CN112187738A - Service data access control method, device and computer readable storage medium - Google Patents

Service data access control method, device and computer readable storage medium Download PDF

Info

Publication number
CN112187738A
CN112187738A CN202010952146.1A CN202010952146A CN112187738A CN 112187738 A CN112187738 A CN 112187738A CN 202010952146 A CN202010952146 A CN 202010952146A CN 112187738 A CN112187738 A CN 112187738A
Authority
CN
China
Prior art keywords
user identifier
service data
access
access request
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010952146.1A
Other languages
Chinese (zh)
Inventor
廉烨
唐旭东
李代立
吕伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN202010952146.1A priority Critical patent/CN112187738A/en
Publication of CN112187738A publication Critical patent/CN112187738A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/63Routing a service request depending on the request content or context

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application provides a service data access control method, a device and a computer readable storage medium, wherein the method comprises the following steps: inquiring a routing table according to the user identification carried by the access request, wherein the routing table records: the data center where the service data corresponding to each user identifier is located and the access times of each data center corresponding to the user identifier; and accessing the data center where the service data corresponding to the user identification is located, and updating the routing table to increase the access times of the data center accessing the access request corresponding to the user identification once. By the method, the frequency of cross-data center access is reduced.

Description

Service data access control method, device and computer readable storage medium
Technical Field
The application belongs to the field of data centers, and particularly relates to a service data access control method and device applied to a multi-data center and a computer readable storage medium.
Background
This section is intended to provide a background or context to the embodiments of the application that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
Generally, when a public service system providing public services for different systems is deployed in multiple locations and multiple activities, it is necessary to ensure that any access request can respond to each data center indifferently, and in order to save storage cost of each data center and deployment cost of data synchronization components, service data is split and stored according to a certain dimension, and each data center stores a partial data set, and finally a ring copy is formed. Since the public service system provides services for a plurality of access parties, it cannot be guaranteed that the data splitting rule can be consistent with the nearby access principle of all the access parties, so that frequent cross-center data access may be generated, the service response efficiency is reduced, and the user experience is affected.
Disclosure of Invention
The problems of the prior art described above are addressed. The embodiment of the application provides a service data access control method and device applied to a multi-data center and a computer readable storage medium. With this method and apparatus, the above-mentioned problems can be solved.
The examples of the present application provide the following: a service data access control method applied to multiple data centers comprises the following steps:
inquiring a routing table according to the user identification carried by the access request, wherein the routing table records: the data center where the service data corresponding to each user identifier is located and the access times of each data center corresponding to the user identifier;
and accessing the data center where the service data corresponding to the user identification is located, and updating the routing table to increase the access times of the data center accessing the access request corresponding to the user identification once.
In some possible embodiments, the method further comprises: in a data relocation period, judging whether the service data corresponding to the user identification needs to be relocated or not and judging a receiver of the service data corresponding to the user identification according to the access times of each data center corresponding to the user identification in the routing table;
and under the condition that the service data corresponding to the user identification needs to be moved, the service data corresponding to the user identification is moved, and the routing table is updated after the movement is completed.
In some possible embodiments, the determining, according to the number of times of access of each data center in the routing table corresponding to the user identifier, whether the service data corresponding to the user identifier needs to be moved and a receiver of the service data corresponding to the user identifier include:
and under the condition that the access times of the data center where the service data corresponding to the user identifier is located in the routing table are less than the access times of other data centers corresponding to the user identifier, taking the data center with the largest access time corresponding to the user identifier in the other data centers as a receiving party of the service data corresponding to the user identifier.
In some possible embodiments, the method further comprises: and clearing the access times of each data center corresponding to the user identification in the routing table under the condition that the service data corresponding to the user identification is moved.
In some possible embodiments, the routing table further records: the relocation state of the service data corresponding to the user identifier; the service data access control method further comprises the following steps:
and rejecting the access request under the condition that the service data corresponding to the user identification carried by the access request is in a relocation state.
In some possible embodiments, the method further comprises: and under the condition that the access request does not carry the user identification, inquiring a mapping table according to other user information carried by the access request to determine the user identification corresponding to the access request, wherein the mapping table records the mapping relation between the other user information and the user identification.
In some possible embodiments, the other user information includes: at least one of an identification number, a mobile phone number, a login name and a bank card number.
In some feasible embodiments, when the access request is a write operation, the access request does not carry a user identifier, and the mapping table does not contain other user information carried by the access request, the data center accessing the access request processes the access request, updates the routing table to increase the user identifier corresponding to the access request, and uses the data center accessing the access request as a data center where service data corresponding to the user identifier is located.
In some possible embodiments, before querying the routing table according to the user identifier corresponding to the access request, the method further includes: and under the condition that the user identification corresponding to the access request cannot be determined, shunting the access request according to a preset strategy.
In some possible embodiments, the routing table is disposed at a data access control layer disposed between the application layer and the data cluster.
The examples of the present application provide the following: a routing apparatus for use in multiple data centers, comprising: a query unit and an access unit;
the query unit is used for querying a routing table according to the user identifier carried by the access request, and the routing table records: the data center where the service data corresponding to each user identifier is located and the access times of each data center corresponding to the user identifier;
the access unit is used for accessing the data center where the service data corresponding to the user identifier is located, and updating the routing table to increase the access times of the data center accessing the access request corresponding to the user identifier once.
In some possible embodiments, the routing device further includes: a relocation unit, configured to, in a data relocation period, determine whether service data corresponding to the user identifier needs to be relocated and a receiver of the service data corresponding to the user identifier according to the number of accesses of each data center corresponding to the user identifier in the routing table; and under the condition that the service data corresponding to the user identification needs to be moved, the service data corresponding to the user identification is moved, and the routing table is updated after the movement is completed.
In some possible embodiments, the relocation unit is specifically configured to: the relocation unit is specifically configured to: and under the condition that the access times of the data center where the service data corresponding to the user identifier is located in the routing table are less than the access times of other data centers corresponding to the user identifier, taking the data center with the largest access time corresponding to the user identifier in the other data centers as a receiving party of the service data corresponding to the user identifier.
In some possible embodiments, the routing apparatus further includes a clearing unit, configured to clear access times of the data centers in the routing table corresponding to the user identifier when the service data corresponding to the user identifier is moved.
In some possible embodiments, the routing table further records: the routing table also records: the relocation state of the service data corresponding to the user identifier; the routing device further comprises a control unit, configured to reject the access request when service data corresponding to the user identifier carried in the access request is in a relocation state.
In some feasible embodiments, the system further includes a mapping unit, configured to, when the access request does not carry the user identifier, query a mapping table according to other user information carried by the access request to determine the user identifier corresponding to the access request, where the mapping table records a mapping relationship between the other user information and the user identifier.
In some possible embodiments, the other user information includes: at least one of an identification number, a mobile phone number, a login name and a bank card number.
In some feasible embodiments, the routing device further includes an adding unit, configured to, when the access request is a write operation, the access request does not carry a user identifier, and the mapping table does not contain other user information carried by the access request, process, by the data center accessing the access request, update the routing table to add the user identifier corresponding to the access request, and use the data center accessing the access request as a data center where service data corresponding to the user identifier is located.
In some possible embodiments, the other user information includes: at least one of an identification number, a mobile phone number, a login name and a bank card number.
In some possible embodiments, the method further includes setting a distribution layer, configured to distribute the access request according to a preset policy when the user identifier corresponding to the access request cannot be determined.
In some possible embodiments, each of the data centers includes an application layer and a data cluster, the routing device includes a data access control layer, the data access control layer is disposed between the application layer and the data cluster, and the data access control layers are in strong consistent synchronization with each other; the query unit and the access unit are arranged in the data access control layer.
The examples of the present application provide the following: a routing apparatus for use in multiple data centers, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform: the business data access control method is provided.
The examples of the present application provide the following: a computer-readable storage medium, characterized in that the computer-readable storage medium stores a program which, when executed by a processor, causes the processor to execute a service data access control method as described above.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects: the deployment strategy of each access party is not considered, the times of access requests of each data center are directly recorded by the routing table aiming at each user, the storage position of the service data can be dynamically adjusted based on the statistical information of the times of the access requests, the position of the service data is closer to the actual activity area of the user, and the frequency of cross-data center access is greatly reduced.
It should be understood that the above description is only an overview of the technical solutions of the present application, so as to enable the technical solutions of the present application to be more clearly understood, and thus can be implemented according to the content of the description. In order to make the aforementioned and other objects, features and advantages of the present application more comprehensible, embodiments of the present application are described below.
Drawings
The advantages and benefits described herein, as well as other advantages and benefits, will be apparent to those of ordinary skill in the art upon reading the following detailed description of the exemplary embodiments. The drawings are only for purposes of illustrating exemplary embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to refer to like elements throughout. In the drawings:
fig. 1 is a schematic flowchart of a service data access control method applied to multiple data centers according to an embodiment of the present application.
Fig. 2 is a schematic flowchart of querying service data in a service data access control method according to an embodiment of the present application.
Fig. 3 is a schematic flow chart illustrating writing of service data in a service data access control method according to an embodiment of the present application.
Fig. 4 is a schematic flow chart illustrating data relocation in a service data access control method according to an embodiment of the present application.
Fig. 5 is a schematic structural diagram of a routing device according to an embodiment of the present application.
FIG. 6 is an overall architecture diagram of a public service system according to an embodiment of the present application.
Fig. 7 is a schematic diagram of a data relocation process of the public service system shown in fig. 6.
FIG. 8 is an overall architecture diagram of a public service system according to an embodiment of the present application.
Fig. 9 is a schematic structural diagram of a routing device according to an embodiment of the present application.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In this application, it is to be understood that terms such as "including" or "having" are intended to indicate the presence of the disclosed features, numbers, steps, acts, components, parts, or combinations thereof, and are not intended to preclude the presence or addition of one or more other features, numbers, steps, acts, components, parts, or combinations thereof.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Multiple data centers are, for example, multiple remote multi-live public service systems. A displaced multi-live public service system is, for example, a cardholder unified user system, which may be oriented, for example, to
Figure BDA0002677350910000071
And a background server
Figure BDA0002677350910000072
The background server provides data services. I.e. a public service system may have a plurality of different access parties. The close access principles of different access parties are inconsistent. For example
Figure BDA0002677350910000073
Traffic is distributed in the dimension of end users (consumers),
Figure BDA0002677350910000074
the flow is distributed with the merchant as the dimension. Unified user system as cardholderIn other words, both the consumer and the merchant are "users" thereof. In the following scheme, "user" is used as a dimension of service data distribution.
Fig. 1 is a schematic flowchart of a service data access control method applied to multiple data centers according to an embodiment of the present application, the method is used for adaptively adjusting a storage location of service data, in the process, from a device perspective, an execution subject may be one or more electronic devices (e.g., a server); from the program perspective, the execution main body may accordingly be a program loaded on these electronic devices. The following multi-data centers are all explained by taking a multi-remote multi-active public service system as an example. The service data access control method provided by the embodiment of the application is also applicable to other types of multidata centers.
The flow in fig. 1 may include the following steps 101 to 102.
Step 101, inquiring a routing table according to a user identifier carried by an access request, wherein the routing table records: the data center where the service data corresponding to each user identifier is located and the access times of each data center corresponding to the user identifier;
and 102, accessing the data center where the service data corresponding to the user identifier is located, and updating the routing table to increase the access times of the data center accessing the access request corresponding to the user identifier once.
Wherein each user has a user identification uid. The service data belonging to the user is stored in one data center and has a backup in another data center. For example, referring to fig. 6, a user's business data is stored in data center a and has a backup in data center B. The method and the system do not limit how the public service system can realize different places and multiple activities, namely do not limit the backup strategy.
An example of a routing table is as follows.
Figure BDA0002677350910000075
Figure BDA0002677350910000081
The routing key is also the user identifier uid, and in order to ensure the access efficiency of the routing table, the table may be stored in the cache service redis in a hash structure. A mechanism is required to be established to ensure that the routing tables stored in the data centers are consistent.
The data center accessing an access request may not store the service data corresponding to the access request, and thus, cross-center data access may be generated.
By combining the above routing table, it can be seen that, within a period of time, the user corresponding to the user identifier c001 accesses the public service system through the data center a for multiple times, and the service data corresponding to the user identifier c001 is stored in the data center B.
The statistical information in the routing table can be used as a basis for determining whether the job data needs to be moved and to which data center.
Continuing with the previous example, it may be determined, for example, according to the routing table, that the service data corresponding to the user identifier c001 needs to be migrated to the data center a. Which is beneficial to reducing the cross-center access frequency.
Based on the service data access control method of fig. 1, some embodiments of the present application also provide some specific embodiments and extension schemes of the service data access control method, which are described below.
In some possible embodiments, the method further comprises:
103, in a data relocation period, judging whether service data corresponding to the user identifier needs to be relocated and a receiver of the service data corresponding to the user identifier according to the access times of each data center corresponding to the user identifier in the routing table;
and 104, under the condition that the service data corresponding to the user identification needs to be moved, moving the service data corresponding to the user identification, and updating the routing table after the movement is finished.
The former example is used, the service data corresponding to the user identifier c001 can be migrated to the data center a in the data migration period, and the center item where the user identifier c001 data is located in the routing table is updated after the migration.
The relocation period is typically a low peak of traffic data access (e.g., 3 am).
Obviously, when updating the routing table, at least the information of the data center where the service data corresponding to the user identifier is located needs to be updated.
For each user, the routing table records the times of accessing the access requests of each data center, and dynamically adjusts the storage position of the service data according to the statistical information of the times of the access requests, so that the position of the service data is closer to the actual activity area of the user, and the frequency of accessing across the data centers is greatly reduced.
In some possible embodiments, the determining, according to the number of times of access of each data center in the routing table corresponding to the user identifier, whether the service data corresponding to the user identifier needs to be moved and a receiver of the service data corresponding to the user identifier include:
and under the condition that the access times of the data center where the service data corresponding to the user identifier is located in the routing table are less than the access times of other data centers corresponding to the user identifier, taking the data center with the largest access time corresponding to the user identifier in the other data centers as a receiving party of the service data corresponding to the user identifier.
In other words, the access request of the user is more accessed in which data center, and the service data of the user is stored in which data center.
Of course, if there are two data centers accessing the user for an equal number of access requests within a period of time, it can be determined which data center the service data of the user is stored in the end according to other criteria.
As a feasible variation, when the number of access times of the data center in which the service data corresponding to the user identifier is located in the routing table is less than half (or other ratio less than 1) of the maximum number of access times of the other data centers corresponding to the user identifier, the data center with the largest number of access times corresponding to the user identifier in the other data centers may be used as the receiving side.
That is, the conditions for whether or not data is relocated can be set more strictly.
In some possible embodiments, the service data access control method further includes: and 105, clearing the access times of each data center corresponding to the user identifier in the routing table when the service data corresponding to the user identifier is moved.
That is, for each user's service data, whether it needs to be migrated depends on the statistical information of the access requests of the users accessed by the respective data centers from the last migration to the current time, without considering the previous situation.
Of course, whether the service data of each user needs to be migrated or not may be statistical information depending on the access request of each data center accessing the user within a previous "long" period of time. For example, the number of times that each data center accesses the access request of the user after each data relocation is not changed, or the number of times that each data center accesses the access request of the user after each data relocation is reduced by half, and the like.
In some possible embodiments, the routing table further records: the relocation state of the service data corresponding to the user identifier; the service data access control method further comprises the following steps:
and 106, rejecting the access request under the condition that the service data corresponding to the user identification carried by the access request is in a relocation state. Of course, the access request is allowed when the service data corresponding to the user identifier corresponding to the access request is not in the relocation state.
That is, the relocation state item in the routing table controls whether the service data of each user can be accessed. Therefore, the safety and reliability of the service data are ensured.
In some possible embodiments, the service data access control method further includes: and 107, under the condition that the access request does not carry the user identifier, querying a mapping table according to other user information carried by the access request to determine the user identifier corresponding to the access request, wherein the mapping table records the mapping relationship between the other user information and the user identifier.
In other words, the one-time access request received by the public service system does not necessarily carry the user identifier, and may also carry other information capable of identifying the user identity. The access request of a user may be associated with the corresponding user identification by maintaining this mapping table.
For example, the other user information includes: at least one of an identification number, a mobile phone number, a login name and a bank card number.
In some possible embodiments, the method further includes step 108, when the access request is a write operation, the access request does not carry a user identifier, and the mapping table does not have other user information carried by the access request, processing, by the data center accessing the access request, updating the routing table to increase the user identifier corresponding to the access request, and using the data center accessing the access request as a data center where service data corresponding to the user identifier is located.
For example, the user is at
Figure BDA0002677350910000111
When a new user is registered, the public service system does not know the mobile phone number submitted by the new user and cannot be associated with the existing user identification, and then which data center accesses the registration request, the data center processes the registration request and stores the service data of the user.
The detailed flow of querying the service data through the user identification can refer to fig. 2. The detailed procedure of writing service data through the subscriber identity can refer to fig. 3. The detailed process of the service data relocation can refer to fig. 4.
In some possible embodiments, the routing table is disposed at a data access control layer disposed between the application layer and the data cluster.
A typical data center includes an application layer and a data cluster. A data access control layer may be provided between the application layer and the data cluster, and the routing table is provided at the data access control layer. Of course, it is also feasible that the routing table is arranged at the application layer (i.e. the modification is made to the application layer).
Based on the same technical concept, the embodiment of the present application further provides a routing device applied to multiple data centers, configured to execute the service data access control method provided in any of the above embodiments. Fig. 5 is a schematic structural diagram of a routing device applied to multiple data centers according to an embodiment of the present application. Referring to fig. 6-8, the routing device may be integrated in various data centers.
The APP in FIGS. 6 and 8 is, for example, one
Figure BDA0002677350910000112
The terminal device of (1), correspondingly, the access party background is
Figure BDA0002677350910000113
The background server of (1).
Figure BDA0002677350910000114
The background server accesses a certain data center of the cardholder unified user system so as to write or read corresponding service data.
Specifically, the method comprises the following steps: the routing device comprises: a query unit 11 and an access unit 16; the query unit 11 is configured to query a routing table according to a user identifier carried in an access request, where the routing table records: the data center where the service data corresponding to each user identifier is located and the access times of each data center corresponding to the user identifier; the access unit 16 is configured to access the data center where the service data corresponding to the user identifier is located, and update the routing table to increase the number of times of accessing the data center accessing the access request corresponding to the user identifier by one time.
The information recorded in the routing table can be used as the basis for service data migration. The user is used as a uniform basis for data migration, and the cross-center access amount is favorably reduced.
In some possible embodiments, the routing device further includes: a relocation unit 12, configured to, in a data relocation period, determine whether service data corresponding to the user identifier needs to be relocated and a receiver of the service data corresponding to the user identifier according to the access times, corresponding to the user identifier, of each data center in the routing table; and under the condition that the service data corresponding to the user identification needs to be moved, the service data corresponding to the user identification is moved, and the routing table is updated after the movement is completed.
In some possible embodiments, the relocation unit 12 is specifically configured to: and under the condition that the access times of the data center where the service data corresponding to the user identifier is located in the routing table are less than the access times of other data centers corresponding to the user identifier, taking the data center with the largest access time corresponding to the user identifier in the other data centers as a receiving party of the service data corresponding to the user identifier.
In some possible embodiments, the routing apparatus further includes a clearing unit 13, configured to clear, when the service data corresponding to the user identifier is migrated, the number of accesses of each data center corresponding to the user identifier in the routing table.
In some possible embodiments, the routing table further records: the relocation state of the service data corresponding to the user identifier; the routing device further includes a control unit 14, which rejects the access request when the service data corresponding to the user identifier carried in the access request is in a relocation state.
In some feasible embodiments, the routing apparatus further includes a mapping unit 2, configured to, when the access request does not carry the user identifier, query a mapping table according to other user information carried by the access request to determine the user identifier corresponding to the access request, where the mapping table records a mapping relationship between the other user information and the user identifier.
In some possible embodiments, the other user information includes: at least one of an identification number, a mobile phone number, a login name and a bank card number.
In some possible embodiments, the routing apparatus further includes an adding unit 15, configured to, when the access request is a write operation, the access request does not carry a user identifier, and the mapping table does not include other user information carried by the access request, process, by the data center accessing the access request, update the routing table to add the user identifier corresponding to the access request, and use the data center accessing the access request as a data center where service data corresponding to the user identifier is located.
In some possible embodiments, the routing apparatus further includes a distribution layer 3, configured to distribute the access request according to a preset policy when the user identifier corresponding to the access request cannot be determined.
Referring to fig. 6, a plurality of applications are provided in the application layer, each of which is a piece of program code and implements a certain function. One application, for example, is to provide a registration service. FIG. 6 shows a business system in which the APP is accessing the public service system, such as
Figure BDA0002677350910000131
And a background server
Figure BDA0002677350910000132
The background server of (1). The mapping table may be stored in the application layer, may also be stored in the data access control layer 1, and may also be stored in the distribution layer 3.
A complete data access (query for example) flow may be as follows.
S0, access to a service system of the public service system (for example, is
Figure BDA0002677350910000133
Background server) to dataAnd the center A machine room sends an access request.
S1, the access request arrives at the application layer.
And S2, determining the user identifier corresponding to the access request through the mapping table.
And S3, returning the searched user identification to the application layer.
S4, the access request reaches the data access control layer.
S5, the data access control layer queries the routing table to determine the data center in which the service data corresponding to the access request is stored.
And S6, returning the result of the routing table query to the data access control layer, and storing the service data corresponding to the access request in the data cluster of the data center A room.
And S7, accessing the data cluster of the data center A machine room.
Referring to fig. 7, when the service data identified by the user identifier c001 is in the process of relocation, the corresponding relocation state in the routing table is "relocation in progress". Then the access request for the service data of user identity c001 will be denied.
In some possible embodiments, referring to fig. 5 in combination with fig. 8, the routing device further includes a distribution layer 3, configured to distribute the access request according to a preset policy if the user identifier corresponding to the access request cannot be determined.
Such as
Figure BDA0002677350910000141
The background server calls an application (for example, a registration interface) of the data center a, the access request only contains a mobile phone number and a password, and the Router layer does not know which data center the request should be sent to, so that the access request can be determined to which data center according to the own routing policy of the distribution layer 3 (for example, 1% of traffic is sent to the data center a, and 99% of traffic is sent to the data center B).
Referring to fig. 5 and 6, each data center in the multiple data centers includes an application layer and a data cluster, the routing apparatus includes a data access control layer 1, the data access control layer 1 is disposed between the application layer and the data cluster, and each data access control layer 1 is in strong consistent synchronization with each other; the query unit 11 and the access unit 16 are integrated within the data access control layer.
Although the query unit 11 and the access unit 16 may also be integrated in the application layer, on one hand, the structure of the application layer is relatively fixed, and the computation amount of the query unit 11 and the access unit 16 is relatively large, and it is more suitable to be arranged in separate layers.
Further, the transfer unit 12, the clear unit 13, the control unit 14, and the addition unit 15 are also preferably provided in the data access control layer 1.
With reference to fig. 6, the mapping unit 2 may be integrated in the application layer or the data access control layer.
Since the distribution layer 3 processes access requests for which the user identity cannot be determined, it is preferably arranged above the application layer.
It should be noted that the routing device in this embodiment of the present application may implement each process of the foregoing embodiment of the service data access control method, and achieve the same effect and function, which is not described herein again.
Fig. 9 is a routing apparatus applied to multiple data centers for executing the service data access control method shown in fig. 1 according to an embodiment of the present application, where the routing apparatus includes: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform: the service data access control method is described in the foregoing.
According to some embodiments of the present application, there is provided a non-volatile computer storage medium implementing the above-described service data access control method, having stored thereon computer-executable instructions configured to, when executed by a processor, perform: the service data access control method is described above.
The embodiments in the present application are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the description of the apparatus and computer-readable storage medium embodiments is simplified because they are substantially similar to the method embodiments, and reference may be made to some descriptions of the method embodiments for their relevance.
The apparatus and the computer-readable storage medium provided in the embodiment of the present application correspond to the method one to one, and therefore, the apparatus and the computer-readable storage medium also have similar advantageous technical effects to the corresponding method.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. Further, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
While the spirit and principles of the application have been described with reference to several particular embodiments, it is to be understood that the application is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in such aspects may not be combined to benefit from the description. The application is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (22)

1. A service data access control method applied to multiple data centers is characterized by comprising the following steps:
inquiring a routing table according to the user identification carried by the access request, wherein the routing table records: the data center where the service data corresponding to each user identifier is located and the access times of each data center corresponding to the user identifier;
and accessing the data center where the service data corresponding to the user identification is located, and updating the routing table to increase the access times of the data center accessing the access request corresponding to the user identification once.
2. The service data access control method according to claim 1, further comprising:
in a data relocation period, judging whether the service data corresponding to the user identification needs to be relocated or not and judging a receiver of the service data corresponding to the user identification according to the access times of each data center corresponding to the user identification in the routing table;
and under the condition that the service data corresponding to the user identification needs to be moved, the service data corresponding to the user identification is moved, and the routing table is updated after the movement is completed.
3. The method according to claim 2, wherein the determining whether the service data corresponding to the user identifier needs to be migrated and the receiving party of the service data corresponding to the user identifier according to the access times of the data centers corresponding to the user identifier in the routing table includes:
and under the condition that the access times of the data center where the service data corresponding to the user identifier is located in the routing table are less than the access times of other data centers corresponding to the user identifier, taking the data center with the largest access time corresponding to the user identifier in the other data centers as a receiving party of the service data corresponding to the user identifier.
4. The service data access control method according to claim 2, further comprising:
and clearing the access times of each data center corresponding to the user identification in the routing table under the condition that the service data corresponding to the user identification is moved.
5. The service data access control method according to claim 2, wherein the routing table further records: the relocation state of the service data corresponding to the user identifier; the service data access control method further comprises the following steps:
and rejecting the access request under the condition that the service data corresponding to the user identification carried by the access request is in a relocation state.
6. The service data access control method according to claim 1, further comprising: and under the condition that the access request does not carry the user identification, inquiring a mapping table according to other user information carried by the access request to determine the user identification corresponding to the access request, wherein the mapping table records the mapping relation between the other user information and the user identification.
7. The service data access control method according to claim 6, wherein the other user information includes: at least one of an identification number, a mobile phone number, a login name and a bank card number.
8. The method according to claim 6, wherein when the access request is a write operation, the access request does not carry a user identifier, and the mapping table does not contain other user information carried by the access request, the data center accessing the access request processes the access request, updates the routing table to add the user identifier corresponding to the access request, and uses the data center accessing the access request as a data center where the service data corresponding to the user identifier is located.
9. The method for controlling service data access according to claim 1, wherein before querying the routing table according to the user identifier corresponding to the access request, the method further comprises: and under the condition that the user identification corresponding to the access request cannot be determined, shunting the access request according to a preset strategy.
10. The service data access control method according to claim 1, wherein the routing table is disposed at a data access control layer, and the data access control layer is disposed between an application layer and a data cluster.
11. A routing apparatus for use in multiple data centers, comprising: a query unit and an access unit;
the query unit is used for querying a routing table according to the user identifier carried by the access request, and the routing table records: the data center where the service data corresponding to each user identifier is located and the access times of each data center corresponding to the user identifier;
the access unit is used for accessing the data center where the service data corresponding to the user identifier is located, and updating the routing table to increase the access times of the data center accessing the access request corresponding to the user identifier once.
12. The routing device of claim 11, further comprising: a relocation unit, configured to, in a data relocation period, determine whether service data corresponding to the user identifier needs to be relocated and a receiver of the service data corresponding to the user identifier according to the number of accesses of each data center corresponding to the user identifier in the routing table; and under the condition that the service data corresponding to the user identification needs to be moved, the service data corresponding to the user identification is moved, and the routing table is updated after the movement is completed.
13. The routing device according to claim 12, wherein the relocation unit is specifically configured to: and under the condition that the access times of the data center where the service data corresponding to the user identifier is located in the routing table are less than the access times of other data centers corresponding to the user identifier, taking the data center with the largest access time corresponding to the user identifier in the other data centers as a receiving party of the service data corresponding to the user identifier.
14. The routing device according to claim 12, further comprising a clearing unit, configured to clear access times of the data centers in the routing table corresponding to the user identifier when service data corresponding to the user identifier is relocated.
15. The routing device of claim 12, wherein the routing table further records: the relocation state of the service data corresponding to the user identifier; the routing device further comprises a control unit, configured to reject the access request when service data corresponding to the user identifier carried in the access request is in a relocation state.
16. The routing device according to claim 12, further comprising a mapping unit, configured to, when the access request does not carry the user identifier, query a mapping table according to other user information carried in the access request to determine the user identifier corresponding to the access request, where the mapping table records a mapping relationship between the other user information and the user identifier.
17. The routing device of claim 16, wherein the other user information comprises: at least one of an identification number, a mobile phone number, a login name and a bank card number.
18. The routing apparatus according to claim 16, further comprising an adding unit, configured to, when the access request is a write operation, the access request does not carry a user identifier, and no other user information carried by the access request exists in the mapping table, process, by the data center accessing the access request, update the routing table to add the user identifier corresponding to the access request, and use the data center accessing the access request as a data center where service data corresponding to the user identifier is located.
19. The routing device according to claim 11, further comprising a distribution layer, configured to distribute the access request according to a preset policy if the user identifier corresponding to the access request cannot be determined.
20. The routing device according to claim 11, wherein each of the data centers includes an application layer and a data cluster, the routing device includes a data access control layer disposed between the application layer and the data cluster, and each of the data access control layers are in strong consistent synchronization with each other; the query unit and the access unit are arranged in the data access control layer.
21. A routing apparatus for use in multiple data centers, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform: a method for controlling access to service data according to any of claims 1 to 10.
22. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a program which, when executed by a processor, causes the processor to execute the service data access control method according to any one of claims 1 to 10.
CN202010952146.1A 2020-09-11 2020-09-11 Service data access control method, device and computer readable storage medium Pending CN112187738A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010952146.1A CN112187738A (en) 2020-09-11 2020-09-11 Service data access control method, device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010952146.1A CN112187738A (en) 2020-09-11 2020-09-11 Service data access control method, device and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN112187738A true CN112187738A (en) 2021-01-05

Family

ID=73920540

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010952146.1A Pending CN112187738A (en) 2020-09-11 2020-09-11 Service data access control method, device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN112187738A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553508A (en) * 2022-02-12 2022-05-27 中国银联股份有限公司 Data access method and device
CN115396364A (en) * 2022-08-24 2022-11-25 中国银行股份有限公司 Route forwarding method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150263A (en) * 2012-12-13 2013-06-12 深圳先进技术研究院 Hierarchical storage method
CN103701916A (en) * 2013-12-31 2014-04-02 赛凡信息科技(厦门)有限公司 Dynamic load balancing method of distributed storage system
CN110177007A (en) * 2019-04-16 2019-08-27 平安科技(深圳)有限公司 Realize gateway strange land method, apparatus, computer equipment and storage medium mostly living
US20200326876A1 (en) * 2017-12-28 2020-10-15 Huawei Technologies Co., Ltd. Object Migration Method, Device, and System
CN113010549A (en) * 2021-01-29 2021-06-22 腾讯科技(深圳)有限公司 Data processing method based on remote multi-active system, related equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150263A (en) * 2012-12-13 2013-06-12 深圳先进技术研究院 Hierarchical storage method
CN103701916A (en) * 2013-12-31 2014-04-02 赛凡信息科技(厦门)有限公司 Dynamic load balancing method of distributed storage system
US20200326876A1 (en) * 2017-12-28 2020-10-15 Huawei Technologies Co., Ltd. Object Migration Method, Device, and System
CN110177007A (en) * 2019-04-16 2019-08-27 平安科技(深圳)有限公司 Realize gateway strange land method, apparatus, computer equipment and storage medium mostly living
CN113010549A (en) * 2021-01-29 2021-06-22 腾讯科技(深圳)有限公司 Data processing method based on remote multi-active system, related equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553508A (en) * 2022-02-12 2022-05-27 中国银联股份有限公司 Data access method and device
CN114553508B (en) * 2022-02-12 2023-06-30 中国银联股份有限公司 Data access method and device
CN115396364A (en) * 2022-08-24 2022-11-25 中国银行股份有限公司 Route forwarding method and device

Similar Documents

Publication Publication Date Title
US20150180872A1 (en) System and method for hierarchical resource permissions and role management in a multitenant environment
US11200226B2 (en) Data read and write method and apparatus, and electronic device
EP4202694A1 (en) Node memory-based data processing method and apparatus, device, and medium
US20140337484A1 (en) Server side data cache system
CN107018174B (en) Unitized system service processing method and device and business processing system
US20210149882A1 (en) Field update method and apparatus, and electronic device
US20080059479A1 (en) Method and apparatus for invoking a plug-in on a server
CN107391758A (en) Database switching method, device and equipment
EP3376403A1 (en) Method of accessing distributed database and device providing distributed data service
US20160179840A1 (en) Cloud bursting a database
CN112187738A (en) Service data access control method, device and computer readable storage medium
US10817203B1 (en) Client-configurable data tiering service
CN106899564B (en) Login method and device
CN113190870A (en) Redis database access authority control method and device
CN106708636A (en) Cluster-based data caching method and apparatus
CN108399175B (en) Data storage and query method and device
CN110581784B (en) Node health check method, device and equipment
CN114064780A (en) Session information processing method, system, device, storage medium and electronic equipment
CN114253456A (en) Cache load balancing method and device
CN110837499B (en) Data access processing method, device, electronic equipment and storage medium
US11652746B1 (en) Resilient consistent hashing for a distributed cache
CN114546286A (en) Method, system, storage medium and device for selecting homing group member
US10200301B1 (en) Logical control groups for distributed system resources
US11914590B1 (en) Database request router improving server cache utilization
CN113761400A (en) Access request forwarding method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination