CN112231063A - Fault processing method and device - Google Patents
Fault processing method and device Download PDFInfo
- Publication number
- CN112231063A CN112231063A CN202011147490.XA CN202011147490A CN112231063A CN 112231063 A CN112231063 A CN 112231063A CN 202011147490 A CN202011147490 A CN 202011147490A CN 112231063 A CN112231063 A CN 112231063A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- security
- service
- safety
- new
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title abstract description 7
- 238000000034 method Methods 0.000 claims abstract description 46
- 238000012544 monitoring process Methods 0.000 claims description 14
- 238000001514 detection method Methods 0.000 claims description 13
- 238000012790 confirmation Methods 0.000 claims description 5
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 238000012545 processing Methods 0.000 abstract description 6
- 230000008569 process Effects 0.000 description 10
- 238000004590 computer program Methods 0.000 description 8
- 230000009471 action Effects 0.000 description 4
- 238000011084 recovery Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1479—Generic software techniques for error detection or fault masking
- G06F11/1482—Generic software techniques for error detection or fault masking by means of middleware or OS functionality
- G06F11/1484—Generic software techniques for error detection or fault masking by means of middleware or OS functionality involving virtual machines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45575—Starting, stopping, suspending or resuming virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application provides a fault processing method and a fault processing device, which are applied to a security cloud platform, wherein the method comprises the following steps: when the safety virtual machine is monitored to have a fault, determining the address information of the safety virtual machine and the service type of the safety service supported currently; deleting the secure virtual machine; creating a new secure virtual machine according to the service type of the supported secure service, and configuring the address information of the new secure virtual machine as the address information of the failed secure virtual machine; and issuing the security configuration corresponding to the security service supported by the failed security virtual machine to the new security virtual machine. By adopting the method, the safety configuration in the recovered safety virtual machine (the newly-built safety virtual machine) is ensured to be consistent with the safety configuration issued before the fault occurs, and the new safety virtual machine is also ensured to continuously provide safety service, so that the normal operation of the service is ensured.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for processing a fault.
Background
Security services can be created and used in security domain Software as a Service (SaaS) cloud products, and a Service provider corresponding to the security services is a virtual machine created by using a security product image file. After the creation of the security service is completed, a security virtual machine is automatically created on the virtualization platform. When the security service is used, security rules, policies and the like are mainly configured. Various protection and detection rules and strategies (hereinafter referred to as security configuration) configured in the security service can be directly issued to the security virtual machine, so that the security configuration plays a corresponding role. The secure virtual machine is clearly important in the use of security services. If the safety virtual machine fails, service and service interruption can be caused. Therefore, how to quickly restore the secure virtual machine is very important to improve the reliability of the secure SaaS cloud product.
In the prior art, a product administrator can perform snapshot processing on a secure virtual machine periodically, so that when the secure virtual machine fails, the recovery of the secure virtual machine is realized by manually executing snapshot recovery, but the prior art manually performs the snapshot recovery of the virtual machine, and the operation is very complicated; in addition, more and more snapshots are generated in the running process of the virtual machine, and the snapshots are stored before the failure, so that more and more disk space is occupied. In addition, because the snapshot is made at a fixed time, if the product administrator issues the security configuration to the secure virtual machine after the last snapshot is made, the configuration will not be recorded in the snapshot, and if the secure virtual machine fails, the security configuration will be lost when the latest snapshot is used to restore the secure virtual machine, that is, the restored security configuration is inconsistent with the issued security configuration.
Therefore, when the security virtual machine fails, how to automatically process the security virtual machine to remove the failure, and keeping the security configuration of the processed security virtual machine consistent with the security configuration newly issued by the product administrator is one of the considerable technical problems.
Disclosure of Invention
In view of this, the present application provides a fault handling method and apparatus, which are used to automatically maintain a security virtual machine when the security virtual machine fails, so that a security configuration in the maintained security virtual machine is consistent with a security configuration newly issued by a product administrator in the failed security virtual machine.
Specifically, the method is realized through the following technical scheme:
according to a first aspect of the present application, there is provided a fault handling apparatus applied to a secure cloud platform, the apparatus including:
the system comprises a determining module, a judging module and a judging module, wherein the determining module is used for determining the address information of a safety virtual machine and the service type of a supported safety service when the safety virtual machine is monitored to be out of order;
a deletion module for deleting the secure virtual machine;
the creating module is used for creating a new safety virtual machine according to the service type of the supported safety service and configuring the address information of the new safety virtual machine into the address information of the failed safety virtual machine;
and the issuing module is used for issuing the security configuration corresponding to the security service supported by the failed security virtual machine to the new security virtual machine.
Optionally, creating a new secure virtual machine according to the service type of the supported secure service includes:
determining a virtual machine template corresponding to the service type of the supported security service according to the corresponding relation between the service type and the virtual machine template;
and creating a new safe virtual machine according to the determined virtual machine template.
Optionally, the fault handling method provided in this embodiment further includes:
and monitoring the fault of the new safety virtual machine.
Optionally, confirming that the safety virtual machine fails according to the following method:
detecting the safety virtual machine by using a detection tool, and confirming that the safety virtual machine fails if the detection fails; alternatively, the first and second electrodes may be,
sending a security service address request to the security virtual machine, and receiving request address information returned by the security virtual machine; and if the returned request address information is inconsistent with the pre-configured address information, confirming that the safety virtual machine has a fault.
Optionally, the security configuration for each security service is stored in a database;
issuing the security configuration corresponding to the security service supported by the failed security virtual machine to the new security virtual machine, including:
acquiring security configuration corresponding to the supported security service from the database;
and issuing the acquired security configuration to the new security virtual machine.
According to a second aspect of the present application, there is provided a fault handling apparatus applied to a secure cloud platform, the apparatus including:
the system comprises a determining module, a judging module and a judging module, wherein the determining module is used for determining the address information of a safety virtual machine and the service type of a supported safety service when the safety virtual machine is monitored to be out of order;
a deletion module for deleting the secure virtual machine;
the creating module is used for creating a new safety virtual machine according to the service type of the supported safety service and configuring the address information of the new safety virtual machine into the address information of the failed safety virtual machine;
and the issuing module is used for issuing the security configuration corresponding to the security service supported by the failed security virtual machine to the new security virtual machine.
Optionally, the creating module is specifically configured to determine, according to a correspondence between a service type and a virtual machine template, a virtual machine template corresponding to the service type of the supported security service; and creating a new safe virtual machine according to the determined virtual machine template.
Optionally, the fault handling apparatus provided in this embodiment further includes:
and the monitoring module is used for monitoring the fault of the new safety virtual machine.
Optionally, the fault handling apparatus provided in this embodiment further includes:
the fault confirmation module is used for detecting the safety virtual machine by using a detection tool, and confirming that the safety virtual machine has a fault if the detection fails; or, sending a security service address request to the security virtual machine, and receiving request address information returned by the security virtual machine; and if the returned request address information is inconsistent with the pre-configured address information, confirming that the safety virtual machine has a fault.
Optionally, the security configuration for each security service is stored in a database; then
The issuing module is specifically configured to acquire the security configuration corresponding to the supported security service from the database; issuing the acquired security configuration to the new security virtual machine
According to a third aspect of the present application, there is provided a secure cloud platform comprising a processor and a machine-readable storage medium, the machine-readable storage medium storing a computer program executable by the processor, the processor being caused by the computer program to perform the method provided by the first aspect of the embodiments of the present application.
According to a fourth aspect of the present application, there is provided a machine-readable storage medium storing a computer program which, when invoked and executed by a processor, causes the processor to perform the method provided by the first aspect of the embodiments of the present application.
The beneficial effects of the embodiment of the application are as follows:
when the safety virtual machine fails, a new safety virtual machine is created based on the related information of the failed safety virtual machine, so that the new safety virtual machine is completely consistent with the failed virtual machine, which is equivalent to the safety virtual machine with the failure recovered automatically, thereby not only ensuring that the safety configuration in the recovered safety virtual machine (newly-built safety virtual machine) is consistent with the safety configuration issued before the failure occurs, but also ensuring that the new safety virtual machine continues to provide safety service, and further ensuring the normal operation of the service.
Drawings
Fig. 1 is a flowchart of a fault handling method provided in an embodiment of the present application;
fig. 2 is a schematic view of an application scenario of a fault handling method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a fault handling apparatus according to an embodiment of the present application;
fig. 4 is a schematic hardware structure diagram of a cloud security platform according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with aspects such as the present application.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the corresponding listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The following describes the failure processing method provided in the present application in detail.
Referring to fig. 1, fig. 1 is a flowchart of a fault handling method provided in the present application, and the method is applied to a cloud security platform, and may include the following steps:
s101, when the safety virtual machine is monitored to have a fault, determining the address information of the safety virtual machine and the service type of the supported safety service.
Specifically, the cloud security platform allocates one security service virtual machine monitor to each security virtual machine, and in the running process of the security virtual machines, the corresponding security service virtual machine monitors whether the security virtual machines are in failure. When the security service virtual machine monitor monitors that a security virtual machine monitored by the security service virtual machine monitor fails, the security service monitor informs a security service manager in the security cloud platform, and the security service manager determines address information of the failed security virtual machine and service types of security services supported by the security virtual machine.
Optionally, the secure cloud platform in the present application may be a secure cloud server or the like.
And S102, deleting the failed safety virtual machine.
Specifically, the security services manager may delete the failed security virtual machine. Specifically, all the secure virtual machines are installed on the virtualization platform, and the virtualization platform exposes a functional interface (management interface) to the outside, and the security service manager calls the functional interface exposed to the outside by the virtualization platform to delete the failed secure virtual machine, where it is to be noted that the virtualization platform may be, but is not limited to, a CAS, a VMware, and other platform software.
Optionally, after the failed security virtual machine is deleted, the monitoring task of the security service virtual machine monitor for monitoring the failed security virtual machine may be suspended.
S103, creating a new safety virtual machine according to the service type of the supported safety service, and configuring the address information of the new safety virtual machine as the address information of the failed safety virtual machine.
Specifically, in order to obtain the same processing mechanism as that of the failed secure virtual machine, this step creates a new secure virtual machine by using the service type of the secure service supported by the failed secure virtual machine, and then configures the address information of the newly created secure virtual machine as the address information of the failed secure virtual machine, where the created secure virtual machine is identical to the failed secure virtual machine.
And S104, issuing the security configuration corresponding to the security service supported by the failed security virtual machine to the new security virtual machine.
Specifically, in order to make the security configuration of the newly created security virtual machine identical to the security configuration supported by the failed virtual machine, the step directly issues the security configuration corresponding to the security service supported by the failed security virtual machine to the new security virtual machine, where the security configuration corresponding to the security service supported by the failed security virtual machine is the security configuration that is newly issued to the failed security virtual machine by the product administrator.
By implementing the fault processing method provided by the embodiment, when the safety virtual machine has a fault, a new safety virtual machine is created based on the related information of the safety virtual machine with the fault, so that the new safety virtual machine is completely consistent with the fault virtual machine, which is equivalent to the recovery of the safety virtual machine with the fault, thereby not only ensuring that the safety configuration in the recovered safety virtual machine (the newly-built safety virtual machine) is consistent with the safety configuration issued before the fault occurs, but also ensuring that the new safety virtual machine continues to provide safety service, and further ensuring the normal operation of the service.
Alternatively, when step S103 is executed, the following procedure may be implemented: determining a virtual machine template corresponding to the service type of the supported security service according to the corresponding relation between the service type and the virtual machine template; and creating a new safe virtual machine according to the determined virtual machine template.
Specifically, in this embodiment, the virtual machine templates corresponding to the service types are configured in advance and stored, so that after the service type of the security service supported by the failed security virtual machine is determined, the virtual machine template corresponding to the service type of the security service supported by the failed security virtual machine can be determined according to the recorded correspondence between the service type and the virtual machine template, and then a new security virtual machine is created by using the determined virtual machine template, thereby ensuring that the service types of the security service supported by the new security virtual machine and the failed security virtual machine are the same. On the basis, the address information of the new safety virtual machine is configured to the address information of the failed safety virtual machine, so that the new safety virtual machine is the same as the failed safety virtual machine and can replace the failed safety virtual machine, and the subsequent service which is originally forwarded to the failed safety virtual machine can be directly forwarded to the new safety virtual machine, so that the new safety virtual machine provides normal service for the service.
In addition, when a new secure virtual machine is created, the new secure virtual machine is created in the virtualization platform, and then a function interface exposed to the outside by the virtualization platform may be called, and the determined virtual machine template is used to create the new secure virtual machine.
Optionally, after creating a new secure virtual machine, the fault handling method provided in this embodiment further includes: and monitoring the fault of the new safety virtual machine.
Specifically, a security service virtual machine monitor is allocated to the new security virtual machine, and the new security virtual machine is monitored by the security service virtual machine monitor.
In the present application, when it is confirmed that the secure virtual machine is not healthy, it can be understood that the secure virtual machine has a failure.
On this basis, based on any of the above embodiments, it can be confirmed that the safety virtual machine fails according to the following method: and detecting the safety virtual machine by using a detection tool, and confirming that the safety virtual machine fails if the detection fails.
In one embodiment, the security service virtual machine monitor may utilize a ping tool to determine whether an address of the security virtual machine can be detected, if the address of the security virtual machine is detected, it indicates that the security virtual machine is currently available, and if the address of the security virtual machine is not available, it indicates that the security virtual machine is not healthy, i.e., it is determined that the security virtual machine has a failure.
In another embodiment, the security service virtual machine monitor may also use a telnet command to detect a port of the security virtual machine providing a service to the outside, and if the port is detected to be not through, it may also be determined that the security virtual machine is unhealthy, that is, it is determined that the security virtual machine is faulty.
Optionally, based on any of the above embodiments, the failure of the secure virtual machine may also be confirmed according to the following method: sending a security service address request to the security virtual machine, and receiving request address information returned by the security virtual machine; and if the returned request address information is inconsistent with the pre-configured address information, confirming that the safety virtual machine has a fault.
Specifically, the security service virtual machine monitor may request, by using an http tool, to send a security service address request to the security virtual machine monitored by the security service virtual machine to request address information of the security service supported by the security virtual machine, and if the request address information returned by the security virtual machine is not consistent with address information (actual address information) preconfigured for the supported security service, it is determined that the security virtual machine is unhealthy, that is, it is determined that the security virtual machine is faulty. Alternatively, the address information may be a Uniform Resource Locator (URL) specified by the supported security service.
Alternatively, the security service virtual machine monitor may detect whether the corresponding security virtual machine fails at regular intervals, which may be 5 seconds, or the like. When the corresponding security virtual machine is monitored to have a fault, the process shown in fig. 1 is triggered to be executed, and meanwhile, the security service virtual machine monitor suspends executing the monitoring operation.
Based on any of the above embodiments, the security configuration of each security service in this embodiment is stored in a database; on this basis, step S104 may be performed according to the following procedure: acquiring security configuration corresponding to the supported security service from the database; and issuing the acquired security configuration to the new security virtual machine.
Specifically, for each security virtual machine, the cloud security platform stores the security configuration newly issued to the security virtual machine in the database, so that, when the security virtual machine fails, after a new security virtual machine is created according to the flow of fig. 1, the security configuration corresponding to the security service supported by the failed security virtual machine can be queried from the database, the queried security configuration is the security configuration newly issued to the failed security virtual machine, and then the queried security configuration is issued to the new security virtual machine, so that the new security virtual machine is ensured to be completely consistent with the failed virtual machine, which is equivalent to the failed security virtual machine being recovered, and since the address information of the new security virtual machine is the address information of the failed security virtual machine, subsequent services originally to be sent to the failed security virtual machine can be smoothly sent to the new security virtual machine, the new safety virtual machine replaces the failed safety virtual machine to provide service, and therefore smooth execution of the service is guaranteed.
Based on the same inventive concept, the present application further provides an application scenario diagram of the application fault handling method, which is shown with reference to fig. 2 and includes: the system comprises a secure SaaS cloud platform (secure cloud platform), a virtualization platform and a database, wherein the secure SaaS cloud platform is used for executing the process shown in FIG. 1, the virtual machine platform is used for the operating environment of the secure virtual machines, the database is used for storing the secure configuration corresponding to the secure service supported by each secure virtual machine, the virtualization platform is externally exposed with a management interface, and the secure SaaS cloud platform can manage the secure virtual machines in the virtualization platform through the management interface; in addition, the secure SaaS cloud platform is configured with various security services, and then the security configuration corresponding to each security service is issued to the secure virtual machine, so that the secure virtual machine can provide the supported security services. When a security virtual machine starts to run, in order to monitor the state of the security virtual machine, a security SaaS cloud platform may configure a security service virtual machine monitor for the security virtual machine therein, so that the security service virtual machine monitor may monitor the state of the security virtual machine, and then when a failure of the security virtual machine is monitored, the flow of fig. 1 may be triggered, that is, when a failure of the security virtual machine is monitored, address information of the security virtual machine and a service type of a security service supported by the security virtual machine are determined; then deleting the security virtual machine, and simultaneously suspending the monitoring work of a security service virtual machine monitor for monitoring the security virtual machine; in addition, a new secure virtual machine can be created according to the determined access type of the supported secure service, and the address information of the new secure virtual machine is configured as the address information of the failed secure virtual machine, so that the new secure virtual machine and the failed secure virtual machine have the same operating environment, and the address information of the failed secure virtual machine is provided to the outside; on this basis, the security configuration corresponding to the security service supported by the failed security virtual machine can be queried from the database, and then the security configuration corresponding to the security service supported by the failed security virtual machine is issued to the new security virtual machine, so that the new security virtual machine and the failed security virtual machine have the same configuration, and the service can be provided instead of the failed security virtual machine.
Based on the same inventive concept, the application also provides a fault processing device corresponding to the fault processing method. The implementation of the fault handling apparatus may refer to the above description of the fault handling method, which is not discussed herein.
Referring to fig. 3, fig. 3 is a fault handling apparatus, applied to a secure cloud platform, according to an exemplary embodiment of the present application, where the apparatus includes:
the determining module 301 is configured to determine, when it is monitored that a security virtual machine fails, address information of the security virtual machine and a service type of a security service supported by the security virtual machine;
a deleting module 302, configured to delete the secure virtual machine;
a creating module 303, configured to create a new secure virtual machine according to the service type of the supported secure service, and configure address information of the new secure virtual machine as address information of a failed secure virtual machine;
the issuing module 304 is configured to issue the security configuration corresponding to the security service supported by the failed security virtual machine to the new security virtual machine.
It should be noted that the determining module 301, the deleting module 302, the creating module 303, and the issuing module 304 may be disposed in a security service manager in the security cloud platform.
Optionally, the creating module 302 is specifically configured to determine, according to a correspondence between a service type and a virtual machine template, a virtual machine template corresponding to the service type of the supported security service; and creating a new safe virtual machine according to the determined virtual machine template.
Optionally, the fault handling apparatus provided in this embodiment further includes:
and a monitoring module (not shown in the figure) for performing fault monitoring on the new secure virtual machine.
It should be noted that the above-mentioned failure confirmation module may be disposed in the security service virtual machine monitor in fig. 2.
Optionally, the fault handling apparatus provided in this embodiment further includes:
a failure confirmation module (not shown in the figure) configured to detect the security virtual machine by using a detection tool, and if the detection fails, confirm that the security virtual machine fails; or, sending a security service address request to the security virtual machine, and receiving request address information returned by the security virtual machine; and if the returned request address information is inconsistent with the pre-configured address information, confirming that the safety virtual machine has a fault.
It should be noted that the above-mentioned failure confirmation module may be disposed in the security service virtual machine monitor in fig. 2.
Optionally, the security configuration of each security service in this embodiment is stored in a database; then
The issuing module 304 is specifically configured to obtain the security configuration corresponding to the supported security service from the database; and issuing the acquired security configuration to the new security virtual machine.
The embodiment of the present application provides a secure cloud platform, as shown in fig. 4, including a processor 401 and a machine-readable storage medium 402, where the machine-readable storage medium 402 stores a computer program capable of being executed by the processor 401, and the processor 401 is caused by the computer program to execute the fault handling method provided by the embodiment of the present application.
The computer-readable storage medium may include a RAM (Random Access Memory), a DDR SRAM (Double Data Rate Synchronous Dynamic Random Access Memory), and may also include a NVM (Non-volatile Memory), such as at least one disk Memory. Alternatively, the computer readable storage medium may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field-Programmable Gate Array) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
In addition, the embodiment of the present application provides a machine-readable storage medium, which stores a computer program, and when the computer program is called and executed by a processor, the computer program causes the processor to execute the fault processing method provided by the embodiment of the present application.
For the embodiments of the secure cloud platform and the machine-readable storage medium, since the contents of the related methods are substantially similar to those of the foregoing embodiments of the methods, the description is relatively simple, and reference may be made to part of the description of the embodiments of the methods for the related points.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The implementation process of the functions and actions of each unit/module in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the units/modules described as separate parts may or may not be physically separate, and the parts displayed as units/modules may or may not be physical units/modules, may be located in one place, or may be distributed on a plurality of network units/modules. Some or all of the units/modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. A fault handling method is applied to a secure cloud platform, and comprises the following steps:
when the safety virtual machine is monitored to have a fault, determining the address information of the safety virtual machine and the service type of the safety service supported currently;
deleting the secure virtual machine;
creating a new secure virtual machine according to the service type of the supported secure service, and configuring the address information of the new secure virtual machine as the address information of the failed secure virtual machine;
and issuing the security configuration corresponding to the security service supported by the failed security virtual machine to the new security virtual machine.
2. The method of claim 1, wherein creating a new secure virtual machine based on the service type of the supported security service comprises:
determining a virtual machine template corresponding to the service type of the supported security service according to the corresponding relation between the service type and the virtual machine template;
and creating a new safe virtual machine according to the determined virtual machine template.
3. The method of claim 1, further comprising:
and monitoring the fault of the new safety virtual machine.
4. The method of claim 1, wherein the failure of the secure virtual machine is confirmed as follows:
detecting the safety virtual machine by using a detection tool, and confirming that the safety virtual machine fails if the detection fails; alternatively, the first and second electrodes may be,
sending a security service address request to the security virtual machine, and receiving request address information returned by the security virtual machine; and if the returned request address information is inconsistent with the pre-configured address information, confirming that the safety virtual machine has a fault.
5. The method of claim 1, wherein the security configuration for each security service is stored in a database;
issuing the security configuration corresponding to the security service supported by the failed security virtual machine to the new security virtual machine, including:
acquiring security configuration corresponding to the supported security service from the database;
and issuing the acquired security configuration to the new security virtual machine.
6. A fault handling apparatus applied to a secure cloud platform, the apparatus comprising:
the system comprises a determining module, a judging module and a judging module, wherein the determining module is used for determining the address information of a safety virtual machine and the service type of a supported safety service when the safety virtual machine is monitored to be out of order;
a deletion module for deleting the secure virtual machine;
the creating module is used for creating a new safety virtual machine according to the service type of the supported safety service and configuring the address information of the new safety virtual machine into the address information of the failed safety virtual machine;
and the issuing module is used for issuing the security configuration corresponding to the security service supported by the failed security virtual machine to the new security virtual machine.
7. The apparatus of claim 6,
the creating module is specifically configured to determine, according to a correspondence between a service type and a virtual machine template, a virtual machine template corresponding to the service type of the supported security service; and creating a new safe virtual machine according to the determined virtual machine template.
8. The apparatus of claim 6, further comprising:
and the monitoring module is used for monitoring the fault of the new safety virtual machine.
9. The apparatus of claim 6, further comprising:
the fault confirmation module is used for detecting the safety virtual machine by using a detection tool, and confirming that the safety virtual machine has a fault if the detection fails; or, sending a security service address request to the security virtual machine, and receiving request address information returned by the security virtual machine; and if the returned request address information is inconsistent with the pre-configured address information, confirming that the safety virtual machine has a fault.
10. The apparatus of claim 6, wherein the security configuration for each security service is stored in a database; then
The issuing module is specifically configured to acquire the security configuration corresponding to the supported security service from the database; and issuing the acquired security configuration to the new security virtual machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011147490.XA CN112231063A (en) | 2020-10-23 | 2020-10-23 | Fault processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011147490.XA CN112231063A (en) | 2020-10-23 | 2020-10-23 | Fault processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112231063A true CN112231063A (en) | 2021-01-15 |
Family
ID=74109380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011147490.XA Pending CN112231063A (en) | 2020-10-23 | 2020-10-23 | Fault processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112231063A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113157476A (en) * | 2021-04-10 | 2021-07-23 | 作业帮教育科技(北京)有限公司 | Processing method and device for display card fault in virtual cloud environment |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104753852A (en) * | 2013-12-25 | 2015-07-01 | 中国移动通信集团公司 | Virtualization platform and security protection method and device |
| CN105100180A (en) * | 2014-11-25 | 2015-11-25 | 航天恒星科技有限公司 | Cluster node dynamic loading method, device and system |
| CN105204955A (en) * | 2015-09-30 | 2015-12-30 | 华为技术有限公司 | Method and device for correcting faults of virtual machines |
| CN107122229A (en) * | 2017-04-21 | 2017-09-01 | 紫光华山信息技术有限公司 | A kind of virtual machine restoration methods and device |
| CN107391665A (en) * | 2017-07-20 | 2017-11-24 | 郑州云海信息技术有限公司 | The creation method and device of a kind of database instance |
| CN108363611A (en) * | 2017-11-02 | 2018-08-03 | 北京紫光恒越网络科技有限公司 | Method for managing security, device and the omnidirectional system of virtual machine |
| CN109582443A (en) * | 2018-12-06 | 2019-04-05 | 国网江西省电力有限公司信息通信分公司 | Virtual machine standby system based on distributed storage technology |
| CN110673981A (en) * | 2018-07-03 | 2020-01-10 | 中国电信股份有限公司 | Fault recovery method, device and system |
| CN111355605A (en) * | 2019-10-18 | 2020-06-30 | 烽火通信科技股份有限公司 | Virtual machine fault recovery method and server of cloud platform |
-
2020
- 2020-10-23 CN CN202011147490.XA patent/CN112231063A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104753852A (en) * | 2013-12-25 | 2015-07-01 | 中国移动通信集团公司 | Virtualization platform and security protection method and device |
| CN105100180A (en) * | 2014-11-25 | 2015-11-25 | 航天恒星科技有限公司 | Cluster node dynamic loading method, device and system |
| CN105204955A (en) * | 2015-09-30 | 2015-12-30 | 华为技术有限公司 | Method and device for correcting faults of virtual machines |
| CN107122229A (en) * | 2017-04-21 | 2017-09-01 | 紫光华山信息技术有限公司 | A kind of virtual machine restoration methods and device |
| CN107391665A (en) * | 2017-07-20 | 2017-11-24 | 郑州云海信息技术有限公司 | The creation method and device of a kind of database instance |
| CN108363611A (en) * | 2017-11-02 | 2018-08-03 | 北京紫光恒越网络科技有限公司 | Method for managing security, device and the omnidirectional system of virtual machine |
| CN110673981A (en) * | 2018-07-03 | 2020-01-10 | 中国电信股份有限公司 | Fault recovery method, device and system |
| CN109582443A (en) * | 2018-12-06 | 2019-04-05 | 国网江西省电力有限公司信息通信分公司 | Virtual machine standby system based on distributed storage technology |
| CN111355605A (en) * | 2019-10-18 | 2020-06-30 | 烽火通信科技股份有限公司 | Virtual machine fault recovery method and server of cloud platform |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113157476A (en) * | 2021-04-10 | 2021-07-23 | 作业帮教育科技(北京)有限公司 | Processing method and device for display card fault in virtual cloud environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2751551C1 (en) | Method and apparatus for restoring disrupted operating ability of a unit, electronic apparatus and data storage medium | |
| CN110798375B (en) | Monitoring method, system and terminal equipment for enhancing high availability of container cluster | |
| US20200007620A1 (en) | Intelligent Backup and Recovery of Cloud Computing Environment | |
| US20170116084A1 (en) | Method and System for Monitoring Virtual Machine Cluster | |
| US20160043892A1 (en) | System and method for cloud based provisioning, configuring, and operating management tools | |
| WO2018095414A1 (en) | Method and apparatus for detecting and recovering fault of virtual machine | |
| US11157373B2 (en) | Prioritized transfer of failure event log data | |
| US10528427B1 (en) | Self-healing system for distributed services and applications | |
| WO2014031454A2 (en) | Transaction-level health monitoring of online services | |
| CN107453932B (en) | Distributed storage system management method and device | |
| US8990608B1 (en) | Failover of applications between isolated user space instances on a single instance of an operating system | |
| WO2017045436A1 (en) | Virtual machine fault processing method and device | |
| CN111800304A (en) | Process running monitoring method, storage medium and virtual device | |
| CN109586989B (en) | State checking method, device and cluster system | |
| US9596157B2 (en) | Server restart management via stability time | |
| EP3591530A1 (en) | Intelligent backup and recovery of cloud computing environment | |
| CN112231063A (en) | Fault processing method and device | |
| US20140164851A1 (en) | Fault Processing in a System | |
| CN103902401A (en) | Virtual machine fault tolerance method and device based on monitoring | |
| CN114691445A (en) | Cluster fault processing method and device, electronic equipment and readable storage medium | |
| CN112068935A (en) | Method, device and equipment for monitoring deployment of kubernets program | |
| WO2019178839A1 (en) | Method and device for creating consistency snapshot for distributed application and distributed system | |
| US20230088318A1 (en) | Remotely healing crashed processes | |
| CN110618884A (en) | Fault monitoring method, virtualized network function module manager and storage medium | |
| CN115080309A (en) | Data backup system, method, storage medium, and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210115 |