CN112291229A - Method for realizing government affair system service data exchange under isolated network environment - Google Patents

Method for realizing government affair system service data exchange under isolated network environment Download PDF

Info

Publication number
CN112291229A
CN112291229A CN202011151650.8A CN202011151650A CN112291229A CN 112291229 A CN112291229 A CN 112291229A CN 202011151650 A CN202011151650 A CN 202011151650A CN 112291229 A CN112291229 A CN 112291229A
Authority
CN
China
Prior art keywords
offline
client
data
network environment
http
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011151650.8A
Other languages
Chinese (zh)
Inventor
李宁
秦祝成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Cloud Information Technology Co Ltd
Original Assignee
Inspur Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Cloud Information Technology Co Ltd filed Critical Inspur Cloud Information Technology Co Ltd
Priority to CN202011151650.8A priority Critical patent/CN112291229A/en
Publication of CN112291229A publication Critical patent/CN112291229A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/308Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

The invention discloses a method for realizing government affair system service data exchange in an isolated network environment, which comprises the steps of starting a grabbing tool client side in the isolated network environment, then normally operating a source system, capturing source system HTTP data through the grabbing tool client side, exporting the processed source system HTTP data through the grabbing tool client side, copying offline data to a target system network, importing the offline data through the client side of the target system network and pushing the offline data to the target system, and therefore, the data exchange of the source system and the target system in the isolated network environment is realized. The method has the characteristics of universality suitable for most of source systems, convenience for source systems without modification and the like. The method can be used by one-time configuration, only needs to modify the configuration when the service changes, does not need to be redeveloped, and has the advantages of easy application, easy deployment, short implementation period and the like.

Description

Method for realizing government affair system service data exchange under isolated network environment
Technical Field
The invention relates to the technical field of government affair service informatization application, in particular to a method for realizing government affair system service data exchange in an isolated network environment, which relates to computer network communication, application data exchange and a technology for capturing and transmitting data based on an http protocol.
Background
In recent years, the government of China has implemented government affairs service system reform and informatization system reconstruction in a top-down top-level design mode. The unified government service platforms of the local government are established from national institutes, provinces and cities, and each local government service implementation department is required to implement one-door business acceptance and background classification approval, so that business data needs to be input into two systems for government service workers, one is input into a business handling system of the local department, and the other is input into a unified business handling system of the unified government service platform, double workload is brought to the workers, and working efficiency is influenced. For a department door system with high network safety requirements, the department door system is isolated from a unified government affairs service platform through a network, and business data cannot be exchanged. There is currently a lack of solution to this "secondary entry" problem. The method for manually importing and exporting the data report has the problems that the business systems need to be butted one by one, a general method is not available, and the cost is high.
Disclosure of Invention
The invention mainly aims at the system needing secondary input, and realizes the primary input of synchronous data to other systems with relatively less material and labor cost by respectively deploying the grabbing tool client sides in two networks under the conditions that network isolation cannot be intercommunicated and the existing system is not required to be modified, thereby improving the working efficiency of workers.
In order to achieve the purpose, the invention provides the following technical scheme:
a method for realizing government affair system service data exchange in an isolated network environment is characterized in that under the environment of the isolated network, a grab tool client is installed and started by office workers without modifying a source system by means of interface butt joint, a preposed library, a data exchange platform and the like, then the source system is normally operated, the HTTP data of the source system can be captured by the grab tool client, the processed HTTP data of the source system can be exported by the grab tool client, then the offline data is copied to a target system network, the offline data is imported by the client of the target system network and is pushed to the target system, and therefore the data exchange of the source system and the target system in the isolated network environment is realized.
The method adopts a browser proxy technology to realize the capture of the HTTP request of the source system and obtain the complete message of the HTTP request, including the request and the return content.
According to the method, the HTTP capturing filtering technology is adopted, the HTTP capturing filtering is realized, and the HTTP requests meeting the capturing rules are extracted.
The method realizes the analysis of the HTTP message into the service data by adopting the HTTP message analysis technology, and meets the requirement of a data exchange format of a target system.
The implementation process of the method comprises the following contents:
(1) defining http capturing rules of a source system through background engine configuration;
(2) the background engine derives a capture rule;
(3) importing a grabbing rule by a grabbing tool client;
(4) starting grabbing by a grabbing tool client;
the user can freely control the operations of starting, stopping, viewing historical records and the like of client monitoring, the browser agent is started after the grabbing is started, and all http requests can be monitored by the client;
(5) exporting an offline data packet by the grabbing tool client;
the user can export the captured data packets into offline data according to time;
(6) leading in and pushing an offline data packet by a client;
after the offline package is copied or the network is switched, the offline package is led into a network client of the target system and pushed to a background engine, and the background engine can analyze the data package to obtain service data and then push the service data to the target system.
The http crawling rule definition process of the source system is as follows:
by analyzing the source system, it is recorded which http requests have passed through the whole process of service submission,
the matching of the crawling rules needs to support multiple http request configurations,
only after all http request configurations match the grab rule is it confirmed that a complete traffic record is captured.
The grabbing tool client has an offline configuration importing function, and the grabbing tool client is supported to be used by a user in an offline state through importing an offline configuration file.
And the background engine exports the configured rule into an offline configuration file according to the configuration of the export process by the system.
The matching of the grabbing rules is divided into a system level, a service level and a request level according to the weight,
and when the grabbing tool grabs one http request, three levels of filtering are required in sequence.
The operation flow of the method comprises the following contents:
1) the government affair service hall manager configures the contents of a source system, such as a capturing rule, a service mapping, a field mapping, a data dictionary analysis and the like, through a background engine, then exports the capturing rule to an offline configuration file, and leads the offline configuration file into a source system client by a worker;
2) a worker starts the source system client monitoring and then normally uses the source system to handle services;
3) the staff derives the off-line data packet captured on the same day according to the requirement, such as taking the day as a unit;
4) the staff copies the offline data packet or directly switches the offline data packet to the target system network, the offline data is imported by using an importing function at a target system network client, a push button is clicked, the client pushes the data to a background engine, and the data is pushed to the target system after being analyzed by the background engine.
Compared with the prior art, the model applied to multi-system docking processing has the following outstanding beneficial effects:
the method has the characteristics of universality suitable for most of source systems, convenience for source systems without modification and the like. The method can be used by one-time configuration, only needs to modify the configuration when the service changes, does not need to be redeveloped, and has the advantages of easy application, easy deployment, short implementation period and the like. Under the environment of an isolated network, the method does not depend on means such as interface butt joint, a preposed library and a data exchange platform, under the condition that a source system does not need to be transformed, only a clerk needs to install and start a grabbing tool client, then the source system is normally operated, the client can capture HTTP data of the source system, processed HTTP data of the source system can be exported through the client, then the offline data is copied to a target system network, the offline data is imported through the client of the target system network, and the data is pushed to the target system, so that the data exchange of the source system and the target system under the environment of the isolated network is realized.
Drawings
Fig. 1 is a schematic diagram of a service data exchange process according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
As shown in fig. 1, a method for implementing data exchange of government affairs system services in an isolated network environment includes the following steps:
(1) defining http capturing rules of a source system through background engine configuration;
the http crawling rule definition process of the source system is as follows:
by analyzing the source system, it is recorded which http requests have passed through the whole process of service submission,
the matching of the crawling rules needs to support multiple http request configurations,
only after all http request configurations match the grab rule is it confirmed that a complete traffic record is captured.
The matching of the grabbing rules is divided into a system level, a service level and a request level according to the weight,
and when the grabbing tool grabs one http request, three levels of filtering are required in sequence.
(2) The background engine derives a capture rule;
(3) importing a grabbing rule by a grabbing tool client;
the grabbing tool client has an offline configuration importing function, and the grabbing tool client is supported to be used by a user in an offline state through importing an offline configuration file.
And the background engine exports the configured rule into an offline configuration file according to the configuration of the export process by the system.
(4) Starting grabbing by a grabbing tool client;
the user can freely control the operations of starting, stopping, viewing historical records and the like of client monitoring, the browser agent is started after the grabbing is started, and all http requests can be monitored by the client;
(5) exporting an offline data packet by the grabbing tool client;
the user can export the captured data packets into offline data according to time;
(6) leading in and pushing an offline data packet by a client;
after the offline package is copied or the network is switched, the offline package is led into a network client of the target system and pushed to a background engine, and the background engine can analyze the data package to obtain service data and then push the service data to the target system.
The operation flow of the method comprises the following contents:
1) the government affair service hall manager configures the contents of a source system, such as a capturing rule, a service mapping, a field mapping, a data dictionary analysis and the like, through a background engine, then exports the capturing rule to an offline configuration file, and leads the offline configuration file into a source system client by a worker;
2) a worker starts the source system client monitoring and then normally uses the source system to handle services;
3) the staff derives the off-line data packet captured on the same day according to the requirement, such as taking the day as a unit;
4) the staff copies the offline data packet or directly switches the offline data packet to the target system network, the offline data is imported by using an importing function at a target system network client, a push button is clicked, the client pushes the data to a background engine, and the data is pushed to the target system after being analyzed by the background engine.
The above-described embodiments are merely preferred embodiments of the present invention, and general changes and substitutions by those skilled in the art within the technical scope of the present invention are included in the protection scope of the present invention.

Claims (10)

1. A method for realizing government affair system service data exchange in an isolated network environment is characterized in that a grabbing tool client is installed and started in the isolated network environment, then a source system is operated normally, source system HTTP data are captured through the grabbing tool client, processed source system HTTP data are exported through the grabbing tool client, then offline data are copied to a target system network, and the offline data are imported through the client of the target system network and are pushed to the target system, so that data exchange of the source system and the target system in the isolated network environment is realized.
2. The method for realizing government affairs system service data exchange in isolated network environment according to claim 1, wherein the method realizes capturing HTTP request of source system by using browser proxy technology, and obtains complete message of HTTP request, including request and return content.
3. The method for realizing government system service data exchange in isolated network environment according to claim 2, wherein said method is implemented by using HTTP filtering technology to filter captured HTTP and extract HTTP request according to capturing rule.
4. The method for realizing government affair system service data exchange under the isolated network environment according to claim 3, wherein the method realizes the parsing of HTTP message into service data by adopting HTTP message parsing technology, so as to meet the data exchange format requirement of the target system.
5. The method for realizing government affairs system service data exchange in isolated network environment according to claim 4, wherein the realization process of the method includes the following contents:
(1) defining http capturing rules of a source system through background engine configuration;
(2) the background engine derives a capture rule;
(3) importing a grabbing rule by a grabbing tool client;
(4) starting grabbing by a grabbing tool client;
the user can control the starting, stopping and viewing history records of the client monitoring, the browser agent is started after the grabbing is started, and all http requests can be monitored by the client;
(5) exporting an offline data packet by the grabbing tool client;
the user can export the captured data packets into offline data according to time;
(6) leading in and pushing an offline data packet by a client;
after the offline package is copied or the network is switched, the offline package is led into a network client of the target system and pushed to a background engine, and the background engine can analyze the data package to obtain service data and then push the service data to the target system.
6. The method for realizing government system service data exchange in isolated network environment according to claim 5, wherein the http grab rule of the source system is defined as follows:
by analyzing the source system, the http request passed by the whole process of service submission is recorded,
the matching of the crawling rules needs to support multiple http request configurations,
and when all the http request configurations are matched with the capturing rules, confirming that a complete service record is captured.
7. The method for realizing government affairs system service data exchange in isolated network environment according to claim 5, wherein the client side of the gripping tool has an import offline configuration function, which supports the user to use the client side of the gripping tool by importing the offline configuration file in offline state.
8. The method for realizing government affairs system service data exchange in isolated network environment according to claim 7, wherein the background engine exports the configured rule as an offline configuration file according to the configuration of the export process by the system.
9. The method for realizing government affairs system service data exchange in isolated network environment according to claim 8, wherein the matching of the capturing rules is divided into system level, service level, request level by weight,
and when the grabbing tool grabs one http request, three levels of filtering are required in sequence.
10. A method for realizing government affairs system service data exchange in isolated network environment according to any one of claims 5-9, wherein the operation flow of the method includes the following contents:
1) configuring a capture rule, service mapping, field mapping and data dictionary analysis of a source system through a background engine, then exporting the capture rule into an offline configuration file, and importing the offline configuration file into a source system client;
2) starting the source system client monitoring, and then normally using the source system to handle the service;
3) exporting the captured offline data packet according to the requirement;
4) and copying or switching the offline data packet to a target system network, importing the offline data by using an importing function at a target system network client, pushing the offline data, pushing the data to a background engine by the client, analyzing the data by the background engine, and pushing the data to the target system.
CN202011151650.8A 2020-10-26 2020-10-26 Method for realizing government affair system service data exchange under isolated network environment Pending CN112291229A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011151650.8A CN112291229A (en) 2020-10-26 2020-10-26 Method for realizing government affair system service data exchange under isolated network environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011151650.8A CN112291229A (en) 2020-10-26 2020-10-26 Method for realizing government affair system service data exchange under isolated network environment

Publications (1)

Publication Number Publication Date
CN112291229A true CN112291229A (en) 2021-01-29

Family

ID=74423853

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011151650.8A Pending CN112291229A (en) 2020-10-26 2020-10-26 Method for realizing government affair system service data exchange under isolated network environment

Country Status (1)

Country Link
CN (1) CN112291229A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113204694A (en) * 2021-03-03 2021-08-03 浪潮云信息技术股份公司 Method for intelligent data exchange of service system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110246419A1 (en) * 2010-03-31 2011-10-06 Salesforce.Com, Inc. Reducing database downtime
CN104301410A (en) * 2014-10-16 2015-01-21 浪潮软件集团有限公司 Self-service tax handling terminal design method for realizing internal and external network interconnection in client monitoring mode
CN106789755A (en) * 2016-11-30 2017-05-31 中国电子科技集团公司第五十四研究所 Inter-network data interchange platform
CN110062010A (en) * 2019-05-27 2019-07-26 陈天杨 A kind of physical isolation inter-network data exchange method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110246419A1 (en) * 2010-03-31 2011-10-06 Salesforce.Com, Inc. Reducing database downtime
CN104301410A (en) * 2014-10-16 2015-01-21 浪潮软件集团有限公司 Self-service tax handling terminal design method for realizing internal and external network interconnection in client monitoring mode
CN106789755A (en) * 2016-11-30 2017-05-31 中国电子科技集团公司第五十四研究所 Inter-network data interchange platform
CN110062010A (en) * 2019-05-27 2019-07-26 陈天杨 A kind of physical isolation inter-network data exchange method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113204694A (en) * 2021-03-03 2021-08-03 浪潮云信息技术股份公司 Method for intelligent data exchange of service system

Similar Documents

Publication Publication Date Title
CN111031034A (en) Multi-protocol convergence edge computing gateway
US6263444B1 (en) Network unauthorized access analysis method, network unauthorized access analysis apparatus utilizing the method, and computer-readable recording medium having network unauthorized access analysis program recorded thereon
CN105306272B (en) Information system fault scenes formation gathering method and system
CN110855493B (en) Application topological graph drawing device for mixed environment
CN103780610A (en) Network data recovery method based on protocol characteristics
WO2014082577A1 (en) Remote debugging method and system
CN103198007A (en) Multi-process log output method and system
JPH09134297A (en) Remote management system
CN112291229A (en) Method for realizing government affair system service data exchange under isolated network environment
CN101616023A (en) A kind of method of cluster being implemented monitoring by note
CN101252487B (en) Method for processing safety warning and safety policy equipment
US8725901B2 (en) Analysis tool for intra-node application messaging
CN202652270U (en) Database audit system
AU2008213165B2 (en) Methods, systems and apparatus for monitoring and/or generating communications in a communications network
CN113204694A (en) Method for intelligent data exchange of service system
CN117319433A (en) Intelligent information management system for plane shunting operation
CN103366433A (en) System and method for monitoring state of one-card entrance guard in real time
CN215494685U (en) Industrial data remote debugging acquisition platform
CN115622816A (en) Communication method based on dispatching telephone and man-machine workstation fusion system
CN102624753B (en) Distributed file transmission method and equipment for enterprise service bus
CN115086403A (en) Edge computing gateway micro-service architecture for ubiquitous heterogeneous access
CN100403688C (en) Business data packet tracing realizing method
CN113079055A (en) Method and device for dynamically acquiring AGV (automatic guided vehicle) running data
CN110995794B (en) Remote acquisition method of electric power data
CN103560976B (en) A kind of method, apparatus and system that control data are sent

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210129