log, acquiring an updated data table name, an updated column type, a character set, an updated column pre-update value, an updated column post-update value, whether encryption and encryption types are performed, processing the time types according to standard time, and performing decryption processing for the encryption columns by referring to the step (2.6);
(2.5) aiming at the deleted data log, acquiring a deleted data table name, a data table primary key name, a primary key value and the like;
(2.6) respectively executing decryption by the decryption type corresponding to the encryption type aiming at the data of the encryption column, wherein the decrypted data is used as the content of the protocol message special for the isolation device;
and (2.7) converting the analyzed message content into a professional SQL protocol format message of the isolation device and synchronizing in real time.
The step (3) of synchronizing the real-time incremental log data comprises the following steps:
(3.1) calling an isolating device equipment interface, and establishing connection with an intranet database through an isolating device;
(3.2) calling a proprietary SQL protocol message of the isolation device to call a data transmission interface of the isolation device, so as to realize real-time synchronization of data;
and (3.3) recording a data recovery point log after the interface call is successful, continuing to process the next incremental data log, calling the interface call failure according to the configured failure rule, and stopping the tenant synchronization program after the exception handling strategy is finished and still fails.
The database synchronization is deployed in an information intranet-extranet mode as a whole, and interaction is based on a proprietary data protocol of the isolation setting device.
The synchronous parameter configuration in the step (1) comprises tenant names, tenant addresses, user names, passwords, abnormal retry times, filtering rules and black-white lists, and is configured according to a real-time data synchronous channel mode of each tenant;
the invention ensures the real-time performance of data synchronization through the data subscription mechanism of the distributed database; the data synchronization reliability under the conditions of abnormal database, abnormal network or abnormal synchronization program is ensured by adopting a mode based on a data recovery point log; according to the multi-tenant subscription mode, tenant division is carried out according to the data scale of the service data table, so that the system can still respond quickly under the high-performance and load modes; the real-time synchronization of data from the information external network to the information internal network is realized through the specific JDBC specification of the isolation device equipment, so that the safety of the data is ensured; in order to ensure the safety of the information external network data, the invention automatically realizes data decryption and synchronization aiming at the data encrypted by the external network.
The beneficial effects are that: compared with the prior art, the invention has the remarkable advantages that: 1. a set of complete and feasible solution is provided for the synchronization of the distributed databases crossing the safety area, and the safety protocol of the isolation device is used for guaranteeing the safety and reliability of data transmission; 2. the multi-tenant data synchronization mechanism can be realized, and the real-time data synchronization efficiency under the conditions of high performance and load is ensured; 3. the personalized data encryption and decryption mechanism is realized, and the method can be flexibly suitable for encrypting and decrypting various types of data; 4. the method has a perfect data check point mechanism, a flexible data filtering rule and a data synchronization exception handling mechanism, can realize real-time synchronization of the data from the external network to the internal network, and lays a foundation for data real-time monitoring, cross-data correlation service query analysis and data value mining in an internal and external network integrated deployment mode.
Detailed Description
Specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of an overall architecture of the present invention, in which an internal and external network deployment mode is adopted in the overall system, the external network is composed of multi-tenant subscription, real-time incremental log data acquisition, analysis, synchronization, proprietary data protocol and data recovery point logs, the components interact through interfaces, data load is realized through the multi-tenant subscription mode, data security is realized through the proprietary data protocol, and data reliability is ensured through the data recovery point logs.
FIG. 2 is a flow chart of the real-time data processing according to the present invention, which mainly comprises the following steps:
step 1: acquiring an incremental data log in real time through a multi-tenant subscription mode, judging whether a log database meets the filtering requirement, directly filtering the data which does not meet the requirement, and carrying out the next processing on the data which meets the requirement;
step 2: judging whether the data table is in the synchronous blacklist range or not according to unfiltered database data, if so, filtering, and not carrying out the next processing in the range, wherein the real table name of the data table needs to be acquired in the judging process, and the real table name is acquired as shown in fig. 3;
step 3: acquiring the operation type of the real-time incremental data log, judging whether the operation type is DML (Insert, update and Delete), and skipping if the operation type is DDL;
step 4: acquiring the type of the real-time incremental data DML log, and respectively processing according to different types;
step 5: aiming at the newly added class data, analyzing and acquiring the column name, type, encryption or non-encryption of the data and the value of a data field; for updating the data, column names before and after updating, data values before and after updating, whether encryption, encryption type, primary key and the like are analyzed and acquired; aiming at the deletion type data, analyzing and acquiring a deletion main key column and a main key value; processing the analyzed data, and decrypting the data to be decrypted, wherein the data decryption flow is shown in fig. 4;
step 6: aiming at the analyzed data, converting according to the proprietary data protocol (NDS SQL) of the isolation device into an NDS SQL statement supported by the isolation device;
step 7: and calling the NDS drive interface to submit the processed proprietary data protocol message, and updating the data recovery point when the processing is successful and unsuccessful, wherein the function of the data recovery point is shown in figure 5.