CN111651242B - System and method for scheduling operating machine in network target range actual combat drilling scene - Google Patents

System and method for scheduling operating machine in network target range actual combat drilling scene Download PDF

Info

Publication number
CN111651242B
CN111651242B CN202010792959.9A CN202010792959A CN111651242B CN 111651242 B CN111651242 B CN 111651242B CN 202010792959 A CN202010792959 A CN 202010792959A CN 111651242 B CN111651242 B CN 111651242B
Authority
CN
China
Prior art keywords
service
machine
operating
operator
operating machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010792959.9A
Other languages
Chinese (zh)
Other versions
CN111651242A (en
Inventor
程能杰
谢峥
高庆官
唐海均
高丽彪
王鹏
于靖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Cyber Peace Technology Co Ltd
Original Assignee
Nanjing Cyber Peace Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Cyber Peace Technology Co Ltd filed Critical Nanjing Cyber Peace Technology Co Ltd
Priority to CN202010792959.9A priority Critical patent/CN111651242B/en
Publication of CN111651242A publication Critical patent/CN111651242A/en
Application granted granted Critical
Publication of CN111651242B publication Critical patent/CN111651242B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/18Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses an operator scheduling system and method for a network target range actual combat drilling scene, which comprises the steps of analyzing an IP data packet of a virtual switch on a computing node where an operator is located through a flow monitoring module, filtering non-service flow according to the protocol type of the IP data packet, and sending the information of the operator with no service inflow and outflow record within the continuous set time to an operator management module; the operating machine management module judges the zero service operating machine based on the operation record, freezes the zero service operating machine, generates a memory disk snapshot and stores the memory disk snapshot in the snapshot storage module, and reserves network configuration information and releases the operating machine; and when the team member host is connected with the operating machine again, the operating machine is regenerated by the stored snapshot, and the operating machine is connected after the state of the frozen operating machine is recovered. The invention can reduce the waste of idle resources, realize the non-inductive automatic dispatching of the operating machines and improve the number of the network shooting range supporting operating machines.

Description

System and method for scheduling operating machine in network target range actual combat drilling scene
Technical Field
The invention relates to an operator scheduling system and method for a network shooting range actual combat drilling scene, and belongs to the technical field of networks.
Background
The network target range is a test platform which is combined with a real device through a virtual environment, simulates a real network space attack and defense combat environment and can support combat capability research and weapon equipment verification. With the continuous development of the information era, the network environment is increasingly severe, and the requirement of building a large-scale network environment for actual combat drilling is continuously provided.
The deployment diagram of the network target range actual combat drilling scene is shown in fig. 1, the network target range is connected with a control node, a computing node and the internet through a plurality of kinds of entity network equipment, and the network target range establishes a virtual machine and a virtual network of the drilling scene at the computing node through a virtualization technology. The network target range generates virtual machines for all the team members as network target range operation machines, the team members of all the team members remotely control the operation machines through an operation machine management module of the network target range control node, the operation machine management module records all operation logs of the team members, and the command center can observe the fighting conditions of all the team members through the operation logs.
The operation process of the current network target range actual combat drilling scene mainly comprises the following steps: the command center appoints a combat task and assigns the task to a corresponding combat squad or a combat team member; the combat squad receives the assigned combat mission, and creates a virtual machine as a combat operation machine at a computing node in a network target range, and all the combat operations aiming at the current mission are executed on the operation machine; the team member host computer of the battle is connected with the operation machine management module to initiate an operation machine connection request; the operation machine management module authenticates the identity and the authority of the team member of the combat squad and is connected with the operation machine through a remote control protocol; the team members of the combat squad execute tasks through the operating machines; after the combat team member finishes the combat task, the operation machine used for the current task is released, namely the virtual machine resource is released. The operation process of the prior network shooting range actual combat drilling scene has the following problems:
1. the resources are wasted. The long-term task manipulator still occupies internal memory and CPU resources under the idle state without finishing the task, so that resource waste is caused, and a new task cannot create a combat manipulator.
2. Network range administrators need manual coordination operators. Network shooting range administrators need to manually coordinate the operator resources to free up some of the resources to create new operators to support new combat needs.
Disclosure of Invention
The purpose of the invention is as follows: in view of the problems in the prior art, an object of the present invention is to provide a system and a method for scheduling operation machines in a network shooting range practice scene, so as to reduce the waste of idle resources and achieve automatic scheduling of operation machines, thereby increasing the number of operation machines supported by the network shooting range.
The technical scheme is as follows: in order to achieve the purpose, the invention adopts the following technical scheme:
an operating machine scheduling system for a network target range actual combat drilling scene comprises an operating machine management module, a flow monitoring module and a snapshot storage module; the operation machine management module is used for receiving an operation machine connection request initiated by a team member host, connecting the operation machine after the identity and authority verification is passed, and storing the operation record of a combat team member; judging whether the operating machine is a zero service operating machine, freezing the zero service operating machine, generating a memory disk snapshot and storing the memory disk snapshot in the snapshot storage module, and reserving network configuration information and releasing the operating machine; after the team member host is connected with the released operation machine, the operation machine is regenerated by the stored snapshot, and the operation machine is connected after the state of the operation machine during freezing is recovered;
the flow monitoring module is used for analyzing an IP data packet of a virtual switch on a computing node where the operating machine is located, filtering non-service flow according to the protocol type of the IP data packet, marking a latest service inflow record and a latest service outflow record, and sending operating machine information without service inflow and service outflow records in a continuous set time to the operating machine management module; and the operation machine management module judges the zero-service operation machine based on the operation records after receiving the operation machine information without service inflow and service outflow records, and judges the zero-service operation machine if the corresponding operation machine does not have the team member host instruction record within the continuous set time.
Furthermore, the traffic monitoring module comprises a service component and a client component, the service component is deployed on the network target range control node where the operating machine management module is located, and the client component is deployed on the network target range computing node where the operating machine is located.
Further, the protocol types of the non-service traffic filtered by the traffic monitoring module include an ICMP protocol, an ARP protocol, an RARP protocol, a DHCP protocol, and a DNS protocol.
Further, the snapshot storage module stores the memory disk snapshot of the zero-service operating machine in the shared file system, and the snapshot data is deleted after the stored snapshot is regenerated into the operating machine.
An operator scheduling method for a network shooting range actual combat drilling scene comprises the following steps:
step 1: the operation machine management module receives an operation machine connection request initiated by a team member host, authenticates the identity and the authority of the team member, connects the operation machine after the authentication is passed, and stores the operation record of the battle team member;
step 2: the flow monitoring module monitors the network flow of the operating machine by analyzing an IP data packet of a virtual switch on a computing node where the operating machine is located, filters non-service flow according to the protocol type of the IP data packet, marks a latest service inflow record and a latest service outflow record, and sends operating machine information without service inflow and service outflow records in a continuous set time to the operating machine management module;
and step 3: the operating machine management module judges zero service operating machines based on the operation records after receiving the operating machine information without service inflow and service outflow records, and judges the operating machines as the zero service operating machines if the corresponding operating machines do not have team member host instruction records within the duration set time;
and 4, step 4: the operating machine management module freezes the zero-service operating machine, generates a memory disk snapshot and stores the memory disk snapshot in the snapshot storage module, and reserves network configuration information and releases the operating machine;
and 5: and when the operator management module receives the released operator connected with the team member host, the stored snapshot regenerates the operator, and the operator is connected after the state of the operator when frozen is recovered.
An operator scheduling system for a network shooting range actual combat rehearsal scene, comprising: the system comprises a control node and at least one computing node, wherein the control node and the computing node respectively comprise a memory, a processor and a computer program which is stored on the memory and can run on the processor; creating a virtual machine on the computing node as an operation machine for network shooting range battle;
the computer program on the control node, when loaded into a processor, implements the method of:
receiving an operator connection request initiated by a team member host, authenticating the identity and the authority of the team member, connecting the operator after the authentication is passed, and storing the operation record of the combat team member;
after receiving the information of the operating machines without service inflow and service outflow records, judging zero service operating machines based on the operation records, and if the corresponding operating machines do not have team member host instruction records within the duration set time, judging the operating machines as the zero service operating machines;
freezing the zero service operation machine, generating a memory disk snapshot and storing the memory disk snapshot in a snapshot storage module, reserving network configuration information and releasing the operation machine;
after receiving the connection of the team member host computer with the released operation machine, regenerating the operation machine by the stored snapshot, and connecting the operation machine after the state of the operation machine when being frozen is recovered;
the computer program on the compute node, when loaded into a processor, implements the method of:
the network flow of the operating machine is monitored by analyzing an IP data packet of the virtual switch, non-service flow is filtered according to the protocol type of the IP data packet, the latest service inflow record and service outflow record are marked, and the information of the operating machine without service inflow and service outflow record in the continuous set time is sent to a computer program module on the control node.
Has the advantages that: the method judges that the operating machine is in the zero service state through the zero service inflow and outflow record and the zero operation record in the duration time of the operating machine, saves the zero service operating machine state through the memory and the disk snapshot, and releases the resources of the operating machine at the same time, thereby avoiding the occupation of the resources without services; when the team member connects again, the recovery of the frozen state operating machine can be triggered, and the memory and disk states during freezing can be recovered. Compared with the prior art, the invention has the following advantages: 1. and idle resource occupation is reduced. Resources are released through the non-service state judgment, and waste of idle resources is reduced. 2. An noninductive automatic dispatching manipulator. The zero service operation machine is automatically frozen, the freezing operation machine is automatically recovered, and the user has no sense of state switching of the operation machine. 3. And the number of the supporting operation machines of the network target range is increased. The operating machines are frozen through snapshots, and the number of the operating machines which can be supported by a network target range is increased.
Drawings
FIG. 1 is a deployment diagram of a network shooting range actual combat drilling scene.
Fig. 2 is a schematic structural diagram of an operator scheduling system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be obtained by a person skilled in the art based on the embodiments of the present invention without any inventive step are within the scope of the present invention.
As shown in fig. 2, the operator scheduling system for a network shooting range actual combat drilling scene disclosed in the embodiment of the present invention mainly includes an operator management module, a traffic monitoring module, and a snapshot storage module. The operation machine management module is used for receiving an operation machine connection request initiated by a team member host, connecting the operation machine after the identity and authority verification is passed, and storing the operation record of a combat team member; judging whether the operating machine is a zero-service operating machine or not, freezing the zero-service operating machine, generating a memory disk snapshot and storing the memory disk snapshot in a snapshot storage module, and reserving network configuration information and releasing the operating machine; and after the team member host computer is connected with the released operation machine, regenerating the operation machine by the stored snapshot, and connecting the operation machine after the state of the operation machine when being frozen is recovered.
The flow monitoring module is used for analyzing an IP data packet of a virtual switch on a computing node where the operating machine is located, filtering non-service flow according to the protocol type of the IP data packet, marking a latest service inflow record and a latest service outflow record, and sending operating machine information without service inflow and service outflow records in a continuous set time to the operating machine management module; and the operating machine management module judges the zero-service operating machine based on the operation records after receiving the operating machine information without service inflow and service outflow records, and judges the zero-service operating machine if the corresponding operating machine does not have the team member host instruction record within the continuous set time.
For those skilled in the art, the modules in the above embodiments may be adaptively changed, and may be divided into a plurality of sub-modules.
Based on the same inventive concept, the embodiment of the invention discloses an operating machine scheduling method for a network target range actual combat drilling scene, which comprises the following steps:
step 1: the operation machine management module receives an operation machine connection request initiated by a team member host, authenticates the identity and the authority of the team member, connects the operation machine after the authentication is passed, and stores the operation record of the battle team member;
step 2: the flow monitoring module monitors the network flow of the operating machine by analyzing an IP data packet of a virtual switch on a computing node where the operating machine is located, filters non-service flow according to the protocol type of the IP data packet, marks a latest service inflow record and a latest service outflow record, and sends operating machine information without service inflow and service outflow records in a continuous set time to the operating machine management module;
and step 3: the operating machine management module judges zero service operating machines based on the operation records after receiving the operating machine information without service inflow and service outflow records, and judges the operating machines as the zero service operating machines if the corresponding operating machines do not have team member host instruction records within the duration set time;
and 4, step 4: the operating machine management module freezes the zero-service operating machine, generates a memory disk snapshot and stores the memory disk snapshot in the snapshot storage module, and reserves network configuration information and releases the operating machine;
and 5: and when the operator management module receives the released operator connected with the team member host, the stored snapshot regenerates the operator, and the operator is connected after the state of the operator when frozen is recovered.
The following describes in detail the specific application of the manipulator scheduling system of the embodiment of the present invention in the battle process with reference to a specific network shooting range actual combat drilling scene. The operation process of the network target range actual combat drilling scene of the operation machine scheduling system provided by the embodiment of the invention comprises the following specific steps:
1. the command center creates a task. The command center designates the combat mission and assigns the mission to a corresponding combat squad or combat crew. The dispatch of the tasks may be submitted to the respective program modules of the control node in the form of a record, served in the form of a Web application, or otherwise pushed to the combat team or combat crew.
2. The team members of the combat squad receive the tasks and create task-specific manipulators. The combat team member receives assigned combat tasks, can receive tasks assigned to teams and individuals, creates virtual machines as combat operation machines at computing nodes in a network target range, executes all combat operations aiming at the current tasks on the operation machines, and executes the combat team member corresponding to at least one task combat operation machine and one actual task.
3. The team member host computer of the battle is connected with the operation machine management module to initiate an operation machine connection request. The team member host computer is connected with an operation machine management module of the network target range control node, the operation machine management module completes identity verification, authorization control and safety audit functions, and bears functions of the bastion machine, and practical application components such as JumpServer and Guacamole are used.
4. And the operation machine management module authenticates the identity and the authority of the team member of the combat squad and is connected with the operation machine. The operation machine management module authenticates the identity information of the team member of the combat squad, verifies the authority of the team member on the operation machine, and after the verification is passed, the operation machine is connected through a remote control protocol, wherein the remote control protocol comprises RDP, SSH, Telnet, VNC and the like, so that the team member host is connected with the operation machine through the network target range operation machine management module.
5. The team members of the combat team perform tasks through the operating machines. The operator management module stores all operation records of the team members, and SSH connection is recorded in a command list form, such as login operation, file modification operation, network request access operation, file uploading operation, tool execution operation and the like.
6. The flow monitoring module monitors the network flow condition of the operating machine. The flow monitoring module is composed of a service component and a client component, wherein the client component is installed on the computing node, the service component is installed on the control node, the client component analyzes an IP data packet of a virtual machine on the computing node through a virtual switch on the computing node, filters non-service flow according to protocol types, records the latest service inflow time and the latest service outflow time, and reports the latest service inflow record and the latest service outflow record to the service component. In an actual traffic acquiring tool such as tcpdump tool based on OpenVswitch, the non-service protocol may include ICMP protocol, ARP protocol, RARP protocol, DHCP protocol, DNS protocol, etc.
7. And the flow monitoring module sends a signal to the operation machine management module aiming at the non-service flow virtual machine. The flow monitoring module feeds back a virtual machine trigger signal aiming at no service inflow and no service outflow record in the duration, and sends the continuous zero service record signal to the operating machine management module, wherein the zero service record signal comprises an IP address and a signal type (zero service record signal) of the operating machine, and the duration in practical application can be adjusted according to the service condition, and is generally 30 minutes.
8. And the operating machine management module judges the non-service state of the operating machine triggering the continuous zero service record signal based on the operation record. And the operating machine management module receives a continuous zero service recording signal of the appointed operating machine, inquires whether the operating machine has a team member host instruction record in the duration according to the IP of the operating machine, and judges that no service exists in the duration of the operating machine if the operating machine does not have the team member host instruction record in the duration. When the team member only does file management, file modification, local tool calling and the like on the operating machine and does not relate to network operation, the situation that the operating machine has no service flow but is still in a use state occurs, so that secondary judgment is performed through the operation record to accurately judge the zero service operating machine.
9. And the operator management module freezes the zero-service operator. The operating machine management module generates a memory disk snapshot for the zero service operating machine and stores the memory disk snapshot in a snapshot storage module (generally in an NFS storage form), the connection between the team member host and the operating machine is disconnected (if the memory disk snapshot exists), network configuration information is reserved in the operating machine management module, the IP is uniformly distributed by the operating machine management module, the IP is effectively prevented from being occupied by other operating machines, and the virtual machine is released. The practical application snapshot generating tool such as virsh, snapshot generating instruction: virsh snapshot-create-as.
10. The operation of the team members of the combat team needs to be connected again. The operator management module authenticates the identity and the authority of the team members of the combat squadron, the snapshot stored by the snapshot storage module regenerates the operator and deletes snapshot data, and the operator restores the state during freezing and is connected with the operator. The actual application snapshot recovery tool has virsh and a snapshot recovery instruction: virsh snapshot-reverse.
11. And (4) completing the task by the team members of the combat team and releasing the operation machine. After the combat team member finishes the combat task, the operation machine used for the current task is released, namely the virtual machine resource is released.
Based on the same inventive concept, the embodiment of the invention also discloses an operation machine scheduling system for the network target range actual combat drilling scene, which comprises the following steps: the system comprises a control node and at least one computing node, wherein the control node and the computing node respectively comprise a memory, a processor and a computer program which is stored on the memory and can run on the processor; creating a virtual machine on a computing node as an operation machine for network shooting range battle;
the computer program on the control node when loaded into the processor implements the method of: receiving an operator connection request initiated by a team member host, authenticating the identity and the authority of the team member, connecting the operator after the authentication is passed, and storing the operation record of the combat team member; after receiving the information of the operating machines without service inflow and service outflow records, judging zero service operating machines based on the operation records, and if the corresponding operating machines do not have team member host instruction records within the duration set time, judging the operating machines as the zero service operating machines; freezing the zero service operation machine, generating a memory disk snapshot and storing the memory disk snapshot in a snapshot storage module, reserving network configuration information and releasing the operation machine; after receiving the connection of the team member host computer with the released operation machine, regenerating the operation machine by the stored snapshot, and connecting the operation machine after the state of the operation machine when being frozen is recovered;
the computer program on the compute node, when loaded into the processor, implements the method of: the network flow of the operating machine is monitored by analyzing an IP data packet of the virtual switch, non-service flow is filtered according to the protocol type of the IP data packet, the latest service inflow record and service outflow record are marked, and the information of the operating machine without service inflow and service outflow record in the continuous set time is sent to a computer program module on the control node.

Claims (6)

1. An operator scheduling system for a network shooting range actual combat drilling scene is characterized by comprising an operator management module, a flow monitoring module and a snapshot storage module; the operation machine management module is deployed on the network target range control node and used for receiving an operation machine connection request initiated by a team member host, connecting the operation machines deployed on the network target range computing node after passing identity and authority verification, and storing operation records of a combat team member; judging whether the operating machine is a zero service operating machine, freezing the zero service operating machine, generating a memory disk snapshot and storing the memory disk snapshot in the snapshot storage module, and reserving network configuration information and releasing the operating machine; after the team member host is connected with the released operation machine, the operation machine is regenerated by the stored snapshot, and the operation machine is connected after the state of the operation machine during freezing is recovered; the team member host computer is connected with the operating machine through the operating machine management module;
the flow monitoring module is used for analyzing an IP data packet of a virtual switch on a computing node where the operating machine is located, filtering non-service flow according to the protocol type of the IP data packet, marking a latest service inflow record and a latest service outflow record, and sending operating machine information without service inflow and service outflow records in a continuous set time to the operating machine management module; and the operation machine management module judges the zero-service operation machine based on the operation records after receiving the operation machine information without service inflow and service outflow records, and judges the zero-service operation machine if the corresponding operation machine does not have the team member host instruction record within the continuous set time.
2. The operator scheduler system according to claim 1, wherein the traffic monitoring module comprises a service component and a client component, the service component is deployed at the network target control node where the operator management module is located, and the client component is deployed at the network target computing node where the operator is located.
3. The operator dispatching system for network target range practice scenario of claim 1, wherein the protocol types of the non-traffic filtered by the traffic monitoring module comprise ICMP protocol, ARP protocol, RARP protocol, DHCP protocol and DNS protocol.
4. The operator scheduler system according to claim 1, wherein the snapshot storage module stores a memory disk snapshot of the zero-service operator in the shared file system, and the snapshot data is deleted after the stored snapshot is regenerated into the operator.
5. An operator scheduling method for a network shooting range actual combat drilling scene is characterized by comprising the following steps:
step 1: the operation machine management module deployed on the network target range control node receives an operation machine connection request initiated by a team member host, authenticates the identity and the authority of the team member, connects the operation machines deployed on the network target range computing node after the authentication is passed, and saves the operation records of the battle team member; the team member host computer is connected with the operating machine through the operating machine management module;
step 2: the flow monitoring module monitors the network flow of the operating machine by analyzing an IP data packet of a virtual switch on a computing node where the operating machine is located, filters non-service flow according to the protocol type of the IP data packet, marks a latest service inflow record and a latest service outflow record, and sends operating machine information without service inflow and service outflow records in a continuous set time to the operating machine management module;
and step 3: the operating machine management module judges zero service operating machines based on the operation records after receiving the operating machine information without service inflow and service outflow records, and judges the operating machines as the zero service operating machines if the corresponding operating machines do not have team member host instruction records within the duration set time;
and 4, step 4: the operating machine management module freezes the zero-service operating machine, generates a memory disk snapshot and stores the memory disk snapshot in the snapshot storage module, and reserves network configuration information and releases the operating machine;
and 5: and when the operator management module receives the released operator connected with the team member host, the stored snapshot regenerates the operator, and the operator is connected after the state of the operator when frozen is recovered.
6. An operator scheduling system for a network shooting range actual combat drilling scene, comprising: the system comprises a control node and at least one computing node, wherein the control node and the computing node respectively comprise a memory, a processor and a computer program which is stored on the memory and can run on the processor; creating a virtual machine on the computing node as an operation machine for network shooting range battle;
the computer program on the control node, when loaded into a processor, implements the method of:
receiving an operator connection request initiated by a team member host, authenticating the identity and the authority of the team member, connecting the operator deployed on the network target range computing node after the authentication is passed, and storing the operation record of the combat team member; wherein, the team member host computer establishes connection with the operation machine through the computer program on the control node;
after receiving the information of the operating machines without service inflow and service outflow records, judging zero service operating machines based on the operation records, and if the corresponding operating machines do not have team member host instruction records within the duration set time, judging the operating machines as the zero service operating machines;
freezing the zero service operation machine, generating a memory disk snapshot and storing the memory disk snapshot in a snapshot storage module, reserving network configuration information and releasing the operation machine;
after receiving the connection of the team member host computer with the released operation machine, regenerating the operation machine by the stored snapshot, and connecting the operation machine after the state of the operation machine when being frozen is recovered;
the computer program on the compute node, when loaded into a processor, implements the method of:
the network flow of the operating machine is monitored by analyzing an IP data packet of the virtual switch, non-service flow is filtered according to the protocol type of the IP data packet, the latest service inflow record and service outflow record are marked, and the information of the operating machine without service inflow and service outflow record in the continuous set time is sent to a computer program module arranged on a network target yard control node.
CN202010792959.9A 2020-08-10 2020-08-10 System and method for scheduling operating machine in network target range actual combat drilling scene Active CN111651242B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010792959.9A CN111651242B (en) 2020-08-10 2020-08-10 System and method for scheduling operating machine in network target range actual combat drilling scene

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010792959.9A CN111651242B (en) 2020-08-10 2020-08-10 System and method for scheduling operating machine in network target range actual combat drilling scene

Publications (2)

Publication Number Publication Date
CN111651242A CN111651242A (en) 2020-09-11
CN111651242B true CN111651242B (en) 2020-12-01

Family

ID=72350596

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010792959.9A Active CN111651242B (en) 2020-08-10 2020-08-10 System and method for scheduling operating machine in network target range actual combat drilling scene

Country Status (1)

Country Link
CN (1) CN111651242B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112187610B (en) * 2020-09-24 2021-11-16 北京赛宁网安科技有限公司 Network isolation system and method for network target range
CN113542025B (en) * 2021-07-14 2023-05-23 南京赛宁信息技术有限公司 Streaming dynamic fairness scene distribution method and device in network target range environment
CN113595772B (en) * 2021-07-16 2023-08-29 南京赛宁信息技术有限公司 Scene multiplexing method and device in multi-user shooting range environment
CN113792895A (en) * 2021-09-02 2021-12-14 成都仁达至信科技有限公司 Training guiding and guaranteeing system
CN117459401A (en) * 2023-09-15 2024-01-26 永信至诚科技集团股份有限公司 Method, device, equipment and storage medium for generating network target range environment snapshot

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104410617A (en) * 2014-11-21 2015-03-11 西安邮电大学 Information safety attack and defense system structure of cloud platform
CN110730161A (en) * 2019-09-09 2020-01-24 光通天下网络科技股份有限公司 Network target range implementation method, device, equipment, medium and system
CN110865873A (en) * 2019-11-20 2020-03-06 西安雷风电子科技有限公司 Dynamic shutdown and recovery method for virtual machine resources
CN111478820A (en) * 2020-06-24 2020-07-31 南京赛宁信息技术有限公司 Network equipment configuration system and method for large-scale network environment of network target range

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104410617A (en) * 2014-11-21 2015-03-11 西安邮电大学 Information safety attack and defense system structure of cloud platform
CN110730161A (en) * 2019-09-09 2020-01-24 光通天下网络科技股份有限公司 Network target range implementation method, device, equipment, medium and system
CN110865873A (en) * 2019-11-20 2020-03-06 西安雷风电子科技有限公司 Dynamic shutdown and recovery method for virtual machine resources
CN111478820A (en) * 2020-06-24 2020-07-31 南京赛宁信息技术有限公司 Network equipment configuration system and method for large-scale network environment of network target range

Also Published As

Publication number Publication date
CN111651242A (en) 2020-09-11

Similar Documents

Publication Publication Date Title
CN111651242B (en) System and method for scheduling operating machine in network target range actual combat drilling scene
US7770223B2 (en) Method and apparatus for security management via vicarious network devices
US9311160B2 (en) Elastic cloud networking
CN112040020B (en) Equipment machine sleep network hosting system and method for network target range actual combat drilling scene
CN109617865A (en) A kind of network security monitoring and defence method based on mobile edge calculations
CN107819633B (en) Method for rapidly discovering and processing network fault
CN106911648B (en) Environment isolation method and equipment
CN109787847B (en) Cloud firewall full life cycle automatic management method
CN105391586B (en) A kind of method and system of fault locating analysis
CN114422201B (en) Network target range large-scale user remote access method and system
CN111786983A (en) Construction method of virtualized attack and defense confrontation environment
CN115460106B (en) Virtual machine monitoring method and system for improving resource utilization rate in network target range
CN111526061A (en) Monitoring flow scheduling system and method for network target range actual combat drilling scene
CN116527353B (en) Network protection equipment validity verification system and method based on attack behavior simulation
CN110557318A (en) Method for realizing safe remote operation of IOT equipment
CN112040021B (en) System and method for operating machine dormant network hosting in network target range actual combat drilling scene
CN104506548A (en) Data packet redirecting device as well as safety protection method and system for virtual machine
CN114785593A (en) Controlled network space construction method
CN108366087B (en) ISCSI service realization method and device based on distributed file system
CN111711703B (en) Equipment library self-adaption system and method for network target range actual combat drilling scene
US11048539B2 (en) Transitioning virtual machines to an inactive state
Jeong et al. Proactive live migration for virtual network functions using machine learning
Riegler et al. A distributed MAPE-K framework for self-protective IoT devices
CN107040408B (en) Network power testing method based on SDN automation equipment
CN109274532A (en) Method, apparatus, system, collection control equipment and the readable storage medium storing program for executing of policy distribution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant