CN112671903A - General intranet online service system - Google Patents
General intranet online service system Download PDFInfo
- Publication number
- CN112671903A CN112671903A CN202011541157.7A CN202011541157A CN112671903A CN 112671903 A CN112671903 A CN 112671903A CN 202011541157 A CN202011541157 A CN 202011541157A CN 112671903 A CN112671903 A CN 112671903A
- Authority
- CN
- China
- Prior art keywords
- service
- intranet
- module
- network
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a general intranet online service system. Individual users and the like cannot realize autonomous operation services by using a conventional internet application model. The system comprises an intranet service node frame and a background support system. The background support system comprises a service registration module, a service announcement module and a network connection service module which are operated on the servers, wherein the servers are directly connected with the Internet, and a plurality of servers can directly access. The intranet service node framework runs on the general computing nodes, and the general computing nodes locally run a general operating system to support the container technology. The agent module in the container technology constructs an intranet NAT penetration module on an intranet service node framework to realize intranet NAT penetration, or the agent module is used as a virtual Ethernet bridge to provide transparent link layer LLC network connection for nodes to realize data forwarding. The system of the invention realizes that the individual user establishes the service node in the private network and provides the online network service to the outside.
Description
Technical Field
The invention belongs to the technical field of computers, particularly relates to the technical field of internet application, and relates to a general intranet online service system.
Background
In the current conventional internet application model, an individual user or small group is typically a customer or user of a service, while the provider of the service is typically an organization or organization. The reasons mainly include: first, the applications and needs of individual users or small groups to provide network services have just emerged; second, individual users typically do not have the resources required to provide network services, such as stable bandwidth, public addresses accessible throughout the network, reliable storage and computing power, etc.; third, at present, there is no platform for individual users to publish service portals, which results in great limitations on service discovery and service promotion.
With the popularization of home broadband networks and internet of things and the rapid improvement of the performance of intelligent mobile terminals, the desire of individual users for developing various autonomous operation services such as self media, intelligent home, private instant messaging, distributed storage and the like is increasingly urgent, but at present, the demands are severely restricted by resources and services.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a general intranet online service system, which provides reliable, expandable and low-cost basic service for the online service of individual users.
The system comprises two parts: an intranet service node framework and a background support system.
The background support system comprises a service registration module, a service announcement module and a network connection service module, wherein the three modules run on one or more servers; the server is directly connected with the Internet, has a public network IP address, and can directly access a plurality of servers.
The service registration module performs registration management on the network service to be provided by the intranet service node framework; further, the registration management comprises registration template management and audit verification management; the registration template management provides a service template, so that a user can conveniently provide standardized services through parameter adjustment; and auditing and verifying management is used for auditing and verifying safety, reliability and validity aiming at user-defined service.
The service announcement module records and maintains the services provided by all nodes in the system, and publishes the description information of each service, including the service provider and the service content information.
The Network connection service module provides transparent Network connection for all nodes in the system, maintains global Network topology, establishes direct connection with NAT (Network Address Translation) and firewall existing in the system, and provides penetrating service for all nodes of the intranet service node framework.
The intranet service node framework runs on a universal computing node, the universal computing node is a virtual machine, a personal computer, a mobile phone and an intelligent terminal, the universal computing node locally runs a universal operating system, and the universal operating system supports a container technology.
An agent module in the container technology constructs an intranet NAT penetration module on an intranet service node framework, the intranet NAT penetration module completes intranet NAT penetration on one hand, and on the other hand, the intranet NAT penetration module serves as a virtual Ethernet bridge and provides transparent link layer LLC network connection for the interior of nodes in the intranet service node framework, between the nodes and other network nodes outside the intranet service node framework to achieve data forwarding.
Further, a user in the intranet online service system plans to provide network services on an intranet service node framework. If the provided service belongs to the standard service in the service registration module, a user deploys a container corresponding to the service on an intranet service node frame, a corresponding virtual network card is created for the service and a special IP address is allocated by calling an interface of an intranet NAT penetration module, and then the user personalizes the service through parameter configuration, wherein the personalization comprises a name identification of the service, a name of a service provider, network resource requirements, computing resource requirements, storage resource requirements and brief description of the service. If the provided service is a proprietary service developed by the user, interface adaptation and parameter definition are carried out through the service registration module, then the user submits the service to the service registration module to complete auditing, and after the auditing is passed, on one hand, connection information of the service is defined, and on the other hand, the service is issued in the service announcement module.
Further, the intranet service node framework simultaneously provides a container for service access to the client, the client container also calls an interface of the intranet NAT traversal module to create a corresponding virtual network card for the client and allocate a special IP address, then the direct connection with the service is tried to be established through the network connection service module and the service access is completed, and if the direct connection cannot be established, the relay is performed through the network connection service module.
By adopting the system of the invention, an individual user can establish service nodes in a private network and provide various online network services to the outside based on a general intranet online service node framework. The frame in the invention is universal, the node has no limit to the type of the provided service, and the user can provide various online network services such as Web, instant messaging, mails, storage, live broadcast, online real-time monitoring and the like on the Internet based on the frame. And the intranet means that the node can be completely deployed behind a NAT or a firewall, has no globally accessible public IP address, and even completely uses a household broadband network. The invention provides an extensible service template for the user based on the intranet penetration service provided by the third party, and the user can carry out light-weight compatible design according to the service characteristics to be provided on the basis of the template, thereby being capable of rapidly providing the online service. To this end, the system provides: a. a virtual IP address; b. a transparent network connection; c. personalized service definitions; d. the cascading services access, e.g., client c @ S1, registered as a client node of S2 through the cascading of S1 through S2, may be named c @ S1@ S2, so that c can access resources in S2 as in domain S1.
Detailed Description
The present invention will be further described with reference to the following embodiments.
The general intranet online service system comprises an intranet service node frame and a background support system.
The background support system comprises a service registration module, a service announcement module and a network connection service module, wherein the three modules run on one or more servers, the servers are directly connected with the Internet and have public network IP addresses, and the servers can be directly accessed. One of the servers can be configured as a portal, both for ease of addressing and to support load balancing if necessary.
The service registration module performs registration management on the network service to be provided by the intranet service node framework, and comprises the following steps: the registration template management is used for providing a service template, so that a user can conveniently provide standardized services through parameter adjustment; and auditing, verifying and managing, namely auditing and verifying the safety, reliability and legality of the user-defined service. The service registration module is used for carrying out authority management on the service in the system and can also be used as a charging and charging entrance of paid service.
The service announcement module records and maintains services provided by all nodes in the system, issues description information of each service, including service provider and service content information, provides service retrieval and discovery support for service users, facilitates selection of the service users, and can also be used as an entrance for advertisement putting.
The Network connection service module provides transparent Network connection for all nodes in the system, maintains global Network topology, establishes direct connection with NAT (Network Address Translation) and firewall existing in the system, and provides penetrating service for all nodes of the intranet service node framework. Current NAT/firewall penetration techniques such as ICE, STUN, TURN, etc. may be used, as well as link layer intranet penetration services provided by third party providers.
The intranet service node framework runs on a general computing node, the general computing node is a virtual machine, a personal computer, a mobile phone and an intelligent terminal, the general computing node locally runs a general operating system, and the general operating system supports a container technology such as Docker.
An agent module in the container technology constructs an intranet NAT penetration module on an intranet service node framework, the intranet NAT penetration module completes intranet NAT penetration on one hand, and on the other hand, the intranet NAT penetration module serves as a virtual Ethernet bridge and provides transparent link layer LLC network connection for the interior of nodes in the intranet service node framework, between the nodes and other network nodes outside the intranet service node framework to achieve data forwarding.
If the user plans to provide network service on the intranet service node frame, if the provided service belongs to the standard service in the service registration module, the user deploys a container corresponding to the service on the intranet service node frame, and creates a corresponding virtual network card and allocates a special IP address for the service by calling an interface of the intranet NAT penetration module; the user then personalizes the service through parameter configuration, including a name identification for the service, a name for the service provider, network resource requirements, computing resource requirements, storage resource requirements, a brief description of the service, and so forth. If the provided service is a proprietary service developed by the user, performing interface adaptation and parameter definition through a service registration module; then the user submits the service to a service registration module to complete auditing; after the audit is passed, on one hand, the connection information of the service is defined, and on the other hand, the connection information is issued in the service announcement module. Therefore, other users can find the service through the service announcement, and if the service needs to be used, the connection with the service virtual network card and the private IP address can be established through the network connection service module. Through the intranet penetration service, if a direct connection can be established, network traffic between other users and the UPON providing the service does not pass through a background support system any more. If the direct connection cannot be established, the network traffic between the other users and the UPON providing the service is relayed by the network connection service module.
Since the intranet service node framework providing services is located behind the NAT, it must also join the system in order to access the services it provides. Therefore, the intranet service node framework simultaneously provides a container for service access to the client, the realization of the client container is similar to that of the service container in nature, an interface of an intranet NAT penetration module is called as well, a corresponding virtual network card is created for the client and a special IP address is allocated, then direct connection with the service is tried to be established through the network connection service module and the service access is completed, and if the direct connection cannot be established, the network connection service module performs relay;
because the server and the client are realized based on the intranet service node framework, the system can realize cascade service access. Assume that client c has registered as a user of server S1. If now c wants to access the services provided by S2, it is straightforward that c registers as a user of S2 at the same time, which is less efficient in case the network is large in size and c only wants to temporarily access the resources of S2. Alternatively, when a user c of the server S1 in the intranet service node framework needs to temporarily access resources provided by the server S2 in other intranet service node frameworks, the user c accesses resources of S2 on behalf of the client c by S1, and the client c is identified as c @ S1@ S2 in the service end S2, and can access resources provided by S2 like a locally registered client. During c-access S2, all network traffic is relayed via S1.
One possible application scenario of the general intranet online service system is as follows: let S1 be an internal instant messaging service, all clients among users registered at S1 send instant messages for chatting. And S2 provides an intranet and extranet forwarding service based on mail, i.e., so that a user in the intranet online service system can send an electronic mail to and from a user on the internet. Based on the above-described cascading services access model, user c, now registered at S1, can "chat" with user g on the internet (assuming that g has a mailbox address g @ xxx. com on the internet): com, because the message is sent within the service of S1, it will be sent to S1 first; 2. after receiving m, the service S1 encodes m into a mail form and sends the mail form to the service S2; 3. service S2 forwards message m encoded in the form of a mail to mailbox g @ xxx.com; g, after receiving the mail, replying the mail r and sending the mail r to the service S2; 5. service S2 forwards mail r to service S1; 6. the service S1 converts the mail-form encoded r into an instant message r and sends it to c. Therefore, the user c who is located in the intranet and does not have the mail address and the user g who is located in the internet and does not register the instant message service can carry out message interaction. In fact, a service module similar to S2 will become an important portal application for the intranet service node framework to interact with the external public internet.
Another more straightforward application scenario is: nodes located in some intranet service node frames of the intranet provide partial resources of the nodes, such as storage resources, computing resources, network bandwidth resources, digital media content resources and the like, of the nodes to other intranet service node frames for use. These nodes providing resources may charge a fee to the node using its resources based on terms agreed upon in advance by the service registration module.
Therefore, the system realizes a platform supporting a small service platform, so that an individual user or a small group can operate the service platform with an extremely low threshold, and the innovation and the creation of the public are supported.
Claims (6)
1. A general intranet online service system is characterized by comprising two parts: an intranet service node frame and a background support system;
the background support system comprises a service registration module, a service announcement module and a network connection service module, wherein the three modules run on one or more servers; the server is directly connected with the Internet and has a public network IP address, and a plurality of servers can directly access the Internet;
the service registration module performs registration management on the network service to be provided by the intranet service node framework;
the service announcement module records and maintains services provided by all nodes in the system, and publishes description information of each service, including service provider and service content information;
the network connection service module provides transparent network connection for all nodes in the system, maintains the global network topology, establishes direct connection with NAT and firewall existing in the system and provides penetrating service for all nodes of the intranet service node frame;
the intranet service node framework runs on a general computing node, the general computing node locally runs a general operating system, and the general operating system supports a container technology;
an agent module in the container technology constructs an intranet NAT penetration module on an intranet service node framework, the intranet NAT penetration module completes intranet NAT penetration on one hand, and on the other hand, the intranet NAT penetration module serves as a virtual Ethernet bridge and provides transparent link layer LLC network connection for the interior of nodes in the intranet service node framework, between the nodes and other network nodes outside the intranet service node framework to achieve data forwarding.
2. The universal intranet online service system according to claim 1, wherein a user in the intranet online service system plans to provide network services on an intranet service node framework; if the provided service belongs to the standard service in the service registration module, a user deploys a container corresponding to the service on an intranet service node frame, creates a corresponding virtual network card for the service and allocates a special IP address by calling an interface of an intranet NAT penetration module, and then personalizes the service through parameter configuration; if the provided service is a proprietary service developed by the user, interface adaptation and parameter definition are carried out through the service registration module, then the user submits the service to the service registration module to complete auditing, and after the auditing is passed, on one hand, connection information of the service is defined, and on the other hand, the service is issued in the service announcement module.
3. The system according to claim 1, wherein the intranet service node framework simultaneously provides a container for accessing the service client, the container of the client also calls an interface of the intranet NAT traversal module, creates a corresponding virtual network card and allocates a dedicated IP address to the client, then tries to establish a direct connection with the service through the network connection service module and completes the service access, and if the direct connection cannot be established, the network connection service module performs the relay.
4. The universal intranet online service system according to claim 1, wherein: the registration management comprises registration template management and audit verification management; the registration template management provides a service template, so that a user can conveniently provide standardized services through parameter adjustment; and auditing and verifying management is used for auditing and verifying safety, reliability and validity aiming at user-defined service.
5. The general intranet online service system according to claim 2, wherein: the personalization includes name identification of the service, name of the service provider, network resource requirements, computing resource requirements, storage resource requirements, and brief description of the service.
6. The universal intranet online service system according to claim 1, wherein: the general computing nodes are virtual machines, personal computers, mobile phones and intelligent terminals.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011541157.7A CN112671903A (en) | 2020-12-23 | 2020-12-23 | General intranet online service system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011541157.7A CN112671903A (en) | 2020-12-23 | 2020-12-23 | General intranet online service system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112671903A true CN112671903A (en) | 2021-04-16 |
Family
ID=75409132
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011541157.7A Pending CN112671903A (en) | 2020-12-23 | 2020-12-23 | General intranet online service system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112671903A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1674553A (en) * | 2004-03-24 | 2005-09-28 | 联想(北京)有限公司 | Method for long-distance using local area network resource utilizing mobile equipment |
CN101325525A (en) * | 2007-06-15 | 2008-12-17 | 北京中电亿商网络技术有限责任公司 | Commercial network operating system |
CN102035904A (en) * | 2010-12-10 | 2011-04-27 | 北京中科大洋科技发展股份有限公司 | Method for converting TCP network communication server into client |
CN102185837A (en) * | 2011-04-20 | 2011-09-14 | 北京鸿天伟业安全技术有限公司 | Intelligent multimedia information publish system |
US20120311329A1 (en) * | 2011-06-03 | 2012-12-06 | Medina Alexander A | System and method for secure instant messaging |
CN104378411A (en) * | 2014-10-10 | 2015-02-25 | 易颖 | Service exchange system |
US20200167175A1 (en) * | 2018-11-26 | 2020-05-28 | Red Hat, Inc. | Filtering based containerized virtual machine networking |
-
2020
- 2020-12-23 CN CN202011541157.7A patent/CN112671903A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1674553A (en) * | 2004-03-24 | 2005-09-28 | 联想(北京)有限公司 | Method for long-distance using local area network resource utilizing mobile equipment |
CN101325525A (en) * | 2007-06-15 | 2008-12-17 | 北京中电亿商网络技术有限责任公司 | Commercial network operating system |
CN102035904A (en) * | 2010-12-10 | 2011-04-27 | 北京中科大洋科技发展股份有限公司 | Method for converting TCP network communication server into client |
CN102185837A (en) * | 2011-04-20 | 2011-09-14 | 北京鸿天伟业安全技术有限公司 | Intelligent multimedia information publish system |
US20120311329A1 (en) * | 2011-06-03 | 2012-12-06 | Medina Alexander A | System and method for secure instant messaging |
CN104378411A (en) * | 2014-10-10 | 2015-02-25 | 易颖 | Service exchange system |
US20200167175A1 (en) * | 2018-11-26 | 2020-05-28 | Red Hat, Inc. | Filtering based containerized virtual machine networking |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9954868B2 (en) | System and method to associate a private user identity with a public user identity | |
US9307039B2 (en) | Method, system, push client, and user equipment for service communication | |
US20050228895A1 (en) | Method, Web service gateway (WSG) for presence, and presence server for presence information filtering and retrieval | |
CN105991796B (en) | A kind of method and system of the configuration service of the user terminal in on-premise network | |
CN101729491B (en) | Method, device and system for enhancing application reliability of script-based business | |
US7385621B2 (en) | Private sharing of computer resources over an internetwork | |
CN108964962B (en) | Method and system for controlling video network terminal | |
CN110035005B (en) | Data processing method and device | |
CN101217508A (en) | A network agent system and the corresponding realizing methods based on instant communication platform | |
CN109474713B (en) | Message forwarding method and device | |
WO2024012001A1 (en) | Method and system for implementing access to open source community in multi-modal network | |
CN114285900B (en) | Scheduling system, authentication method, scheduling method, device, server and medium | |
CN102035655A (en) | Implementation method for end-to-end instant messaging, and end-to-end instant messaging terminal and system | |
CN109889910B (en) | Communication method and device for accessing private network | |
CN112671903A (en) | General intranet online service system | |
CN109561080B (en) | Dynamic network access communication method and device | |
CN104378301B (en) | A kind of data processing method and data processing equipment | |
CN109995637B (en) | S-VXLAN construction method, data forwarding method and system | |
Hoang et al. | Connectivity abstractions and “service-oriented network” architecture | |
CN105556921A (en) | A mobile-device based proxy for browser-originated procedures | |
CN110276607B (en) | Terminal service updating method, device and storage medium | |
CN102404227A (en) | Hierarchical routing system crossing internal network | |
Uskela | Services in cellular packet data networks | |
JP2004221706A (en) | Internet communication system, address information exchange server, session management server, communication apparatus, router apparatus, call control management server, wireless communication apparatus, internet communication method, address information control method, control method, wireless communication method, call control method, program, and computer-readable recording medium for recording program | |
CN114268616A (en) | Fortress machine system applied to multi-cloud environment and control method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210416 |
|
WD01 | Invention patent application deemed withdrawn after publication |