CN111698249B - Virtual security management and control equipment deployment method and component, communication method and system - Google Patents
Virtual security management and control equipment deployment method and component, communication method and system Download PDFInfo
- Publication number
- CN111698249B CN111698249B CN202010529877.5A CN202010529877A CN111698249B CN 111698249 B CN111698249 B CN 111698249B CN 202010529877 A CN202010529877 A CN 202010529877A CN 111698249 B CN111698249 B CN 111698249B
- Authority
- CN
- China
- Prior art keywords
- equipment
- virtual
- security management
- virtual security
- data center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The application discloses a virtual security management and control equipment deployment method, device, equipment and readable storage medium, and a communication method and system. The method disclosed by the application comprises the following steps: a VPC network is established in a hosting private cloud, and virtual security control equipment is deployed and arranged between the VPC network and an external network; and establishing communication connection between the VPC network and the private data center so that the private data center communicates with the external network through the virtual security management and control equipment. In the application, the security management and control device used by the private data center is a virtual device deployed based on the managed private cloud, so that debugging and configuration are facilitated, and high availability of the private data center is guaranteed. Moreover, the virtual equipment is low in deployment cost, can be expanded according to needs, and has good expandability and reusability.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for deploying virtual security management and control devices, and a communication method and system.
Background
In a private data center of a user, physical security management and control equipment (such as a protection wall and the like) is generally required to be deployed. The deployment of the safety control equipment comprises the following steps: and testing and configuring the equipment, and upgrading and replacing the equipment in the using process. The safety control equipment has higher cost, and cannot be sold for the second time after being deployed and used, so that the equipment upgrading and replacing in the using process can increase the deployment cost and can also bring influence to the normal operation of the service. Moreover, the deployment of new equipment needs to go through the processes of purchase, transportation, shelving, debugging and the like, and the whole period consumes a long time.
Therefore, how to rapidly deploy the security management and control device to the private data center and reduce the deployment cost is a problem to be solved by those skilled in the art.
Disclosure of Invention
In view of this, an object of the present application is to provide a method, an apparatus, a device and a readable storage medium for deploying a virtual security management and control device, and a communication method and system, so as to rapidly deploy the security management and control device for a private data center and reduce deployment cost. The specific scheme is as follows:
in a first aspect, the present application provides a method for deploying virtual security management and control devices, including:
a VPC network is established in a hosting private cloud, and virtual security control equipment is deployed and arranged between the VPC network and an external network;
and establishing communication connection between the VPC network and a private data center so that the private data center communicates with an external network through the virtual security management and control equipment.
Preferably, the deploying the virtual security management and control device includes:
creating the virtual security management and control equipment by using a user management end of the managed private cloud, and configuring the virtual security management and control equipment;
and establishing communication connection between the virtual safety control equipment and the VPC network, and establishing communication connection between the virtual safety control equipment and an external network.
Preferably, configuring the virtual security management and control device includes:
and configuring the CPU type, the memory size, the storage space, the throughput and the name of the virtual security management and control equipment.
Preferably, the establishing a communication connection between the VPC network and a private data center includes:
a subnet is established in the VPC network, and VLAN ID is configured for the subnet;
and connecting a target physical switch and a private physical switch through a physical link, wherein the target physical switch is arranged in the subnet, and the private physical switch is arranged in the private data center.
Preferably, the establishing a communication connection between the VPC network and a private data center includes:
a subnet is established in the VPC network, and VLAN ID is configured for the subnet;
and creating VPN equipment in the subnet, and connecting the VPN equipment with a router with a virtual private line function through a virtual link, wherein the router is arranged in the private data center.
Preferably, the virtual security management and control device includes any one or combination of a firewall, a virtual private network device, a load balancing device, an internet traffic auditing device, a bastion machine, a vulnerability scanning device, a log auditing device, a database auditing device, an encryption machine, and an authentication device.
Preferably, the method further comprises the following steps:
and if the virtual safety control equipment fails or needs to be upgraded, reconfiguring the virtual safety control equipment by using the user management end of the managed private cloud.
In a second aspect, the present application provides a virtual security management and control device deployment apparatus, including:
the virtual security management and control device comprises a creation module, a management module and a management module, wherein the creation module is used for creating a VPC network in a managed private cloud and deploying virtual security management and control equipment, and the virtual security management and control equipment is arranged between the VPC network and an external network;
and the connection module is used for establishing communication connection between the VPC network and a private data center so as to enable the private data center to communicate with an external network through the virtual security management and control equipment.
In a third aspect, the application provides a virtual security management and control equipment deploys equipment, includes:
a memory for storing a computer program;
and the processor is used for executing the computer program to realize the virtual security management and control equipment deployment method disclosed in the foregoing.
In a fourth aspect, the present application provides a readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the virtual security management apparatus deployment method disclosed in the foregoing.
In a fifth aspect, the present application provides a communication system, comprising: hosting a private cloud and a private datacenter, wherein:
the hosting private cloud is used for creating a VPC network and deploying virtual security control equipment, and the virtual security control equipment is arranged between the VPC network and an external network;
and the private data center is used for establishing communication connection with the VPC network so as to enable the private data center to communicate with an external network through the virtual security management and control equipment.
In a sixth aspect, the present application provides a communication method, including:
receiving an access request sent by an external network by using virtual security management and control equipment deployed in a managed private cloud;
and transmitting the access request to a private data center through a VPC network in the managed private cloud so that the private data center returns an access result.
According to the scheme, the application provides a deployment method of virtual security management and control equipment, which comprises the following steps: a VPC network is established in a hosting private cloud, and virtual security control equipment is deployed and arranged between the VPC network and an external network; and establishing communication connection between the VPC network and a private data center so that the private data center communicates with an external network through the virtual security management and control equipment.
As can be seen, the method deploys the virtual security management and control device by means of the hosted private cloud. The managed private cloud is a rentable network provided by a service provider, and a user can rent a part of the network to create the VPC network and deploy virtual security management and control equipment. Therefore, after the virtual security control device for connecting the outer network and the VPC network is deployed in the trusteeship private cloud, the communication connection between the VPC network and the private data center is established, so that the private data center can communicate with the outer network through the virtual security control device, and the private data center also has the security control device. In the application, the safety control equipment used by the private data center is virtual equipment deployed based on the managed private cloud, so that debugging and configuration are facilitated, the period of processes of equipment testing, purchasing, transporting, putting on shelf, debugging and the like is shortened, high availability of the private data center is guaranteed, and the deployment efficiency is high. Moreover, the virtual equipment is low in deployment cost, can be expanded according to needs, and has good expandability and reusability.
Correspondingly, the virtual security management and control device deployment apparatus, the device and the readable storage medium, and the communication method and system provided by the application also have the technical effects.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a deployment method of a virtual security management and control device disclosed in the present application;
FIG. 2 is a schematic diagram of a communication connection between a VPC network and a private data center according to the present disclosure;
FIG. 3 is a data flow diagram of FIG. 2;
FIG. 4 is a schematic diagram of another communication connection between a VPC network and a private data center disclosed in the present application;
FIG. 5 is a schematic view of the data flow of FIG. 4;
fig. 6 is a schematic diagram of a deployment apparatus of a virtual security management and control device disclosed in the present application;
fig. 7 is a schematic diagram of a virtual security management and control device deployment device disclosed in the present application;
fig. 8 is a schematic diagram of another virtual safety management and control device deployment apparatus disclosed in the present application;
fig. 9 is a schematic diagram of a conduit private cloud function disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, the method for deploying physical security management and control equipment for a private data center has the defects of long period, high cost and the like. Therefore, the application provides a deployment scheme of the virtual security management and control equipment, which can rapidly deploy the security management and control equipment for the private data center and reduce the deployment cost.
Before describing the present application in detail, the following terms referred to herein will be first introduced.
The private data center is a private platform used by a client independently, the private platform comprises a physical machine, a virtualization platform and a cloud computing platform, and the client needs to have complete control right on resources such as a physical server, a storage device, a security device, an operation and maintenance platform, other products and services and the like. The private data centers can be deployed in enterprise data centers or hosted data center rooms, and the core attribute of the private platform is exclusive all resources.
The hosting private cloud is a machine room, a bandwidth, a server, operation and maintenance, operation, products and services and the like provided by a cloud service provider, and tenants access the products and services provided by the cloud service provider through the internet. All hardware, software and other supporting basic implementation are owned and managed by a cloud service provider, under the scenario of hosting private cloud, physically isolated exclusive resources such as computation, storage and security are provided for tenants for constructing the hosting private cloud of the tenants, the provided resources are exclusively shared by the tenants, and hosting private cloud products include but are not limited to exclusive hosts, exclusive clouds (exclusive resource pools), exclusive computation, exclusive storage, exclusive distributed storage, exclusive object storage, exclusive file storage, bastion machines, database auditing, log auditing, firewalls, VPNs, load balancing, vulnerability scanning, auditing internet surfing and the like. The hosted private cloud may also provide shared resources for individual tenants, including but not limited to backup services, object storage services, file storage services, and the like. The cloud service provider is a provider capable of providing products, technologies, services and solutions for tenants, and includes a data center provider, a software provider, a system integrator, a group information department, an agent, and the like, and may be a super administrator, a service manager, and a tenant manager in a managed private cloud scenario.
The VPC network refers to a Virtual Private Cloud (Virtual Private Cloud) rented by a user in a managed Private Cloud, the VPC network is isolated resources drawn from the managed Private Cloud, a tenant can construct a Virtual data center of the VPC network on the isolated resources, and the VPC network can autonomously manage products and services, network resources, virtual machines and the like. The tenant can construct a virtual data center of the tenant in the VPC network through the management console, and products and services provided by a cloud service provider, such as a cloud host, a cloud hard disk, public network bandwidth, load balancing, a database, security products and the like, are used.
Referring to fig. 1, a method for deploying a virtual security management and control device provided in an embodiment of the present application is described below, where the embodiment of the present application discloses a method for deploying a virtual security management and control device, including:
s101, a VPC network is created in a hosting private cloud, and virtual security control equipment is deployed and arranged between the VPC network and an external network.
In a specific embodiment, deploying a virtual security management and control device includes: creating virtual security control equipment by using a user management end of a managed private cloud, and configuring the virtual security control equipment; and establishing communication connection between the virtual safety control equipment and the VPC network, and establishing communication connection between the virtual safety control equipment and the external network. The method for configuring the virtual security management and control device includes: and configuring the CPU type, the memory size, the storage space, the throughput and the name of the virtual security management and control equipment.
Specifically, assuming that the virtual security management and control device is a firewall, the virtual security management and control device is configured, including configuring a performance level, a CPU type, a memory size, a storage space, throughput, a name, and the like of the firewall.
S102, establishing communication connection between the VPC network and the private data center so that the private data center can communicate with an external network through the virtual security management and control equipment.
In one embodiment, establishing a communication connection between a VPC network and a private data center includes: establishing a subnet in a VPC network, and configuring a VLAN ID for the subnet; and connecting the target physical switch and the private physical switch through a physical link, wherein the target physical switch is arranged in the subnet, and the private physical switch is arranged in the private data center.
Specifically, referring to fig. 2, the switch a in the access subnet is a target physical switch, the switch a is connected to a service area subnet in the private data center, and the service area subnet is disposed under the private physical switch. Based on fig. 2, please refer to fig. 3 for the data flow trend between the private data center and the external network. If the external network user needs to access the service area of the private data center, the access data flow reaches the service area of the private data center through 1- >2- >3- >4- >5- >6, and the access data flow needs to pass through the safety protection device, so that the safety protection of the service area of the private data center is realized. Similarly, the switch a may also connect the office subnet or other subnets in the private data center, and also implement security protection for communications between other subnets and the external network. Of course, the private physical switch can also establish communication connection with other subnets (e.g., subnet a or subnet B in fig. 2) in the VPC network.
In one embodiment, establishing a communication connection between a VPC network and a private data center includes: establishing a subnet in a VPC network, and configuring a VLAN ID for the subnet; and creating VPN equipment in the subnet, and connecting the VPN equipment and a router with a virtual private line function through a virtual link, wherein the router is arranged in the private data center.
Specifically, referring to fig. 4, the VPN private line product in the access subnet is a VPN device, and the VPN private line product is connected to a router in the private data center, where the router needs to have a virtual private line function. Based on fig. 4, please refer to fig. 5 for the data flow trend between the private data center and the external network. If the extranet user needs to access the service area of the private data center, the access data stream reaches the service area of the private data center through 1- >2- >3- >4- >5- >6- >7- >8, and the access data stream needs to pass through the safety protection device, so that the safety protection of the service area of the private data center is realized. Similarly, the VPN private line product may also connect to other routers with a virtual private line function in the private data center, and also implement security protection for communications between networks under other routers and the external network. Of course, other routers with virtual private line function in the private data center can also establish communication connection with other subnets (such as subnet a or subnet B in fig. 4) in the VPC network.
The communication flows illustrated in fig. 3 and 5 are as follows: and receiving an access request sent by an external network by using virtual security management and control equipment in the managed private cloud, and transmitting the access request to the private data center through a VPC network in the managed private cloud, so that the private data center returns an access result in an original way. The communication connection mode of the VPC network and the private data center is physical connection or virtual connection.
In a specific embodiment, the virtual security management and control device includes any one or a combination of a firewall, a virtual private network device, a load balancing device, an internet traffic auditing device, a bastion machine, a bug scanning device, a log auditing device, a database auditing device, an encryption machine, and an authentication device.
In a specific embodiment, the method further comprises the following steps: and if the virtual safety control equipment fails or needs to be upgraded, reconfiguring the virtual safety control equipment by using the user management end of the managed private cloud.
Therefore, the virtual security management and control equipment is deployed by means of the managed private cloud. The managed private cloud is a rentable network provided by a service provider, and a user can rent a part of the network to create the VPC network and deploy virtual security management and control equipment. Therefore, after the virtual security control equipment for connecting the external network and the VPC network is deployed in the managed private cloud, the communication connection between the VPC network and the private data center is established, so that the private data center can communicate with the external network through the virtual security control equipment, and the private data center also has the security control equipment. In the application, the safety control equipment used by the private data center is virtual equipment deployed based on the managed private cloud, so that debugging and configuration are facilitated, the period of processes of equipment testing, purchasing, transporting, putting on shelf, debugging and the like is shortened, high availability of the private data center is guaranteed, and the deployment efficiency is high. Moreover, the virtual equipment is low in deployment cost, can be expanded according to needs, and has good expandability and reusability.
In the following, a virtual security management and control device deployment apparatus provided in an embodiment of the present application is introduced, and a virtual security management and control device deployment apparatus described below and a virtual security management and control device deployment method described above may refer to each other.
Referring to fig. 6, an embodiment of the present application discloses a virtual security management and control device deployment apparatus, including:
the creating module 601 is configured to create a VPC network in a hosted private cloud, and deploy a virtual security management and control device, where the virtual security management and control device is disposed between the VPC network and an external network;
a connection module 602, configured to establish a communication connection between the VPC network and the private data center, so that the private data center communicates with the external network through the virtual security management and control device.
In one embodiment, the creating module includes:
the configuration unit is used for creating virtual security control equipment by using a user management end of the managed private cloud and configuring the virtual security control equipment;
and the connection unit is used for establishing communication connection between the virtual security management and control equipment and the VPC network and establishing communication connection between the virtual security management and control equipment and the external network.
In a specific embodiment, the configuration unit is specifically configured to:
and configuring the CPU type, the memory size, the storage space, the throughput and the name of the virtual security management and control equipment.
In one embodiment, the connection module comprises:
a first subnet creating unit, configured to create a subnet in the VPC network, and configure a VLAN ID for the subnet;
and the first communication connection unit is used for connecting the target physical switch and the private physical switch through a physical link, the target physical switch is arranged in the subnet, and the private physical switch is arranged in the private data center.
In one embodiment, the connection module comprises:
a second subnet creating unit, configured to create a subnet in the VPC network, and configure a VLAN ID for the subnet;
and the second communication connection unit is used for creating the VPN equipment in the subnet and connecting the VPN equipment and a router with a virtual private line function through a virtual link, and the router is arranged in the private data center.
In a specific embodiment, the virtual security management and control device is any one or a combination of a firewall, a virtual private network device, a load balancing device, an internet traffic auditing device, a bastion machine, a bug scanning device, a log auditing device, a database auditing device, an encryption machine, and an authentication device.
In a specific embodiment, the method further comprises the following steps:
and the updating module is used for reconfiguring the virtual safety control equipment by using the user management end of the trusteeship private cloud if the virtual safety control equipment fails or needs to be upgraded.
For more specific working processes of each module and unit in this embodiment, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not described here again.
Therefore, the embodiment provides a virtual security management and control equipment deployment device, which shortens the period of the processes of equipment testing, purchasing, transporting, putting on shelf, debugging and the like, ensures high availability of a private data center, and has high deployment efficiency. Moreover, the virtual equipment is low in deployment cost, can be expanded according to needs, and has good expandability and reusability.
In the following, a virtual security management and control device deployment apparatus provided in an embodiment of the present application is introduced, and a virtual security management and control device deployment apparatus described below and a virtual security management and control device deployment method and apparatus described above may refer to each other.
Referring to fig. 7, an embodiment of the present application discloses a virtual security management and control device deployment device, including:
a memory 701 for storing a computer program;
a processor 702 for executing the computer program to implement the method disclosed in any of the embodiments above.
Referring to fig. 8, fig. 8 is a schematic diagram of another virtual security management apparatus deployment device provided in this embodiment, which may generate a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, and one or more storage media 330 (e.g., one or more mass storage devices) storing an application 342 or data 344. Memory 332 and storage media 330 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the storage medium 330, and execute a series of instruction operations in the storage medium 330 on the virtual security management apparatus deployment device 301.
The virtual security administration device deployment apparatus 301 may also include one or more power sources 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341. Such as Windows Server, mac OS XTM, unixTM, linuxTM, freeBSDTM, etc.
In fig. 8, the application 342 may be a program that executes a virtual secure management apparatus deployment method, and the data 344 may be data required for or generated by executing the virtual secure management apparatus deployment method.
The steps in the virtual security management apparatus deployment method described above may be implemented by a structure of a virtual security management apparatus deployment apparatus.
In the following, a readable storage medium provided in an embodiment of the present application is introduced, and a readable storage medium described below and the above-described method, apparatus, and device for deploying a virtual security management and control device may refer to each other.
A readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the virtual security management apparatus deployment method disclosed in the foregoing embodiments. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
In the following, a communication system provided by an embodiment of the present application is introduced, and a communication system described below and a method and an apparatus for deploying a virtual security management and control device described above may refer to each other.
Referring to fig. 3 or fig. 5, an embodiment of the present application discloses a communication system, including: hosting a private cloud and a private datacenter, wherein:
the hosting private cloud is used for creating a VPC network and deploying virtual security control equipment, and the virtual security control equipment is arranged between the VPC network and an external network;
and the private data center is used for establishing communication connection with the VPC network so as to enable the private data center to communicate with an external network through the virtual security management and control equipment.
The communication method applicable to the present embodiment includes: and receiving an access request sent by an external network by using virtual security management and control equipment in the managed private cloud, and transmitting the access request to the private data center through a VPC network in the managed private cloud, so that the private data center returns an access result in an original way. The communication connection mode of the VPC network and the private data center is physical connection or virtual connection.
In one embodiment, the specific function of hosting a private cloud is described in fig. 9. The hosting private cloud zone in fig. 9 may provide functions of physical isolation, autonomous management and control, exclusive performance, and data control for each tenant. The management area can manage and control computing and storage by using a cloud management platform (namely the user management end) when each tenant uses the managed private cloud, and the management area can allocate an exclusive dedicated cloud management platform for the tenant to realize access of the console and control of the managed private cloud. The public service area is public service provided by hosting a private cloud for each tenant, the public service is deployed in a cluster mode, the public service includes but is not limited to backup service, object storage service, file storage service, container service, database service, software authorization service, cloud security center service and the like, the tenant accesses the public service through a network, and the public service is controlled through a dedicated cloud management platform. The cloud service provider hosting the private cloud allocates an exclusive cloud management platform and a computing storage fusion resource pool for the tenant, so that the cloud management platform and the computing storage fusion resource pool are bound, and the tenant can manage resources, products and services through the cloud management platform.
The embodiment shortens the period of the processes of equipment testing, purchasing, transporting, putting on shelf, debugging and the like, ensures high availability of the private data center and has high deployment efficiency. Moreover, the virtual equipment is low in deployment cost, can be expanded according to needs, and has good expandability and reusability.
References in this application to "first," "second," "third," "fourth," etc., if any, are intended to distinguish between similar elements and not necessarily to describe a particular order or sequence. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, or apparatus.
It should be noted that the descriptions in this application referring to "first", "second", etc. are for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present application.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of readable storage medium known in the art.
The principle and the implementation of the present application are explained herein by applying specific examples, and the above description of the embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A virtual security management and control device deployment method is characterized by comprising the following steps:
a VPC network is established in a hosting private cloud, and virtual security control equipment is deployed and arranged between the VPC network and an external network;
establishing communication connection between the VPC network and a private data center so that the private data center can communicate with an external network through the virtual security management and control equipment;
wherein, the establishing the communication connection between the VPC network and the private data center comprises:
a subnet is established in the VPC network, and VLAN ID is configured for the subnet;
creating VPN equipment in the subnet, and connecting the VPN equipment with a router with a virtual private line function through a virtual link, wherein the router is arranged in the private data center;
the virtual security management and control equipment comprises any one or combination of a firewall, virtual special network equipment, load balancing equipment, internet flow auditing equipment, a bastion machine, vulnerability scanning equipment, log auditing equipment, database auditing equipment, an encryption machine and authentication equipment.
2. The virtual security management apparatus deployment method according to claim 1, wherein the deploying of the virtual security management apparatus includes:
creating the virtual security management and control equipment by using a user management end of the managed private cloud, and configuring the virtual security management and control equipment;
and establishing communication connection between the virtual safety control equipment and the VPC network, and establishing communication connection between the virtual safety control equipment and an external network.
3. The virtual security management and control device deployment method according to claim 1, wherein configuring the virtual security management and control device includes:
and configuring the CPU type, the memory size, the storage space, the throughput and the name of the virtual security management and control equipment.
4. The deployment method of the virtual security management and control device according to claim 2, wherein the establishing of the communication connection between the VPC network and the private data center includes:
creating a subnet in the VPC network, and configuring a VLAN ID for the subnet;
and connecting a target physical switch and a private physical switch through a physical link, wherein the target physical switch is arranged in the subnet, and the private physical switch is arranged in the private data center.
5. The virtual security management apparatus deployment method according to any one of claims 1 to 4, further comprising:
and if the virtual safety control equipment fails or needs to be upgraded, reconfiguring the virtual safety control equipment by using the user management end of the managed private cloud.
6. A virtual security management and control device deployment apparatus is characterized by comprising:
the virtual security management and control device comprises a creation module, a management module and a management module, wherein the creation module is used for creating a VPC network in a managed private cloud and deploying virtual security management and control equipment, and the virtual security management and control equipment is arranged between the VPC network and an external network;
the connection module is used for establishing communication connection between the VPC network and a private data center so as to enable the private data center to communicate with an external network through the virtual security management and control equipment;
the connection module is specifically used for creating a subnet in the VPC network and configuring a VLAN ID for the subnet; creating VPN equipment in the subnet, and connecting the VPN equipment with a router with a virtual private line function through a virtual link, wherein the router is arranged in the private data center;
the virtual security management and control equipment comprises any one or combination of a firewall, virtual special network equipment, load balancing equipment, internet flow auditing equipment, a bastion machine, vulnerability scanning equipment, log auditing equipment, database auditing equipment, an encryption machine and authentication equipment.
7. A virtual security management and control device deployment device is characterized by comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the virtual security management apparatus deployment method of any one of claims 1 to 5.
8. A readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the virtual security management apparatus deployment method of any one of claims 1 to 5.
9. A communication system, comprising: hosting a private cloud and a private datacenter, wherein:
the hosting private cloud is used for creating a VPC network and deploying virtual security control equipment, and the virtual security control equipment is arranged between the VPC network and an external network;
the private data center is used for establishing communication connection with the VPC network so as to enable the private data center to communicate with an external network through the virtual security management and control equipment;
the private data center is provided with a router with a virtual private line function, and the router is connected with the VPN equipment through a virtual link; the VPN device is arranged in a subnet which is configured with VLAN ID in the VPC network;
the virtual security management and control equipment comprises any one or combination of a firewall, virtual special network equipment, load balancing equipment, internet flow auditing equipment, a bastion machine, vulnerability scanning equipment, log auditing equipment, database auditing equipment, an encryption machine and authentication equipment.
10. A method of communication, comprising:
receiving an access request sent by an external network by using virtual security management and control equipment deployed in a managed private cloud;
transmitting the access request to a private data center through a VPC network in the managed private cloud so that the private data center returns an access result;
the private data center is provided with a router with a virtual private line function, and the router is connected with the VPN equipment through a virtual link; the VPN device is arranged in a subnet which is configured with VLAN ID in the VPC network;
the virtual security management and control equipment comprises any one or combination of a firewall, virtual special network equipment, load balancing equipment, internet flow auditing equipment, a bastion machine, vulnerability scanning equipment, log auditing equipment, database auditing equipment, an encryption machine and authentication equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010529877.5A CN111698249B (en) | 2020-06-11 | 2020-06-11 | Virtual security management and control equipment deployment method and component, communication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010529877.5A CN111698249B (en) | 2020-06-11 | 2020-06-11 | Virtual security management and control equipment deployment method and component, communication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111698249A CN111698249A (en) | 2020-09-22 |
| CN111698249B true CN111698249B (en) | 2023-04-07 |
Family
ID=72480386
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010529877.5A Active CN111698249B (en) | 2020-06-11 | 2020-06-11 | Virtual security management and control equipment deployment method and component, communication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111698249B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113839995A (en) * | 2021-09-06 | 2021-12-24 | 阿里巴巴(中国)有限公司 | Cross-domain resource management system, method, device and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019164907A1 (en) * | 2018-02-20 | 2019-08-29 | Huawei Technologies Co. Ltd. | Stitching enterprise virtual private networks (vpns) with cloud virtual private clouds (vpcs) |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8407323B2 (en) * | 2011-07-12 | 2013-03-26 | At&T Intellectual Property I, L.P. | Network connectivity wizard to support automated creation of customized configurations for virtual private cloud computing networks |
| US20130036213A1 (en) * | 2011-08-02 | 2013-02-07 | Masum Hasan | Virtual private clouds |
| US9584445B2 (en) * | 2013-05-07 | 2017-02-28 | Equinix, Inc. | Direct connect virtual private interface for a one to many connection with multiple virtual private clouds |
| CN107357660A (en) * | 2017-07-06 | 2017-11-17 | 华为技术有限公司 | The distribution method and device of a kind of virtual resource |
| CN110611588B (en) * | 2019-09-02 | 2022-04-29 | 深信服科技股份有限公司 | Network creation method, server, computer readable storage medium and system |
| CN110932900B (en) * | 2019-11-29 | 2022-07-08 | 杭州安恒信息技术股份有限公司 | Method and system for service docking of cloud management platform and cloud security management platform |
-
2020
- 2020-06-11 CN CN202010529877.5A patent/CN111698249B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019164907A1 (en) * | 2018-02-20 | 2019-08-29 | Huawei Technologies Co. Ltd. | Stitching enterprise virtual private networks (vpns) with cloud virtual private clouds (vpcs) |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111698249A (en) | 2020-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10491539B1 (en) | System and method for initializing and maintaining a series of virtual local area networks contained in a clustered computer system | |
| US10868771B2 (en) | Methods and systems for creating and managing network groups | |
| JP6771650B2 (en) | Methods, devices, and systems for virtual machines to access physical servers in cloud computing systems | |
| JP6643471B2 (en) | Multi-tenant multi-session catalog with machine-level isolation | |
| US10320674B2 (en) | Independent network interfaces for virtual network environments | |
| US11483405B2 (en) | Private cloud as a service | |
| US9450813B2 (en) | Automated host device virtual network configuration system | |
| EP2845346B1 (en) | System and method for secure provisioning of virtualized images in a network environment | |
| US8601158B2 (en) | Virtual gateway router | |
| US11907742B2 (en) | Software-defined network orchestration in a virtualized computer system | |
| US20140007232A1 (en) | Method and apparatus to detect and block unauthorized mac address by virtual machine aware network switches | |
| US10116622B2 (en) | Secure communication channel using a blade server | |
| US11329957B2 (en) | Centralized management of remote endpoint devices | |
| CN114338606B (en) | Public cloud network configuration method and related equipment | |
| US20230109231A1 (en) | Customizable network virtualization devices using multiple personalities | |
| CN111698249B (en) | Virtual security management and control equipment deployment method and component, communication method and system | |
| CN104539684B (en) | A kind of user's machine resources extracting integral method and system | |
| EP3533182A1 (en) | Autonomous configuration system for a service infrastructure | |
| US20230138867A1 (en) | Methods for application deployment across multiple computing domains and devices thereof | |
| JP2022537507A (en) | Desktop virtualization using dedicated cellular network connections for client devices | |
| US20200228571A1 (en) | Enforcing universal security policies across data centers | |
| JP2022516290A (en) | Tracking contaminated connection agents | |
| Aldribi et al. | Cloud slicing a new architecture for cloud security monitoring | |
| KR102637615B1 (en) | Management apparatus for edge platform, and control method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |