CN111404801B - Data processing method, device and system for cross-cloud manufacturer - Google Patents

Data processing method, device and system for cross-cloud manufacturer Download PDF

Info

Publication number
CN111404801B
CN111404801B CN202010230583.2A CN202010230583A CN111404801B CN 111404801 B CN111404801 B CN 111404801B CN 202010230583 A CN202010230583 A CN 202010230583A CN 111404801 B CN111404801 B CN 111404801B
Authority
CN
China
Prior art keywords
server
cloud
vpn
vpn server
openvpn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010230583.2A
Other languages
Chinese (zh)
Other versions
CN111404801A (en
Inventor
蒋承
陈良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Hongmei Intelligent Technology Co Ltd
Original Assignee
Sichuan Hongmei Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Hongmei Intelligent Technology Co Ltd filed Critical Sichuan Hongmei Intelligent Technology Co Ltd
Priority to CN202010230583.2A priority Critical patent/CN111404801B/en
Publication of CN111404801A publication Critical patent/CN111404801A/en
Application granted granted Critical
Publication of CN111404801B publication Critical patent/CN111404801B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Abstract

The invention provides a data processing method, device and system for cross-cloud manufacturers. Installing a Linux operating system on a first server of a first cloud vendor; for each other cloud vendor: based on the external network IP of the first server and the second server of the other cloud manufacturer, connecting an OpenVPN server deployed on the first server and a corresponding client deployed on the second server by using a VPN technology so as to establish an encrypted communication pipeline between the OpenVPN server and the corresponding client deployed on the second server and generate a virtual IP of the first server for the pipeline; and based on the virtual IP, the pipeline and the virtual IP of the second server aiming at the pipeline, carrying out NAT (network address translation) forwarding processing on data needing to be sent to the second server by utilizing the cloud routing information which is configured in the cloud routing of the first cloud manufacturer and is from the first server to each server in other cloud manufacturers and utilizing iptables configured on the first server. The scheme can get through the internal private network between cloud manufacturers.

Description

Data processing method, device and system for cross-cloud manufacturer
Technical Field
The invention relates to the technical field of computers, in particular to a data processing method, device and system for cross-cloud manufacturers.
Background
Many existing service scenarios, such as building a remote disaster backup center, require different cloud manufacturers and networks in different regions.
Currently, intra-business private networks between each cloud vendor are not common. Therefore, the user can only access the network of each cloud manufacturer through the external network, and the user experience is poor.
Disclosure of Invention
The invention provides a data processing method, device and system for cross-cloud manufacturers, which can get through an internal private network between cloud manufacturers, facilitate the cross-cloud manufacturer access of users and improve the user experience.
In order to achieve the purpose, the invention is realized by the following technical scheme:
in a first aspect, the present invention provides a data processing method across cloud vendors, which is applied to a first VPN (Virtual Private Network) server of a first cloud vendor, and the method includes:
installing a Linux operating system, deploying a first OpenVPN server and configuring iptables on the first VPN server;
performing, for each of the external at least one other cloud vendor:
connecting a first OpenVPN client deployed on the first OpenVPN server and a second OpenVPN server on the basis of an external network IP of the first VPN server and an external network IP of the second VPN server of the second cloud vendor and by using a VPN technology, so as to establish a first encrypted communication pipe between the first OpenVPN server and the first OpenVPN client, and generate a first virtual IP of the first VPN server for the first encrypted communication pipe;
based on the first encrypted communication pipeline, the first virtual IP, and a second virtual IP of the second VPN server for the first encrypted communication pipeline, using cloud routing information configured in a cloud route of the first cloud vendor and from the first VPN server to each server in the second cloud vendor, and using iptables configured on the first VPN server, performing NAT (Network Address Translation) forwarding processing on data that needs to be sent to the second VPN server, so as to forward the data to the second VPN server.
Further, the method further comprises: deploying a second OpenVPN client on the first VPN server;
performing, for each of the external at least one other cloud vendor:
connecting the second OpenVPN client and a second OpenVPN server deployed on a third VPN server based on an extranet IP of the first VPN server and an extranet IP of the third VPN server of the third cloud vendor and by using a VPN technology, so as to establish a second encrypted communication pipe between the second OpenVPN server and the second OpenVPN client, and generate a third virtual IP of the first VPN server for the second encrypted communication pipe;
receiving, based on the second encrypted communication pipe, the third virtual IP, and a fourth virtual IP of the third VPN server for the second encrypted communication pipe, data sent by the third VPN server by performing NAT forwarding processing using cloud routing information from the first VPN server to each server in the third cloud vendor, which is configured in the cloud routing of the first cloud vendor, and using iptables configured on the first VPN server.
Further, the method further comprises: receiving a data access request sent by the second VPN server and aiming at data stored in any first server in the first cloud vendor based on the first encryption communication pipeline, the first virtual IP and the second virtual IP;
and acquiring data which is stored in the first server and corresponds to the data access request based on the intranet IP of the first VPN server and the intranet IP of the first server, so as to serve as the data which needs to be sent to the second VPN server.
In a second aspect, the present invention provides a data processing method across cloud vendors, which is applied to a fourth VPN server of a fourth cloud vendor, and the method includes:
installing a Linux operating system, deploying a third OpenVPN client and configuring iptables on the fourth VPN server;
performing, for each of the external at least one other cloud vendor:
connecting a third OpenVPN client to a third OpenVPN server deployed on a fifth VPN server based on an extranet IP of the fourth VPN server and an extranet IP of the fifth VPN server of the fifth cloud vendor and by using a VPN technology, so as to establish a third encrypted communication pipe between the third OpenVPN server and the third OpenVPN client, and generate a fifth virtual IP of the fourth VPN server for the third encrypted communication pipe;
receiving, based on the third encrypted communication pipe, the fifth virtual IP, and a sixth virtual IP of the fifth VPN server for the third encrypted communication pipe, data sent by the fifth VPN server by performing NAT forwarding processing, using cloud routing information from the fourth VPN server to each server in the fifth cloud vendor, which is configured in cloud routing of the fourth cloud vendor, and using iptables configured on the fourth VPN server.
In a third aspect, the present invention provides a first VPN server of a first cloud vendor, configured to execute the data processing method across cloud vendors in any one of the first inventions, including:
the first configuration unit is used for installing a Linux operating system, deploying a first OpenVPN server and configuring iptables on the first VPN server;
a first encrypted communication pipe establishing unit configured to perform, for each of at least one other external cloud vendor: connecting a first OpenVPN client deployed on the first OpenVPN server and a second OpenVPN server on the basis of an external network IP of the first VPN server and an external network IP of the second VPN server of the second cloud vendor and by using a VPN technology, so as to establish a first encrypted communication pipe between the first OpenVPN server and the first OpenVPN client, and generate a first virtual IP of the first VPN server for the first encrypted communication pipe;
a first data processing unit, configured to perform NAT forwarding processing on data that needs to be sent to the second VPN server by using cloud routing information from the first VPN server to each server in the second cloud vendor, which is configured in a cloud route of the first cloud vendor, and by using iptables configured on the first VPN server, based on the first encrypted communication pipeline, the first virtual IP, and a second virtual IP of the second VPN server for the first encrypted communication pipeline, so as to forward the data to the second VPN server.
In a fourth aspect, the present invention provides a fourth VPN server of a fourth cloud vendor, where the fourth VPN server is used in the data processing method of the second aspect, and the method includes:
a second configuration unit, configured to install a Linux operating system, deploy a third OpenVPN client, and configure iptables on the fourth VPN server;
a second encrypted communication pipe establishing unit configured to execute, for each of at least one other external cloud vendor: connecting a third OpenVPN client to a third OpenVPN server deployed on a fifth VPN server based on an extranet IP of the fourth VPN server and an extranet IP of the fifth VPN server of the fifth cloud vendor and by using a VPN technology, so as to establish a third encrypted communication pipe between the third OpenVPN server and the third OpenVPN client, and generate a fifth virtual IP of the fourth VPN server for the third encrypted communication pipe;
a second data processing unit, configured to receive, based on the third encrypted communication pipe, the fifth virtual IP, and a sixth virtual IP of the fifth VPN server for the third encrypted communication pipe, data sent by the fifth VPN server by performing NAT forwarding processing, using cloud routing information from the fourth VPN server to each server in the fifth cloud vendor, which is configured in cloud routing of the fourth cloud vendor, and using iptables configured on the fourth VPN server.
In a fifth aspect, the present invention provides a cross-cloud vendor data processing system, comprising: at least one first VPN server of the first cloud vendor as described in the third aspect above, and at least one fourth VPN server of the fourth cloud vendor as described in the fourth aspect above.
Further, the number of the VPN servers in the data processing system of the cross-cloud manufacturer is 3, and an encrypted communication pipeline is established between any two VPN servers.
Furthermore, the number of the VPN servers in the data processing system of the cross-cloud manufacturer is 4, and an encryption communication pipeline is respectively established between any VPN server and at least two other VPN servers.
Furthermore, the number of the VPN servers in the data processing system of the cross-cloud manufacturer is not less than 4, and encryption communication pipelines are respectively established between any VPN server and at least three other VPN servers.
The invention provides a data processing method, device and system for cross-cloud manufacturers. Installing a Linux operating system on a first server of a first cloud vendor; for each other cloud vendor: based on the external network IP of the first server and the second server of the other cloud manufacturer, connecting an OpenVPN server deployed on the first server and a corresponding client deployed on the second server by using a VPN technology so as to establish an encrypted communication pipeline between the OpenVPN server and the corresponding client deployed on the second server and generate a virtual IP of the first server for the pipeline; and based on the virtual IP, the pipeline and the virtual IP of the second server aiming at the pipeline, carrying out NAT (network address translation) forwarding processing on data needing to be sent to the second server by utilizing the cloud routing information which is configured in the cloud routing of the first cloud manufacturer and is from the first server to each server in other cloud manufacturers and utilizing iptables configured on the first server. The method and the system can get through the internal private network among cloud manufacturers, facilitate the access of the user among the cloud manufacturers, and have better user experience.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a data processing method for a cross-cloud vendor according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a cross-cloud vendor networking according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating configuration information according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a multi-cloud vendor networking topology according to an embodiment of the present invention;
FIG. 5 is a flowchart of another cross-cloud vendor data processing method according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a cloud vendor's VPN servers provided by an embodiment of the present invention;
fig. 7 is a schematic diagram of a VPN server of another cloud vendor according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a data processing method for a cross-cloud vendor, which is applied to a first VPN server of a first cloud vendor, and the method may include the following steps:
step 101: installing a Linux operating system, deploying a first OpenVPN server and configuring iptables on the first VPN server;
step 102: performing, for each of the external at least one other cloud vendor: connecting a first OpenVPN client deployed on the first OpenVPN server and a second OpenVPN server on the basis of an external network IP of the first VPN server and an external network IP of the second VPN server of the second cloud vendor and by using a VPN technology, so as to establish a first encrypted communication pipe between the first OpenVPN server and the first OpenVPN client, and generate a first virtual IP of the first VPN server for the first encrypted communication pipe;
step 103: based on the first encrypted communication pipeline, the first virtual IP and the second virtual IP of the second VPN server, for the first encrypted communication pipeline, using cloud routing information configured in a cloud route of the first cloud vendor and from the first VPN server to each server in the second cloud vendor, and using iptables configured on the first VPN server, performing NAT forwarding processing on data to be sent to the second VPN server, so as to forward the data to the second VPN server.
The embodiment of the invention provides a data processing method for a cross-cloud manufacturer, which comprises the following steps: installing a Linux operating system on a first server of a first cloud vendor; for each other cloud vendor: based on the external network IP of the first server and the second server of the other cloud manufacturer, connecting an OpenVPN server deployed on the first server and a corresponding client deployed on the second server by using a VPN technology so as to establish an encrypted communication pipeline between the OpenVPN server and the corresponding client deployed on the second server and generate a virtual IP of the first server for the pipeline; and based on the virtual IP, the pipeline and the virtual IP of the second server aiming at the pipeline, carrying out NAT (network address translation) forwarding processing on data needing to be sent to the second server by utilizing the cloud routing information which is configured in the cloud routing of the first cloud manufacturer and is from the first server to each server in other cloud manufacturers and utilizing iptables configured on the first server. The embodiment of the invention can get through the internal private network among cloud manufacturers, is convenient for users to access by crossing cloud manufacturers, and has better user experience.
In detail, cloud vendors may have arrests, aws (amazon Web service), huazhiyun, and the like. Wherein the AWS is a cloud service provided by Amazon manufacturers. The user may purchase internal private networks of various cloud vendors.
Each server of each cloud manufacturer related in the embodiment of the present invention may be a cloud server purchased by a user and having a usage right.
Taking building a different-place disaster recovery center as an example, it is assumed that a main cloud node of a user service is in the Ali cloud, and cloud services are also purchased in the AWS and Huawei clouds to be used as the disaster recovery center. In order to get through the internal private networks among the three cloud manufacturers to achieve the purpose of mutual communication among different cloud manufacturers, a VPN private server built by a linux operating system can be used, and a secure encryption pipeline is built among different cloud manufacturers by combining OpenVPN and iptables technologies and a cloud routing technology, so that the internal private networks among the cloud manufacturers are got through.
In detail, the linux operating system may be a linux operating system of a Centos7 version.
In detail, a VPN, i.e. a virtual private network, belongs to a remote access technology, and functions as: and establishing a private network on the public network for encrypted communication. The VPN gateway realizes remote access through encryption of the data packet and conversion of a data packet target address.
In detail, OpenVPN is an open-source VPN technology, and may have two parts, a server and a client. Thus, an OpenVPN server is deployed on a VPN server of one cloud manufacturer, an OpenVPN client is deployed on a VPN server of another cloud manufacturer, and a secure encrypted communication pipeline is established between the server and the client by using a VPN technology.
In detail, iptables is a firewall service of the linux operating system, and the embodiment of the invention can use a nat forwarding function of the iptables to realize the transmission of data in an encryption communication pipeline.
Referring to fig. 2, assume that a user purchases 5 servers of the arry cloud, 4 servers of the AWS, and 4 servers of the huayun. In the following, the establishment of an encrypted channel between the Aliskiren clouds and the Hua clouds will be described as an example.
Referring to fig. 2, a server with an intranet IP of ariloc being 172.16.0.1 (an out-of-band IP) is taken as a VPN server, a linux operating system is installed on the VPN server, an OpenVPN server is deployed, and iptables are configured, which may be shown as an ariloc VPN server part in fig. 3.
The method comprises the steps of taking a server (with an external network IP) with an internal network IP of 172.16.70.1, which is named as cloud, as a VPN server, installing a linux operating system on the VPN server, deploying an OpenVPN client, and configuring iptables, wherein the configured iptables can be shown as a part named as cloud VPN client in fig. 3.
In the embodiment of the invention, iptables is configured on a VPN dedicated server of each cloud manufacturer, so that nat forwarding is carried out on traffic in a VPN virtual network, and network access among several VPN dedicated servers of each cloud manufacturer is opened.
After deployment, a VPN technology can be applied through a public network, so that an OpenVPN client in Huayun can be connected with an OpenVPN server in Aliyun, and a safe encryption tunnel is established between the OpenVPN client and the Aliyun. After the connection is established, the VPN technology may generate a virtual IP from the specified IP segment. Referring to fig. 2, a VPN virtual IP for a VPN server of the arry cloud may be generated: 192.168.1.1, and generating a VPN virtual IP for the wye cloud VPN server: 192.168.1.3. at this time, the two servers having intranet IPs 172.16.0.1 and 172.16.70.1 are networked.
Then, based on the generated virtual IP, NAT forwarding of data received on the virtual IP through a corresponding encryption communication pipeline can be performed by using an iptables technology and combining configured cloud routing information on the service side and the client operating system level of the OpenVPN.
In detail, cloud routing is a virtual routing technology used by cloud manufacturers in private networks, and after cloud routing is configured, routing tables of all servers in the current private networks can be immediately validated. If the cloud routing technology is not used, each server needs to be logged in respectively, and the same routing table needs to be configured manually, so that time and labor are consumed.
In the embodiment of the invention, all the servers in different cloud manufacturers can communicate by using the cloud routing technology. In general, each cloud manufacturer's private network has a cloud routing technology, and the routing tables of the other two cloud manufacturers are configured in the cloud routing table of each cloud manufacturer, so that the cloud manufacturers can mutually access and communicate with each other in the private network.
Referring to fig. 3, in the cloud routing table configured on the console of the airy cloud, cloud routing information from the VPN server of the airy cloud to each of the AWS and wary clouds may be configured, such as a part of information of the cloud routing table → airy cloud shown in fig. 3.
In the embodiment of the invention, the routing table is configured in the cloud routing of each cloud manufacturer, and the cloud routing table can take effect on the routing of each server so as to get through the mutual access among all server networks of each cloud manufacturer.
Based on the same implementation principle, in order to establish an encryption channel between the Aliskian cloud and the AWS, an OpenVPN client can be deployed on a VPN server of the AWS in the same way and connected with an OpenVPN server deployed on the VPN server of the Aliskian cloud so as to establish an encryption tunnel between the Aliskian cloud and the AWS, and then NAT forwarding of data between the Aliskian cloud and the AWS can be realized based on the encryption tunnel.
Based on the above, the first VPN server may be an ariclout VPN server shown in fig. 2, and the second VPN server may be a huayun VPN server or an AWS VPN server shown in fig. 2.
In summary, the embodiment of the present invention provides a networking technology for cross-cloud vendors, which can directly get through an internal private network between various cloud vendors purchased by a user. After networking is successfully performed by using networking technology, the special networks of different cloud manufacturers can form a large special network, so that a user can conveniently access internal resources across the cloud manufacturers and conveniently backup data among the different cloud manufacturers.
In the existing implementation mode, because the internal private networks of the services among the cloud manufacturers are not intercommunicated, managers need to separately manage the cloud manufacturers, and management systems (such as a springboard system, an asset management system, a security scanning system and the like) inside each cloud manufacturer need to be repeatedly built and can only be accessed through an external network, so that potential safety hazards are increased while the network is unstable. In the embodiment of the invention, a secure communication pipeline can be established between private networks of cloud manufacturers purchased by a user by using a VPN technology and combining an nat forwarding technology and a cloud routing technology of iptables, so as to open internal private networks among the cloud manufacturers, namely, a large private network is established, and the inside can be directly accessed without dividing manufacturers, so that managers do not need to manage each cloud manufacturer independently, do not need to repeatedly establish a management system, can access data across the cloud manufacturers, and have higher data access security.
Referring to fig. 2, the direct communication between the arriyun cloud and the hua yun can be realized by establishing an encrypted communication pipe between the arriyun cloud and the hua yun VPN server, and the direct communication between the arriyun cloud and the AWS can be realized by establishing an encrypted communication pipe between the arriyun cloud and the AWS VPN server. If data stored on a server of the AWS needs to be accessed on the server of the wary cloud, the data can be transferred through the airy cloud, and internal network access between the wary cloud and the AWS can also be realized.
However, if the network from hua yun to ali yun fails, the internal connection between hua yun and AWS and between hua yun and ali yun cannot be realized. To solve this problem and ensure the stability of VPN network connection between cloud vendors, the networking framework shown in fig. 2 may be optimized.
Based on this, in an embodiment of the present invention, in order to illustrate a possible implementation of the optimized networking framework, the method may further include: deploying a second OpenVPN client on the first VPN server;
performing, for each of the external at least one other cloud vendor:
connecting the second OpenVPN client and a second OpenVPN server deployed on a third VPN server based on an extranet IP of the first VPN server and an extranet IP of the third VPN server of the third cloud vendor and by using a VPN technology, so as to establish a second encrypted communication pipe between the second OpenVPN server and the second OpenVPN client, and generate a third virtual IP of the first VPN server for the second encrypted communication pipe;
receiving, based on the second encrypted communication pipe, the third virtual IP, and a fourth virtual IP of the third VPN server for the second encrypted communication pipe, data sent by the third VPN server by performing NAT forwarding processing using cloud routing information from the first VPN server to each server in the third cloud vendor, which is configured in the cloud routing of the first cloud vendor, and using iptables configured on the first VPN server.
For example, an OpenVPN server can be deployed on an AWS VPN server, so that the AWS VPN server can serve as an OpenVPN server, a cloud VPN server can serve as an OpenVPN client, and an encrypted communication pipe is established between the OpenVPN server and the cloud VPN server. Thus, the AWS VPN server is deployed with an OpenVPN server to provide VPN services to the outside, and is also deployed with an OpenVPN client to connect with VPN services provided from the outside.
Based on the method, an OpenVPN client can be deployed on a VPN server of the Alice cloud, and an OpenVPN server is deployed on a VPN server connected with the AWS.
Based on the same implementation principle, the AWS VPN server can be used as a client, the Hua-Yun VPN server can be used as a server, and an encryption communication pipeline is established between the client and the server.
In this way, in the embodiment of the present invention, the first VPN server may be a VPN server in the airy cloud, a VPN server in the AWS, or a VPN server in the huayun cloud.
In addition, an OpenVPN server and an OpenVPN client can be arranged on each VPN server of each cloud manufacturer, and then the VPN servers of all the cloud manufacturers are connected with one another to form a redundant network.
Therefore, the independent OpenVPN server is arranged on each VPN server, so that the line redundancy effect can be achieved, and even if a certain line is interrupted, the connection of the private network can be maintained through transfer of other lines.
Based on a networking architecture constructed among the cloud manufacturers, internal transmission of data among the cloud manufacturers can be realized. The data transmission operation can be applied to application scenes such as data backup, data access, data uploading/issuing and the like.
Taking data access as an example, in an embodiment of the present invention, in order to illustrate a possible implementation manner of data access, the method may further include: receiving a data access request sent by the second VPN server and aiming at data stored in any first server in the first cloud vendor based on the first encryption communication pipeline, the first virtual IP and the second virtual IP;
and acquiring data which is stored in the first server and corresponds to the data access request based on the intranet IP of the first VPN server and the intranet IP of the first server, so as to serve as the data which needs to be sent to the second VPN server.
For example, it is assumed that the first encrypted communication pipe is an encrypted communication pipe established between a VPN server in the airy cloud and a VPN server in the wary cloud shown in fig. 2, and that a user issues a data access request for target data through a server in the wary cloud (such as a server in fig. 2 with an intranet IP of 172.16.90. x), and the data access request can be forwarded to the VPN server in the wary cloud based on the intranet IP of the server and the intranet IP of the VPN server in the wary cloud.
Based on the preset configuration information and the cloud routing information configured on the hua shi cloud, the VPN server in hua shi cloud can generally know which server the server storing the target data is (assuming that the server in fig. 2 has an intranet IP of 172.16.30. x), and further know the corresponding routing path. Therefore, the cloud-oriented VPN server can forward and process the data access request through the NAT through the first encryption communication pipeline based on the routing path to send the data access request to the murray-oriented VPN server.
After receiving the data access request, the VPN server in the arri cloud can read target data requested to be accessed by the user from the corresponding server based on the intranet IP of each server in the arri cloud, and can return the target data in the original way.
For example, after the target data is obtained, the VPN server in the airy cloud may determine a routing path required for sending the target data according to the routing information configured on the airy cloud, and accordingly, the target data is sent to the VPN server in the airy cloud through the first encryption communication pipeline, and is finally forwarded to a server accessed by the user to be provided to the user.
As can be seen from the above, in addition to a VPN server in which only an OpenVPN server is configured, or both an OpenVPN server and an OpenVPN client are configured, a VPN server in which only an OpenVPN client is configured may also be present. Such as the VPN server of the AWS shown in fig. 2 or the VPN server of the hua-yun.
Based on this, as shown in fig. 5, an embodiment of the present invention provides a data processing method across cloud vendors, which is applied to a fourth VPN server of a fourth cloud vendor, and the method may include the following steps:
step 501: installing a Linux operating system, deploying a third OpenVPN client and configuring iptables on the fourth VPN server;
step 502: performing, for each of the external at least one other cloud vendor: connecting a third OpenVPN client to a third OpenVPN server deployed on a fifth VPN server based on an extranet IP of the fourth VPN server and an extranet IP of the fifth VPN server of the fifth cloud vendor and by using a VPN technology, so as to establish a third encrypted communication pipe between the third OpenVPN server and the third OpenVPN client, and generate a fifth virtual IP of the fourth VPN server for the third encrypted communication pipe;
step 503: receiving, based on the third encrypted communication pipe, the fifth virtual IP, and a sixth virtual IP of the fifth VPN server for the third encrypted communication pipe, data sent by the fifth VPN server by performing NAT forwarding processing, using cloud routing information from the fourth VPN server to each server in the fifth cloud vendor, which is configured in cloud routing of the fourth cloud vendor, and using iptables configured on the fourth VPN server.
In the embodiment of the present invention, the fourth VPN server may be an AWS VPN server shown in fig. 2 or a cloud VPN server. The fifth VPN server may be a VPN server of the ariloc shown in fig. 2.
The cross-cloud manufacturer data processing method applied to the fourth VPN server according to the embodiment of the present invention is used in cooperation with the cross-cloud manufacturer data processing method applied to the first VPN server according to the other embodiments of the present invention, and is based on the same inventive concept, so that reference may be made to technical descriptions in the other embodiments of the present invention, and details of the embodiments of the present invention are not repeated herein.
As shown in fig. 6, an embodiment of the present invention provides a first VPN server of a first cloud vendor, where the first VPN server is configured to execute any one of the above data processing methods applied to the first VPN server and across cloud vendors, and the method may include:
a first configuration unit 601, configured to install a Linux operating system, deploy a first OpenVPN server, and configure iptables on the first VPN server;
a first encrypted communication pipe establishing unit 602, configured to perform, for each of at least one other external cloud vendor: connecting a first OpenVPN client deployed on the first OpenVPN server and a second OpenVPN server on the basis of an external network IP of the first VPN server and an external network IP of the second VPN server of the second cloud vendor and by using a VPN technology, so as to establish a first encrypted communication pipe between the first OpenVPN server and the first OpenVPN client, and generate a first virtual IP of the first VPN server for the first encrypted communication pipe;
a first data processing unit 603, configured to perform NAT forwarding on data that needs to be sent to the second VPN server by using cloud routing information from the first VPN server to each server in the second cloud vendor, which is configured in a cloud route of the first cloud vendor, and by using iptables configured on the first VPN server, based on the first encrypted communication pipeline, the first virtual IP, and a second virtual IP of the second VPN server for the first encrypted communication pipeline, so as to forward the data to the second VPN server.
As shown in fig. 7, an embodiment of the present invention provides a fourth VPN server of a fourth cloud vendor, where the fourth VPN server is configured to execute any one of the above data processing methods applied to the fourth VPN server and across cloud vendors, and the method may include:
a second configuration unit 701, configured to install a Linux operating system, deploy a third OpenVPN client, and configure iptables on the fourth VPN server;
a second encrypted communication pipe establishing unit 702, configured to perform, for each of at least one other external cloud vendor: connecting a third OpenVPN client to a third OpenVPN server deployed on a fifth VPN server based on an extranet IP of the fourth VPN server and an extranet IP of the fifth VPN server of the fifth cloud vendor and by using a VPN technology, so as to establish a third encrypted communication pipe between the third OpenVPN server and the third OpenVPN client, and generate a fifth virtual IP of the fourth VPN server for the third encrypted communication pipe;
a second data processing unit 703 is configured to receive, based on the third encrypted communication pipe, the fifth virtual IP, and a sixth virtual IP of the fifth VPN server for the third encrypted communication pipe, data sent by the fifth VPN server by performing NAT forwarding processing, using cloud routing information from the fourth VPN server to each server in the fifth cloud vendor, which is configured in cloud routing of the fourth cloud vendor, and using iptables configured on the fourth VPN server.
Because the information interaction, execution process, and other contents between the units in the device are based on the same concept as the method embodiment of the present invention, specific contents may refer to the description in the method embodiment of the present invention, and are not described herein again.
Referring to fig. 2 or fig. 3, an embodiment of the present invention provides a data processing system of a cross-cloud vendor, which may include: at least one first VPN server of said first cloud vendor, and at least one fourth VPN server of said fourth cloud vendor.
For example, when the networking architecture of the data processing system of the cross-cloud vendor is shown in fig. 2, the system has a first VPN server, i.e., a VPN server of the arrhizus, and two fourth VPN servers, i.e., a VPN server of the AWS and a VPN server of the huayun.
In order to ensure the stability of VPN network connection between various cloud manufacturers, the system can have an optimized networking framework, and the networking framework can have the following characteristics:
in an embodiment of the present invention, the number of VPN servers in the data processing system of the cross-cloud vendor is 3, and an encrypted communication pipe is established between any two VPN servers.
In an embodiment of the present invention, the number of the VPN servers in the data processing system of the cross-cloud vendor is 4, and an encrypted communication pipe is respectively established between any VPN server and at least two other VPN servers.
In an embodiment of the present invention, the number of VPN servers in the data processing system of the cross-cloud vendor is not less than 4, and an encrypted communication pipeline is respectively established between any VPN server and at least three other VPN servers.
Compared with the networking framework shown in fig. 2, if a cloud manufacturer node is added, the networking can be performed by combining a star-type network topology mode and a ring-type network topology mode while adding the cloud manufacturer node and referring to fig. 4.
Embodiments of the present invention also provide a computer-readable medium storing instructions for causing a computer to perform a cross-cloud vendor data processing method as described herein. Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion unit connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion unit to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
In summary, the embodiments of the present invention have at least the following advantages:
1. in the embodiment of the invention, a Linux operating system is installed on a first server of a first cloud manufacturer; for each other cloud vendor: based on the external network IP of the first server and the second server of the other cloud manufacturer, connecting an OpenVPN server deployed on the first server and a corresponding client deployed on the second server by using a VPN technology so as to establish an encrypted communication pipeline between the OpenVPN server and the corresponding client deployed on the second server and generate a virtual IP of the first server for the pipeline; and based on the virtual IP, the pipeline and the virtual IP of the second server aiming at the pipeline, carrying out NAT (network address translation) forwarding processing on data needing to be sent to the second server by utilizing the cloud routing information which is configured in the cloud routing of the first cloud manufacturer and is from the first server to each server in other cloud manufacturers and utilizing iptables configured on the first server. The embodiment of the invention can get through the internal private network among cloud manufacturers, is convenient for users to access by crossing cloud manufacturers, and has better user experience.
2. In the embodiment of the invention, a secure communication pipeline can be established between private networks of cloud manufacturers purchased by a user by using a VPN technology and combining an nat forwarding technology and a cloud routing technology of iptables, so that the internal private networks among the cloud manufacturers are opened, a large private network is established, the inside can be directly accessed without dividing the manufacturers, managers do not need to manage each cloud manufacturer independently, a management system does not need to be built repeatedly, data can be accessed across the cloud manufacturers, and the data access security is higher.
It should be noted that not all steps and modules in the above flows and system structure diagrams are necessary, and some steps or modules may be omitted according to actual needs. The execution order of the steps is not fixed and can be adjusted as required. The system structure described in the above embodiments may be a physical structure or a logical structure, that is, some modules may be implemented by the same physical entity, or some modules may be implemented by a plurality of physical entities, or some components in a plurality of independent devices may be implemented together.
In the above embodiments, the hardware unit may be implemented mechanically or electrically. For example, a hardware element may comprise permanently dedicated circuitry or logic (such as a dedicated processor, FPGA or ASIC) to perform the corresponding operations. The hardware elements may also comprise programmable logic or circuitry, such as a general purpose processor or other programmable processor, that may be temporarily configured by software to perform the corresponding operations. The specific implementation (mechanical, or dedicated permanent, or temporarily set) may be determined based on cost and time considerations.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other similar elements in a process, method, article, or apparatus that comprises the element.
While the invention has been shown and described in detail in the drawings and in the preferred embodiments, it is not intended to limit the invention to the embodiments disclosed, and it will be apparent to those skilled in the art that various combinations of the code auditing means in the various embodiments described above may be used to obtain further embodiments of the invention, which are also within the scope of the invention.

Claims (10)

1. The data processing method of the cross-cloud manufacturer is characterized by being applied to a first Virtual Private Network (VPN) server of a first cloud manufacturer, and comprises the following steps:
installing a Linux operating system, deploying a first OpenVPN server and configuring iptables on the first VPN server;
performing, for each of the external at least one other cloud vendor:
connecting a first OpenVPN client deployed on the first OpenVPN server and a second OpenVPN server on the basis of an external network IP of the first VPN server and an external network IP of the second VPN server of the second cloud vendor and by using a VPN technology, so as to establish a first encrypted communication pipe between the first OpenVPN server and the first OpenVPN client, and generate a first virtual IP of the first VPN server for the first encrypted communication pipe;
based on the first encrypted communication pipeline, the first virtual IP and the second virtual IP of the second VPN server, aiming at the first encrypted communication pipeline, by using cloud routing information configured in a cloud route of the first cloud manufacturer and from the first VPN server to each server in the second cloud manufacturer, and by using iptables configured on the first VPN server, an internal private network between cloud manufacturers is opened, and Network Address Translation (NAT) forwarding processing is performed on data needing to be sent to the second VPN server, so that the data are forwarded to the second VPN server.
2. The method of claim 1,
further comprising: deploying a second OpenVPN client on the first VPN server;
performing, for each of the external at least one other cloud vendor:
connecting the second OpenVPN client and a second OpenVPN server deployed on a third VPN server based on an extranet IP of the first VPN server and an extranet IP of the third VPN server of the third cloud vendor and by using a VPN technology, so as to establish a second encrypted communication pipe between the second OpenVPN server and the second OpenVPN client, and generate a third virtual IP of the first VPN server for the second encrypted communication pipe;
receiving, based on the second encrypted communication pipe, the third virtual IP, and a fourth virtual IP of the third VPN server for the second encrypted communication pipe, data sent by the third VPN server by performing NAT forwarding processing using cloud routing information from the first VPN server to each server in the third cloud vendor, which is configured in the cloud routing of the first cloud vendor, and using iptables configured on the first VPN server.
3. The method according to claim 1 or 2,
further comprising: receiving a data access request sent by the second VPN server and aiming at data stored in any first server in the first cloud vendor based on the first encryption communication pipeline, the first virtual IP and the second virtual IP;
and acquiring data which is stored in the first server and corresponds to the data access request based on the intranet IP of the first VPN server and the intranet IP of the first server, so as to serve as the data which needs to be sent to the second VPN server.
4. The data processing method of the cross-cloud manufacturer is characterized by being applied to a fourth Virtual Private Network (VPN) server of a fourth cloud manufacturer, and the method comprises the following steps:
installing a Linux operating system, deploying a third OpenVPN client and configuring iptables on the fourth VPN server;
performing, for each of the external at least one other cloud vendor:
connecting a third OpenVPN client to a third OpenVPN server deployed on a fifth VPN server based on an extranet IP of the fourth VPN server and an extranet IP of the fifth VPN server of the fifth cloud vendor and by using a VPN technology, so as to establish a third encrypted communication pipe between the third OpenVPN server and the third OpenVPN client, and generate a fifth virtual IP of the fourth VPN server for the third encrypted communication pipe;
based on the third encrypted communication pipe, the fifth virtual IP, and a sixth virtual IP of the fifth VPN server for the third encrypted communication pipe, using cloud routing information from the fourth VPN server to each server of the fifth cloud vendor, configured in a cloud route of the fourth cloud vendor, and using iptables configured on the fourth VPN server, opening an internal private network between cloud vendors, and receiving data sent by the fifth VPN server by performing Network Address Translation (NAT) forwarding processing.
5. A first virtual private network VPN server of a first cloud vendor, configured to perform the cross-cloud vendor data processing method of any of claims 1 to 3, comprising:
the first configuration unit is used for installing a Linux operating system, deploying a first OpenVPN server and configuring iptables on the first VPN server;
a first encrypted communication pipe establishing unit configured to perform, for each of at least one other external cloud vendor: connecting a first OpenVPN client deployed on the first OpenVPN server and a second OpenVPN server on the basis of an external network IP of the first VPN server and an external network IP of the second VPN server of the second cloud vendor and by using a VPN technology, so as to establish a first encrypted communication pipe between the first OpenVPN server and the first OpenVPN client, and generate a first virtual IP of the first VPN server for the first encrypted communication pipe;
a first data processing unit, configured to, based on the first encrypted communication pipe, the first virtual IP, and a second virtual IP of the second VPN server for the first encrypted communication pipe, utilize cloud routing information configured in a cloud route of the first cloud vendor and from the first VPN server to each server of the second cloud vendor, and utilize iptables configured on the first VPN server, open an internal private network between cloud vendors, and perform network address translation NAT forwarding processing on data that needs to be sent to the second VPN server, so as to forward the data to the second VPN server.
6. A fourth virtual private network VPN server of a fourth cloud vendor, configured to perform the cross-cloud vendor data processing method of claim 4, comprising:
a second configuration unit, configured to install a Linux operating system, deploy a third OpenVPN client, and configure iptables on the fourth VPN server;
a second encrypted communication pipe establishing unit configured to execute, for each of at least one other external cloud vendor: connecting a third OpenVPN client to a third OpenVPN server deployed on a fifth VPN server based on an extranet IP of the fourth VPN server and an extranet IP of the fifth VPN server of the fifth cloud vendor and by using a VPN technology, so as to establish a third encrypted communication pipe between the third OpenVPN server and the third OpenVPN client, and generate a fifth virtual IP of the fourth VPN server for the third encrypted communication pipe;
a second data processing unit, configured to, based on the third encrypted communication pipe, the fifth virtual IP, and a sixth virtual IP of the fifth VPN server for the third encrypted communication pipe, use cloud routing information configured in cloud routing of the fourth cloud vendor, from the fourth VPN server to each server of the fifth cloud vendor, and use iptables configured on the fourth VPN server to reach an internal private network between cloud vendors, and receive data sent by the fifth VPN server by performing network address translation NAT forwarding processing.
7. A data processing system across cloud vendors, comprising:
at least one first Virtual Private Network (VPN) server of the first cloud vendor of claim 5, and at least one fourth VPN server of the fourth cloud vendor of claim 6.
8. The cross-cloud vendor data processing system of claim 7,
the number of the VPN servers in the data processing system of the cross-cloud manufacturer is 3, and an encryption communication pipeline is established between any two VPN servers.
9. The cross-cloud vendor data processing system of claim 7,
the number of the VPN servers in the data processing system of the cross-cloud manufacturer is 4, and encrypted communication pipelines are respectively established between any VPN server and at least two other VPN servers.
10. The cross-cloud vendor data processing system of claim 7,
the number of the VPN servers in the data processing system of the cross-cloud manufacturer is not less than 4, and encrypted communication pipelines are respectively established between any VPN server and at least three other VPN servers.
CN202010230583.2A 2020-03-27 2020-03-27 Data processing method, device and system for cross-cloud manufacturer Active CN111404801B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010230583.2A CN111404801B (en) 2020-03-27 2020-03-27 Data processing method, device and system for cross-cloud manufacturer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010230583.2A CN111404801B (en) 2020-03-27 2020-03-27 Data processing method, device and system for cross-cloud manufacturer

Publications (2)

Publication Number Publication Date
CN111404801A CN111404801A (en) 2020-07-10
CN111404801B true CN111404801B (en) 2021-09-28

Family

ID=71414155

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010230583.2A Active CN111404801B (en) 2020-03-27 2020-03-27 Data processing method, device and system for cross-cloud manufacturer

Country Status (1)

Country Link
CN (1) CN111404801B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221948B (en) * 2021-11-24 2024-04-09 中信云网有限公司 Cloud network system and task processing method
CN116095080B (en) * 2023-04-06 2023-06-09 深圳竹云科技股份有限公司 Cross-cloud data interconnection network communication method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105229971A (en) * 2013-05-23 2016-01-06 三菱电机株式会社 Relay, communication mode system of selection and program
CN106210174A (en) * 2016-08-29 2016-12-07 东方网力科技股份有限公司 A kind of method solving network appliance IP address conflict and vpn server
CN106533880A (en) * 2016-11-02 2017-03-22 天脉聚源(北京)传媒科技有限公司 Method and apparatus for erecting VPN service on cloud server

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105245707A (en) * 2015-09-28 2016-01-13 努比亚技术有限公司 Mobile terminal and method for processing information
US11005682B2 (en) * 2015-10-06 2021-05-11 Cisco Technology, Inc. Policy-driven switch overlay bypass in a hybrid cloud network environment
CN105872128B (en) * 2016-05-31 2019-03-08 浙江宇视科技有限公司 The distribution method and device of virtual ip address
CN107659481A (en) * 2017-08-09 2018-02-02 高斯贝尔数码科技股份有限公司 Long-range control method, device and storage medium based on Virtual Private Network
US11855805B2 (en) * 2017-10-02 2023-12-26 Vmware, Inc. Deploying firewall for virtual network defined over public cloud infrastructure
CN109728988B (en) * 2017-10-27 2020-05-12 贵州白山云科技股份有限公司 Inter-intranet communication method and device
CN107911463B (en) * 2017-11-27 2021-01-19 深信服科技股份有限公司 Business cross-cloud architecture and creation method and management method thereof
CN109361764B (en) * 2018-11-29 2021-02-05 杭州数梦工场科技有限公司 Service access method, device and equipment of inter-VPC and readable storage medium
CN109743354A (en) * 2018-12-05 2019-05-10 国云科技股份有限公司 A kind of cloudy tubular container cluster method of boarding at the nursery
CN110519075B (en) * 2019-07-24 2022-05-27 浪潮思科网络科技有限公司 SDN-based communication system and method for physical host and virtual cloud host

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105229971A (en) * 2013-05-23 2016-01-06 三菱电机株式会社 Relay, communication mode system of selection and program
CN106210174A (en) * 2016-08-29 2016-12-07 东方网力科技股份有限公司 A kind of method solving network appliance IP address conflict and vpn server
CN106533880A (en) * 2016-11-02 2017-03-22 天脉聚源(北京)传媒科技有限公司 Method and apparatus for erecting VPN service on cloud server

Also Published As

Publication number Publication date
CN111404801A (en) 2020-07-10

Similar Documents

Publication Publication Date Title
US11588886B2 (en) Managing replication of computing nodes for provided computer networks
US11659035B2 (en) Routing messages between cloud service providers
CN111045690B (en) Block chain node service deployment method, device, system, computing equipment and medium
CN103580980B (en) The method and device thereof that virtual network finds and automatically configures automatically
US9654340B2 (en) Providing private access to network-accessible services
US7899047B2 (en) Virtual network with adaptive dispatcher
CN102291455B (en) Distributed cluster processing system and message processing method thereof
JP2012511878A (en) Provide access to a configurable private computer network
CN111404801B (en) Data processing method, device and system for cross-cloud manufacturer
CN113965505A (en) Method for cloud host intercommunication among different virtual private networks and implementation architecture
US10291709B2 (en) Protocol independent storage discovery and enablement
JP3996922B2 (en) Centralized management system and method for network connection means in a network where different communication protocols coexist
CN104782105B (en) For restoring method, data routing means and the medium of the routing iinformation lost
CN102158567B (en) Equipment configuration method, strategic server and network address translation apparatus
CN106330492B (en) A kind of method, apparatus and system configuring user equipment forwarding table
CN111182075A (en) Fabric block chain network alliance networking method
CN115865601A (en) SDN network communication system of cross-cloud data center
CN103155495A (en) Method, apparatus and system for routing protocol configuration
CN113923149B (en) Network access method, device, network system, electronic equipment and storage medium
CN117579425A (en) Cloud network access method, device, medium and program product
CN114363294A (en) Tenant server management method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant