CN111711557A - Remote access system and method for network target range users - Google Patents
Remote access system and method for network target range users Download PDFInfo
- Publication number
- CN111711557A CN111711557A CN202010828373.3A CN202010828373A CN111711557A CN 111711557 A CN111711557 A CN 111711557A CN 202010828373 A CN202010828373 A CN 202010828373A CN 111711557 A CN111711557 A CN 111711557A
- Authority
- CN
- China
- Prior art keywords
- network
- vpn service
- vpn
- user
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Abstract
The invention discloses a remote access system and a method for network shooting range users, wherein the system comprises a VPN service container and a shooting range management module which are arranged at a network shooting range control node; each started network target site corresponds to a started VPN service container; each VPN service container is provided with a VPN service end and a network bridge for bridging a network card of the VPN service container and a network card of the VPN service end; the network cards of the VPN service containers of different network shooting ranges are connected to the corresponding network shooting range ports on the virtual network bridge. The shooting range management module is used for managing VPN service, VPN users, network shooting range scenes and topology. The VPN server is directly installed on the control node, VPN service can be simultaneously provided for a plurality of network target sites, resource recovery can be conveniently realized, and online information inquiry and access authority management and control can be carried out on access users.
Description
Technical Field
The invention relates to a remote access system and a remote access method for network target range users, and belongs to the technical field of networks.
Background
The network shooting range rapidly completes the construction of a simulation scene through technologies such as virtualization, cloud computing, SDN and network arrangement, and meets the requirements of network security research, talent culture, efficiency evaluation, equipment testing, security evaluation, emergency drilling and the like. In the application scenario of the network shooting range, sometimes it is required that the user can remotely access the shooting range environment and can communicate with a certain virtual instance or a certain virtual network therein. Currently common approaches include VPN, resilient IP, port mapping, etc.
The elastic IP realizes the conversion between the external IP and the internal IP through NAT conversion. By providing extranet IP mapping to virtual instances that need to be exposed, users can be given remote access to instances or networks in the shooting range. However, under the condition of short supply of IP resources of the public network, the scheme has certain limitation. The port mapping can only expose the designated port of the virtual instance, and cannot provide an attack surface well. So, VPN access is more commonly used, and a simple deployment structure commonly used at present is shown in fig. 1, and this method needs to manually configure the router, and when a target site is created again or network parameters change, the VPN service of the router needs to be reconfigured.
Disclosure of Invention
The purpose of the invention is as follows: in view of the problems in the prior art, an object of the present invention is to provide a remote access system and method for network shooting range users, which can flexibly and conveniently support each network shooting range to access remote users.
The technical scheme is as follows: in order to achieve the above purpose, the invention provides a network shooting range user remote access system, which comprises a VPN service container and a shooting range management module, wherein the VPN service container is arranged at a network shooting range control node; each started network target site corresponds to a started VPN service container; each VPN service container is provided with a VPN service end and a network bridge for bridging a network card of the VPN service container and a network card of the VPN service end; the network cards of the VPN service containers of different network shooting ranges are connected to corresponding network shooting range ports on the virtual network bridge; a user in a network target range remotely accesses a corresponding VPN server through a VPN client;
the shooting range management module is used for managing VPN service, VPN users, network shooting range scenes and topology, and comprises the following steps: the topology management unit is used for configuring VPN service related parameters including a starting IP and a terminating IP of the VPN service, a mask and an external network IP when the target range topology is drawn; the VPN user management unit is used for generating a VPN client configuration file and a key file of a user; the VPN service management unit is used for managing ports of the VPN service container, generating a configuration file of a VPN service end and controlling starting and stopping of the VPN service container and the VPN service end in the container; and the scene management unit is used for carrying out start-stop management on the network target range scene, calling the VPN service management unit to generate a configuration file and start the VPN service end in the starting process of the network target range, and calling the VPN user management unit to generate a VPN client configuration file and a key file of a user in the scene.
Further, different VLAN is set on different network target ground ports of the virtual bridge, so as to carry out network isolation.
Further, the VPN customer management unit includes:
the online user information inquiry subunit is used for inquiring the log file of the VPN service and analyzing to obtain an online user, an MAC address, an IP address and online time of the online user;
the access user management subunit is used for acquiring a network target range and a user name in the target range from the VPN user name, acquiring an MAC address accessed by a user from a log file of VPN service, and realizing the requirement of forbidding the network target range or allowing the appointed user to access by configuring an iptables rule; the VPN user name is generated according to the information including the network target range and the target range users according to the preset rule;
and the user configuration file generation subunit is used for generating a corresponding VPN client side configuration file and a corresponding key file according to the VPN user name.
Further, the VPN service management unit includes:
the port management subunit is used for managing available ports of the control node so as to distribute the available ports to different VPN service containers and carry out port mapping on the VPN service containers;
the configuration file management subunit is used for generating a configuration file of the VPN server, wherein the configuration file comprises an external network IP, a monitored port, a dhcp pool and a push route network address;
the VPN service management subunit is used for providing the starting, stopping and restarting functions of a VPN service container, the starting, stopping and restarting functions of a VPN service end and the network management function of the VPN service end in the container; the VPN service end network management comprises the steps of setting a VPN service end using a bridging mode, and carrying out network connection configuration on a network card of the VPN service end, a network card of a VPN service container and a virtual network bridge.
The invention discloses a remote access method for network target range users, which comprises the following steps:
(1) installing a VPN service end program in a VPN service container, wherein the VPN service container is deployed on a network target site control node; different network target sites correspond to different VPN service containers;
(2) when a network shooting range scene is started, acquiring relevant parameters of VPN service configured when a user draws a shooting range topology, wherein the relevant parameters comprise an initial IP (Internet protocol) and a termination IP (Internet protocol) of the VPN service, a mask and an external network IP;
(3) distributing a mapping port for the VPN service container, generating a configuration file of a VPN service end and starting the VPN service end;
(4) connecting the network card of the VPN service container to a virtual network bridge which is communicated with the network target field computing node on the control node, and connecting the network cards of the VPN service containers of different network target fields to corresponding network target field ports on the virtual network bridge; bridging the network card of the VPN service container with the network card of the VPN service end;
(5) and generating a VPN client configuration file and a key file of the target site user, and remotely accessing the corresponding VPN server by the user through the VPN client.
Furthermore, the remote access method for the network target range users also comprises the step of obtaining online users and MAC addresses, IP addresses and online time thereof by inquiring log files of VPN services and analyzing the log files.
Furthermore, the remote access method for the network target range users also comprises the steps of managing the access users, acquiring user names in the network target range and the target range from VPN user names, acquiring MAC addresses accessed by the users from log files of VPN services, and realizing the requirement that the network target range is forbidden or the appointed users are allowed to access by configuring iptables rules; and the VPN user name is generated according to the information comprising the network target range and the target range user according to the preset rule.
Further, the method for allocating mapping ports to the VPN service container by the network target site user remote access method comprises the following steps: selecting a port range to be put into a queue as an available port pool; when a mapping port needs to be allocated to the VPN service container, popping out one port from the queue, then judging whether the port is occupied, if so, popping out one port, if not, using the port and the VPN service container to carry out port mapping, and simultaneously, designating the port as the VPN service port when generating a configuration file of the VPN service terminal; and when the VPN service terminal is deleted, the used port is put into the queue again to recycle the port resource.
Has the advantages that: the VPN server is directly installed on the control node, so that the process of manually configuring the VPN server in the entity routing is omitted, and when the shooting range environment is changed, the configuration file of the VPN server can be flexibly modified. The invention can provide VPN service for a plurality of network target sites simultaneously, can carry out network isolation, can conveniently realize resource recovery, and can inquire the online information and control the access authority of an access user.
Drawings
Fig. 1 is a schematic diagram of a conventional remote user access network range.
Fig. 2 is a schematic diagram of a remote user accessing a network target range according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of functional units of the shooting range management module in the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be obtained by a person skilled in the art based on the embodiments of the present invention without any inventive step are within the scope of the present invention.
As shown in fig. 2, a network shooting range user remote access system disclosed in the embodiment of the present invention includes a VPN service container and a shooting range management module, which are disposed at a network shooting range control node; each started network target site corresponds to a started VPN service container; each VPN service container is provided with a VPN service end and a network bridge for bridging a network card of the VPN service container and a network card of the VPN service end; the network cards of the VPN service containers of different network shooting ranges are connected to corresponding network shooting range ports on the virtual network bridge; and the user of the network target range remotely accesses the corresponding VPN server through the VPN client.
In the embodiment of the invention, the VPN software uses openvpn and is installed in a Docker container, and the container is deployed on the control node. The control node is configured with a public network IP, and a remote user can access a VPN service end (VPN server) through a VPN client (VPN client). Push route in server. conf configuration file fills all networks of corresponding target range, thereby pushing to client, and making client access to these networks through VPN. In fig. 2, an eth1 network card of the VPN service container and a tap0 network card of the VPN server are bridged to the same linux bridge, and an eth1 network card is simultaneously connected to a ovs bridge br-int of the control node. ovs the bridge communicates with the compute node through a data network switch.
The eth0 network card of the VPN service container is connected to the docker0 bridge of the control node, and the container maps 1194 ports of the internal VPN server to a certain port of the control node through port mapping. ovs the way slot 1 and slot 2 can be mapped to a particular slot network with a corresponding VLAN for network isolation.
The shooting range management module is mainly responsible for managing VPN service, VPN users, network shooting range scenes and topology, and as shown in fig. 3, the shooting range management module includes a topology management unit, a VPN user management unit, a VPN service management unit, and a scene management unit.
And the topology management unit is mainly used for configuring related parameters of the VPN service when the target range topology is drawn, wherein the related parameters comprise an initial IP (Internet protocol) and a termination IP (Internet protocol) of the VPN service, a mask and an external network IP.
And the VPN user management unit comprises functions of online user information inquiry, user access management and user configuration file generation. The method comprises the following steps:
and the online user information inquiry subunit inquires a log file (openvpn-status.log) of the VPN service, and analyzes to obtain the online user and the MAC address, the IP address and the online time information of the online user.
And the access user management subunit is used for acquiring the network target range and the user name in the target range from the VPN user name, acquiring the MAC address accessed by the user from the log file of the VPN service, and realizing the requirement of forbidding the network target range or allowing the appointed user to access by configuring an iptables rule. When the user VPN configuration and the key file are generated, the VPN user name is generated according to the rule of scene ID + client + user ID, so that the user in which shooting range the user belongs and the user in the shooting range corresponding to the user can be known according to the VPN user name. If a user in a target range needs to be prohibited from accessing, the MAC address accessed by the user can be obtained by inquiring openvpn-status log and combining the relation between the VPN user name and the target range user name, and then the MAC address connection is prohibited by using an iptables rule; and when the user is allowed to access, inquiring an iptables rule to see whether a rule for prohibiting the user from accessing exists, if so, deleting the rule, and if not, performing any operation.
And the user configuration file generation subunit is mainly used for generating the VPN client configuration file and the key file corresponding to the user according to the VPN user name.
And the VPN service management unit is mainly used for managing ports of the VPN service container, generating a configuration file of the VPN service end and controlling starting and stopping of the VPN service container and the VPN service end in the container. The method comprises the following steps:
and the port management subunit is used for managing the available ports of the control node so as to distribute the available ports to different VPN service containers and perform port mapping on the VPN service containers. Since there may be multiple vpn servers in a cluster environment, there is a need to manage the available ports of the control nodes. The method comprises the following specific steps: 1) and selecting an unusual port range, and putting the unusual port range into a redis queue as an available port pool. 2) And after a port application request comes, popping out a port from the queue, then judging whether the port is occupied by other services, if so, popping out the port, if not, using the port and the vpnserver container to carry out port mapping, and simultaneously, designating the port as a vpn server port when generating a configuration file. 3) When the vpnserver is deleted, the port used by the vpnserver is put into the queue again, and the port resource is recycled.
The configuration file management subunit is used for generating a configuration file of the vpn server, and mainly comprises an external network IP, a monitored port, a dhcp pool, a push route network address and the like;
and the VPN service management subunit is used for providing the starting, stopping and restarting of a VPN service container, the starting, stopping and restarting functions of a VPN service end and the network management function of the VPN service end in the container. When the VPN service is started, it is necessary to receive the configuration file of the VPN server, which is transmitted from the scene management unit, and then start the server program.
And (3) managing the VPN server network in the container: the vpn server uses a bridge mode, a tap0 virtual network card of the vpn server is bridged to a linux bridge, an eth1 of the container is also bridged to the linux bridge, and an eth1 of the container is connected to a ovs bridge of the control node, so that data of the tap0 is forwarded to a ovs bridge of the control node. The relevant network configuration commands are as follows:
out-of-container commands:
ovs-docker add-port br-int eth1 docker _ name is used to add an eth1 network card to the container and is connected to ovs bridge br-int of the control node.
The in-container commands are as follows:
brctl addbr 0(linux bridge name)
brctl addif br0 tap0
bectl addif br0 eth1
And the scene management unit is mainly used for starting and stopping the network target range scene, and mainly calls other modules to generate a vpn server configuration file, start the vpn server, generate a user configuration file, a key file and the like in the starting process of the network target range.
It will be appreciated by those skilled in the art that the modules in the above embodiments may be adapted adaptively, and that different modules/units may be combined into one module/unit or divided into sub-modules/sub-units.
Based on the same inventive concept, the embodiment of the invention discloses a remote access method for network shooting range users, which comprises the following steps:
(1) installing a VPN service end program in a VPN service container, wherein the VPN service container is deployed on a network target site control node; different network target sites correspond to different VPN service containers;
(2) when a network shooting range scene is started, acquiring relevant parameters of VPN service configured when a user draws a shooting range topology, wherein the relevant parameters comprise an initial IP (Internet protocol) and a termination IP (Internet protocol) of the VPN service, a mask and an external network IP;
(3) distributing a mapping port for the VPN service container, generating a configuration file of a VPN service end and starting the VPN service end;
(4) connecting the network card of the VPN service container to a virtual network bridge which is communicated with the network target field computing node on the control node, and connecting the network cards of the VPN service containers of different network target fields to corresponding network target field ports on the virtual network bridge; bridging the network card of the VPN service container with the network card of the VPN service end;
(5) and generating a VPN client configuration file and a key file of the target site user, and remotely accessing the corresponding VPN server by the user through the VPN client.
After the user accesses, the online user, the MAC address, the IP address and the online time of the online user can be obtained through analyzing by inquiring the log file of the VPN service. The access users can also be managed, and certain users at certain shooting ranges are forbidden or allowed to access. The specific implementation details refer to the implementation of the functions of the modules, and are not described in detail.
Claims (8)
1. A network shooting range user remote access system is characterized by comprising a VPN service container and a shooting range management module, wherein the VPN service container is arranged at a network shooting range control node; each started network target site corresponds to a started VPN service container; each VPN service container is provided with a VPN service end and a network bridge for bridging a network card of the VPN service container and a network card of the VPN service end; the network cards of the VPN service containers of different network shooting ranges are connected to corresponding network shooting range ports on the virtual network bridge; a user in a network target range remotely accesses a corresponding VPN server through a VPN client;
the shooting range management module is used for managing VPN service, VPN users, network shooting range scenes and topology, and comprises the following steps: the topology management unit is used for configuring VPN service related parameters including a starting IP and a terminating IP of the VPN service, a mask and an external network IP when the target range topology is drawn; the VPN user management unit is used for generating a VPN client configuration file and a key file of a user; the VPN service management unit is used for managing ports of the VPN service container, generating a configuration file of a VPN service end and controlling starting and stopping of the VPN service container and the VPN service end in the container; and the scene management unit is used for carrying out start-stop management on the network target range scene, calling the VPN service management unit to generate a configuration file and start the VPN service end in the starting process of the network target range, and calling the VPN user management unit to generate a VPN client configuration file and a key file of a user in the scene.
2. The network range user remote access system of claim 1, wherein different VLAN are set on different network range ports on the virtual bridge for network isolation.
3. The network range user remote access system of claim 1, wherein said VPN user management unit comprises:
the online user information inquiry subunit is used for inquiring the log file of the VPN service and analyzing to obtain an online user, an MAC address, an IP address and online time of the online user;
the access user management subunit is used for acquiring a network target range and a user name in the target range from the VPN user name, acquiring an MAC address accessed by a user from a log file of VPN service, and realizing the requirement of forbidding the network target range or allowing the appointed user to access by configuring an iptables rule; the VPN user name is generated according to the information including the network target range and the target range users according to the preset rule;
and the user configuration file generation subunit is used for generating a corresponding VPN client side configuration file and a corresponding key file according to the VPN user name.
4. The network range user remote access system of claim 1, wherein said VPN service management unit comprises:
the port management subunit is used for managing available ports of the control node so as to distribute the available ports to different VPN service containers and carry out port mapping on the VPN service containers;
the configuration file management subunit is used for generating a configuration file of the VPN server, wherein the configuration file comprises an external network IP, a monitored port, a dhcp pool and a push route network address;
the VPN service management subunit is used for providing the starting, stopping and restarting functions of a VPN service container, the starting, stopping and restarting functions of a VPN service end and the network management function of the VPN service end in the container; the VPN service end network management comprises the steps of setting a VPN service end using a bridging mode, and carrying out network connection configuration on a network card of the VPN service end, a network card of a VPN service container and a virtual network bridge.
5. A remote access method for network target range users is characterized by comprising the following steps:
(1) installing a VPN service end program in a VPN service container, wherein the VPN service container is deployed on a network target site control node; different network target sites correspond to different VPN service containers;
(2) when a network shooting range scene is started, acquiring relevant parameters of VPN service configured when a user draws a shooting range topology, wherein the relevant parameters comprise an initial IP (Internet protocol) and a termination IP (Internet protocol) of the VPN service, a mask and an external network IP;
(3) distributing a mapping port for the VPN service container, generating a configuration file of a VPN service end and starting the VPN service end;
(4) connecting the network card of the VPN service container to a virtual network bridge which is communicated with the network target field computing node on the control node, and connecting the network cards of the VPN service containers of different network target fields to corresponding network target field ports on the virtual network bridge; bridging the network card of the VPN service container with the network card of the VPN service end;
(5) and generating a VPN client configuration file and a key file of the target site user, and remotely accessing the corresponding VPN server by the user through the VPN client.
6. The remote access method for network shooting range users according to claim 5, further comprising obtaining online users and their MAC addresses, IP addresses and online time by querying log files of VPN services and analyzing.
7. The network shooting range user remote access method according to claim 5, further comprising managing access users, acquiring user names in the network shooting range and the shooting range from VPN user names, acquiring MAC addresses accessed by the users from log files of VPN services, and realizing the requirement that the network shooting range forbids or allows the access of specified users by configuring iptables rules; and the VPN user name is generated according to the information comprising the network target range and the target range user according to the preset rule.
8. The network range user remote access method of claim 5, wherein the method for assigning a mapping port to a VPN service container comprises the steps of: selecting a port range to be put into a queue as an available port pool; when a mapping port needs to be allocated to the VPN service container, popping out one port from the queue, then judging whether the port is occupied, if so, popping out one port, if not, using the port and the VPN service container to carry out port mapping, and simultaneously, designating the port as the VPN service port when generating a configuration file of the VPN service terminal; and when the VPN service terminal is deleted, the used port is put into the queue again to recycle the port resource.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010828373.3A CN111711557B (en) | 2020-08-18 | 2020-08-18 | Remote access system and method for network target range users |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010828373.3A CN111711557B (en) | 2020-08-18 | 2020-08-18 | Remote access system and method for network target range users |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111711557A true CN111711557A (en) | 2020-09-25 |
| CN111711557B CN111711557B (en) | 2020-12-04 |
Family
ID=72547196
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010828373.3A Active CN111711557B (en) | 2020-08-18 | 2020-08-18 | Remote access system and method for network target range users |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111711557B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112202624A (en) * | 2020-12-07 | 2021-01-08 | 南京赛宁信息技术有限公司 | Real equipment fast access system and method for network target range scene arrangement |
| CN112367239A (en) * | 2021-01-11 | 2021-02-12 | 南京赛宁信息技术有限公司 | Network target range rapid interconnection system and method |
| CN113328922A (en) * | 2021-06-16 | 2021-08-31 | 杭州数跑科技有限公司 | Communication method and device across multiple local area networks |
| CN113973053A (en) * | 2021-10-21 | 2022-01-25 | 南京赛宁信息技术有限公司 | Probe management system and method for network target range |
| CN114040408A (en) * | 2021-11-02 | 2022-02-11 | 恒安嘉新(北京)科技股份公司 | Shooting range system based on 4G mobile network simulation environment |
| CN114039798A (en) * | 2021-11-30 | 2022-02-11 | 绿盟科技集团股份有限公司 | Data transmission method and device and electronic equipment |
| CN114422201A (en) * | 2021-12-28 | 2022-04-29 | 北京永信至诚科技股份有限公司 | Network target range large-scale user remote access method and system |
| CN114650290A (en) * | 2020-12-17 | 2022-06-21 | 中移(苏州)软件技术有限公司 | Network connection method, processing device, terminal and storage medium |
| CN115190042A (en) * | 2022-06-16 | 2022-10-14 | 南京赛宁信息技术有限公司 | Network target range target access state detection system and method |
| CN115277217A (en) * | 2022-07-29 | 2022-11-01 | 软极网络技术(北京)有限公司 | System for constructing heterogeneous network target range virtual network |
| CN115426324A (en) * | 2022-08-26 | 2022-12-02 | 绿盟科技集团股份有限公司 | Method and device for accessing entity equipment to network target range |
| CN115834529A (en) * | 2022-11-23 | 2023-03-21 | 浪潮智慧科技有限公司 | Remote monitoring method and system for edge equipment |
| CN117319094A (en) * | 2023-11-30 | 2023-12-29 | 西安辰航卓越科技有限公司 | SDN network attack and defense target range platform system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060031938A1 (en) * | 2002-10-22 | 2006-02-09 | Unho Choi | Integrated emergency response system in information infrastructure and operating method therefor |
| US20140047535A1 (en) * | 2012-08-09 | 2014-02-13 | Vincent E. Parla | Multiple application containerization in a single container |
| CN103701777A (en) * | 2013-12-11 | 2014-04-02 | 长春理工大学 | Remote network attack and defense virtual simulation system based on virtualization and cloud technology |
| CN104811335A (en) * | 2015-03-26 | 2015-07-29 | 华迪计算机集团有限公司 | Method for realizing network target range system and network target range management system |
| US20160219019A1 (en) * | 2015-01-28 | 2016-07-28 | defend7, Inc. | Communication tunneling in application container environments |
| CN108040070A (en) * | 2017-12-29 | 2018-05-15 | 北京奇虎科技有限公司 | A kind of network security test platform and method |
| CN108809797A (en) * | 2018-07-26 | 2018-11-13 | 哈尔滨工业大学(威海) | A kind of VPN control devices define VPN and realize system and method |
| CN110730161A (en) * | 2019-09-09 | 2020-01-24 | 光通天下网络科技股份有限公司 | Network target range implementation method, device, equipment, medium and system |
-
2020
- 2020-08-18 CN CN202010828373.3A patent/CN111711557B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060031938A1 (en) * | 2002-10-22 | 2006-02-09 | Unho Choi | Integrated emergency response system in information infrastructure and operating method therefor |
| US20140047535A1 (en) * | 2012-08-09 | 2014-02-13 | Vincent E. Parla | Multiple application containerization in a single container |
| CN103701777A (en) * | 2013-12-11 | 2014-04-02 | 长春理工大学 | Remote network attack and defense virtual simulation system based on virtualization and cloud technology |
| US20160219019A1 (en) * | 2015-01-28 | 2016-07-28 | defend7, Inc. | Communication tunneling in application container environments |
| CN104811335A (en) * | 2015-03-26 | 2015-07-29 | 华迪计算机集团有限公司 | Method for realizing network target range system and network target range management system |
| CN108040070A (en) * | 2017-12-29 | 2018-05-15 | 北京奇虎科技有限公司 | A kind of network security test platform and method |
| CN108809797A (en) * | 2018-07-26 | 2018-11-13 | 哈尔滨工业大学(威海) | A kind of VPN control devices define VPN and realize system and method |
| CN110730161A (en) * | 2019-09-09 | 2020-01-24 | 光通天下网络科技股份有限公司 | Network target range implementation method, device, equipment, medium and system |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112202624B (en) * | 2020-12-07 | 2021-03-12 | 南京赛宁信息技术有限公司 | Real equipment fast access system and method for network target range scene arrangement |
| CN112202624A (en) * | 2020-12-07 | 2021-01-08 | 南京赛宁信息技术有限公司 | Real equipment fast access system and method for network target range scene arrangement |
| CN114650290A (en) * | 2020-12-17 | 2022-06-21 | 中移(苏州)软件技术有限公司 | Network connection method, processing device, terminal and storage medium |
| CN112367239A (en) * | 2021-01-11 | 2021-02-12 | 南京赛宁信息技术有限公司 | Network target range rapid interconnection system and method |
| CN112367239B (en) * | 2021-01-11 | 2021-04-06 | 南京赛宁信息技术有限公司 | Network target range rapid interconnection system and method |
| CN113328922A (en) * | 2021-06-16 | 2021-08-31 | 杭州数跑科技有限公司 | Communication method and device across multiple local area networks |
| CN113973053B (en) * | 2021-10-21 | 2023-10-27 | 南京赛宁信息技术有限公司 | Probe management system and method for network target range |
| CN113973053A (en) * | 2021-10-21 | 2022-01-25 | 南京赛宁信息技术有限公司 | Probe management system and method for network target range |
| CN114040408A (en) * | 2021-11-02 | 2022-02-11 | 恒安嘉新(北京)科技股份公司 | Shooting range system based on 4G mobile network simulation environment |
| CN114039798A (en) * | 2021-11-30 | 2022-02-11 | 绿盟科技集团股份有限公司 | Data transmission method and device and electronic equipment |
| CN114039798B (en) * | 2021-11-30 | 2023-11-03 | 绿盟科技集团股份有限公司 | Data transmission method and device and electronic equipment |
| CN114422201A (en) * | 2021-12-28 | 2022-04-29 | 北京永信至诚科技股份有限公司 | Network target range large-scale user remote access method and system |
| CN115190042A (en) * | 2022-06-16 | 2022-10-14 | 南京赛宁信息技术有限公司 | Network target range target access state detection system and method |
| CN115190042B (en) * | 2022-06-16 | 2023-09-08 | 南京赛宁信息技术有限公司 | Network target range target access state detection system and method |
| CN115277217A (en) * | 2022-07-29 | 2022-11-01 | 软极网络技术(北京)有限公司 | System for constructing heterogeneous network target range virtual network |
| CN115277217B (en) * | 2022-07-29 | 2024-01-26 | 软极网络技术(北京)有限公司 | Construction system of foreign domain network target range virtual network |
| CN115426324A (en) * | 2022-08-26 | 2022-12-02 | 绿盟科技集团股份有限公司 | Method and device for accessing entity equipment to network target range |
| CN115834529A (en) * | 2022-11-23 | 2023-03-21 | 浪潮智慧科技有限公司 | Remote monitoring method and system for edge equipment |
| CN115834529B (en) * | 2022-11-23 | 2023-08-08 | 浪潮智慧科技有限公司 | Remote monitoring method and system for edge equipment |
| CN117319094A (en) * | 2023-11-30 | 2023-12-29 | 西安辰航卓越科技有限公司 | SDN network attack and defense target range platform system |
| CN117319094B (en) * | 2023-11-30 | 2024-03-15 | 西安辰航卓越科技有限公司 | SDN network attack and defense target range platform system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111711557B (en) | 2020-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111711557B (en) | Remote access system and method for network target range users | |
| CN109104318B (en) | Method for realizing cluster self-adaptive deployment | |
| US10469314B2 (en) | API gateway for network policy and configuration management with public cloud | |
| US20170257269A1 (en) | Network controller with integrated resource management capability | |
| US6286038B1 (en) | Method and apparatus for remotely configuring a network device | |
| CN110301104B (en) | Optical line terminal OLT equipment virtualization method and related equipment | |
| CN104348873A (en) | Virtual network element automatic loading method and system and virtual machine IP (Internet Protocol) address acquisition method and system | |
| EP1780941B1 (en) | Network configuration | |
| US8566459B2 (en) | Systems and methods for integrated console management interface | |
| CN112099913B (en) | Method for realizing virtual machine security isolation based on OpenStack | |
| CN104468574A (en) | Dynamic IP address acquisition method, system and device for virtual machines | |
| EP3905598A1 (en) | Message processing method and apparatus, control plane device, and computer storage medium | |
| CN106878480B (en) | DHCP service process sharing method and device | |
| CN112769965B (en) | IP address management and distribution method, device and system | |
| CN110336730B (en) | Network system and data transmission method | |
| CN104506403B (en) | A kind of virtual network management method for supporting multi-stage isolation | |
| CN108933702A (en) | A method of remote service is provided | |
| KR20060040335A (en) | Network managing device and method thereof | |
| CN113259219B (en) | VPN construction method based on OVN environment, readable storage medium and cloud platform | |
| CN107343058B (en) | IP address distribution system and working method thereof | |
| CN114745263A (en) | Autonomic configuration system for service infrastructure | |
| CN116566830A (en) | Network configuration method, device, system, edge equipment and storage medium | |
| EP3836487A1 (en) | Internet access behavior management system, device and method | |
| CN110247778A (en) | Installation method of operating system, device, electronic equipment and storage medium | |
| Xie et al. | ARPIM: IP address resource pooling and intelligent management system for broadband IP networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |