CN112688808A - Operation and maintenance management method and system of internet data center and electronic equipment - Google Patents
Operation and maintenance management method and system of internet data center and electronic equipment Download PDFInfo
- Publication number
- CN112688808A CN112688808A CN202011511445.8A CN202011511445A CN112688808A CN 112688808 A CN112688808 A CN 112688808A CN 202011511445 A CN202011511445 A CN 202011511445A CN 112688808 A CN112688808 A CN 112688808A
- Authority
- CN
- China
- Prior art keywords
- operation instruction
- server
- client
- data
- condition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012423 maintenance Methods 0.000 title claims abstract description 47
- 238000007726 management method Methods 0.000 title claims abstract description 39
- 238000012544 monitoring process Methods 0.000 claims abstract description 54
- 238000000034 method Methods 0.000 claims abstract description 28
- 238000011161 development Methods 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 14
- 238000003860 storage Methods 0.000 claims description 12
- 238000013475 authorization Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 7
- 238000012550 audit Methods 0.000 claims description 6
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 15
- 230000006870 function Effects 0.000 description 15
- 230000006399 behavior Effects 0.000 description 10
- 238000012545 processing Methods 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 241000219357 Cactaceae Species 0.000 description 4
- 230000000903 blocking effect Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000011112 process operation Methods 0.000 description 2
- 230000001902 propagating effect Effects 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012358 sourcing Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The disclosure relates to an operation and maintenance management method, a system and electronic equipment of an internet data center, wherein the method comprises the following steps: receiving an operation instruction of a client; under the condition that the operation instruction is a first operation instruction, performing access control according to the first operation instruction, and recording the first operation instruction; monitoring the running states of a server and running equipment executing the second operation instruction under the condition that the operation instruction is the second operation instruction; under the condition that the operation instruction is a third operation instruction, detecting whether loopholes exist in the server and the running equipment or not according to the third operation instruction; and backing up the configuration data of the server and the running equipment, generating backup information, and storing the backup information.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of internet data center management, and more particularly, to an operation and maintenance management method and system for an internet data center and an electronic device.
Background
The IDC (Internet data center), namely an Internet data center, is based on the Internet, establishes a standardized professional computer room environment through an Internet communication line and bandwidth resources, and can provide safe, reliable, rapid and comprehensive data storage, server hosting, leasing, related value-added and other omnibearing services for enterprises.
However, the operation and maintenance tools used in the IDC operation and maintenance work have respective functions and are various, so that the use is complicated, and a complete operation and maintenance management method and system are not available.
Disclosure of Invention
An object of the embodiments of the present disclosure is to provide a new technical solution for operation and maintenance management of an internet data center.
According to a first aspect of the present disclosure, there is provided an operation and maintenance management method for an internet data center, the method including:
receiving an operation instruction of a client;
under the condition that the operation instruction is a first operation instruction, performing access control according to the first operation instruction, and recording the first operation instruction;
monitoring the running states of a server and running equipment executing the second operation instruction under the condition that the operation instruction is the second operation instruction;
under the condition that the operation instruction is a third operation instruction, detecting whether loopholes exist in the server and the running equipment or not according to the third operation instruction;
and backing up the configuration data of the server and the running equipment, generating backup information, and storing the backup information.
Optionally, in a case that the operation instruction is a first operation instruction, the method further includes:
verifying the identity information of the client;
under the condition that the identity information of the client passes the verification, giving corresponding operation permission according to the first operation instruction;
distributing different account number authority information to the client according to the operation authority, and executing the first operation instruction;
and tracing and analyzing the executing process of the first operation instruction.
Optionally, the monitoring the operation states of the server and the operation device includes:
and generating first alarm information under the condition that the server and/or the running equipment are abnormal.
Optionally, the first alarm information includes first monitoring data and second monitoring data, a data type of the first monitoring data is graphical data, and a data type of the second monitoring data is non-graphical data.
Optionally, the detecting whether the server and the running device have vulnerabilities according to the third operation instruction includes: and generating second alarm information under the condition that the server and/or the running equipment are detected to have the loopholes.
Optionally, the method further comprises:
receiving a file format type requested by a client,
and generating a detection report consistent with the file format type.
Optionally, the generating backup information includes:
acquiring first configuration data and second configuration data, wherein the first configuration data and the second configuration data are data backed up twice adjacently;
comparing the consistency of the first configuration data and the second configuration data;
generating a discrepancy report if the first configuration data and the second configuration data change.
According to a second aspect of the present disclosure, there is also provided an operation and maintenance management system of an internet data center, where the method includes:
the WEB development unit is used for receiving an operation instruction of a client and distributing the first operation instruction to the bastion machine unit under the condition that the operation instruction is the first operation instruction; under the condition that the operation instruction is a second operation instruction, distributing the second operation instruction to corresponding running equipment; distributing the third operation instruction to a vulnerability scanning unit under the condition that the operation instruction is the third operation instruction;
the bastion machine unit is used for carrying out access control according to the first operation instruction distributed by the WEB development unit and recording the first operation instruction;
the network monitoring unit comprises a first network monitoring unit and a second network monitoring unit, and is used for monitoring the running states of the server and running equipment executing the second operation instruction;
and the vulnerability scanning unit is used for detecting whether vulnerabilities exist in the server and the running equipment according to a third operation instruction of the client, which is distributed by the WEB development unit.
The configuration backup unit is used for backing up configuration data of the server and the running equipment, generating backup information and outputting the backup information to the WEB development unit;
optionally, the bastion unit comprises:
the identity authentication module is used for authenticating the identity information of the client;
the authorization control module is used for giving corresponding operation authority according to the first operation instruction under the condition that the identity information of the client is verified;
the account management module is used for distributing different account authority information to the client according to the operation authority;
and the safety audit module is used for tracing and analyzing the execution process of the first operation instruction.
According to a third aspect of the present disclosure, there is also provided an electronic device comprising a memory for storing a computer program and a processor; the processor is adapted to execute the computer program to implement the method according to the first aspect of the present disclosure.
According to a fourth aspect of the present disclosure, there is also provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method according to the first aspect of the present disclosure.
The operation and maintenance management system of the internet data center has the advantages that various operation and maintenance tools are integrated in one management system for unified management, the system mainly comprises the fortress machine unit, the network monitoring unit, the vulnerability scanning unit and the configuration backup unit, operation and maintenance programs can be integrally monitored and managed through the system, operation is more convenient and fast, and operation and maintenance work efficiency can be greatly improved.
Other features of embodiments of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which is to be read in connection with the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the embodiments of the disclosure.
FIG. 1 is a schematic diagram of the components of an operation and maintenance management system of an Internet data center;
FIG. 2 is a schematic diagram of the composition structure of a bastion machine unit of an operation and maintenance management system of an Internet data center;
fig. 3 is a schematic flowchart of an operation and maintenance management method of an internet data center disclosed in this embodiment;
FIG. 4 is a block schematic diagram of an electronic device according to one embodiment;
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
< System embodiment >
Fig. 1 is a schematic diagram illustrating a configuration of an operation and maintenance management system of an internet data center to which an operation and maintenance management method of an internet data center according to an embodiment can be applied.
As shown in fig. 1, the system includes a WEB development unit, a bastion unit, a network monitoring unit, a vulnerability scanning unit, and a configuration backup unit, and may be applied to an operation and maintenance scenario of an Internet Data Center (IDC).
In this embodiment, the WEB development unit may integrate a plurality of operation and maintenance tools by using front-end development technologies such as HTML5, CSS3, JavaScript, and the like, and display and manage the operation instructions through the WEB page, and receive an operation instruction of the client through the WEB development unit, where all files of a home navigation page of the WEB page are uploaded to a content directory of the WEB server, a default access file is set to index.
In this embodiment, the WEB development unit can execute corresponding tasks through different operation instructions, and under the condition that the operation instruction is a first operation instruction, the first operation instruction is distributed to the bastion unit; under the condition that the operation instruction is a second operation instruction, distributing the second operation instruction to corresponding running equipment; and in the case that the operation instruction is a third operation instruction, distributing the third operation instruction to the vulnerability scanning unit.
For example, the first operation instruction may be an account login request, the user sends the account login request through the client, the WEB development unit receives the account login request and then sends the account login request to the bastion unit, the bastion unit performs access control according to the account login request, intercepts illegal access and malicious attacks, performs command blocking on illegal commands in the account login request, filters out all illegal access behaviors to the target device, and records the account login request so as to facilitate tracking of the responsibility afterwards.
For example, the second operation instruction may be an instruction for implementing a function of a network device, such as implementing network connection through a routing device, after receiving the second operation instruction, the WEB development unit sends the second operation instruction to an execution device capable of executing the second operation instruction, and the execution device executes a corresponding second operation instruction.
For example, the third operation instruction may be a vulnerability scanning instruction, after receiving the third operation instruction, the WEB development unit sends the third operation instruction to the vulnerability scanning unit, and after receiving the third operation instruction, the vulnerability scanning unit triggers a vulnerability scanning action to perform vulnerability scanning on the server and the running device that is executing the second operation instruction, and certainly, vulnerability scanning also includes vulnerability scanning on other network devices.
In this embodiment, the bastion unit may adopt a Jumpserver bastion system, the Jumpserver is a bastion system written by python and managed based on the ssh protocol, the client does not need to install agent, and the bastion system has the characteristics of complete sourcing, GPL authorization, WebTerminal support, automatic hardware information collection, video playback and the like, and can realize the due functions of the bastion system.
In this embodiment, referring to fig. 2, the fort machine unit includes: the system comprises an identity authentication module, an authorization control module, an account management module and a security audit module, wherein the identity authentication module is used for authenticating identity information of a client to prevent identity from being faked and reused, for example, all accounts of a server, network equipment, security equipment and the like can be managed in a centralized manner, and when a login request is sent by a client, the client and a login account are authenticated.
In this embodiment, the authorization control module is configured to give a corresponding operation permission according to the first operation instruction when the identity information of the client passes the verification, for example, when the identity information of the client passes the verification by the identity verification module, allow the client to log in an account, obtain data through the server, start the network device, and the like. If the identity authentication is not passed, intercepting the first operation instruction to intercept illegal access and malicious attack, carrying out command blocking on illegal commands in the account login request, filtering out all illegal access behaviors to the target equipment, and simultaneously recording the account login request so as to facilitate the follow-up responsibility tracking. Meanwhile, the authorization control module of the embodiment can also set different permissions for different accounts to prevent internal misoperation and permission abuse.
In one embodiment, the mode of the identity authentication module for the client identity authentication can be a plurality of authentication modes such as a dynamic password, a static password, a hardware key, a biological characteristic and the like.
In this embodiment, the account management module is configured to allocate different account authority information to the client according to the operation authority so as to implement management of personnel and assets, where the authority information includes fine-grained operation authorization implemented based on factors such as a user, a target device, time, a protocol type IP, and a behavior, and can protect security of user resources to the maximum extent.
In this embodiment, the security audit module is used for tracing and analyzing an execution process of the first operation instruction, and the security audit module can audit the whole-process operation behaviors such as character strings, graphics, file transmission, and a database, for example, various operations performed on target units such as an operating system, security equipment, network equipment, and a database by an operation and maintenance worker are monitored in real time in an equipment video recording manner, so that violation behaviors are controlled in a matter, terminal instruction information can be accurately searched, and video recording is accurately positioned.
In this embodiment, the network monitoring unit is configured to monitor an operating state of a server and an operating device that executes a second operation instruction, where the network monitoring unit includes a first network monitoring unit and a second network monitoring unit, and is configured to display the operating state of the network device, the network monitoring unit generates first monitoring data and second monitoring data when monitoring an abnormal condition, the monitoring alarm gives an alarm through a mail, a nail, or a flybook, the first monitoring data is graphical data, and the second monitoring data is non-graphical data, and is capable of presenting data in multiple forms. For example, the first network monitoring unit may be a Cacti network monitoring system, and Cacti is a network traffic monitoring graph analysis tool developed based on PHP, MySQL, SNMP, and RRDTool, and has a good graph display effect. The second network monitoring unit can be a Zabbix network monitoring system, and Zabbix is an enterprise-level solution providing distributed system monitoring and network monitoring functions based on a WEB interface and has a good fault processing and recording function.
In this embodiment, the vulnerability scanning unit can detect whether vulnerabilities exist in the server and the operating device according to a third operation instruction of the client distributed by the WEB development unit. In this embodiment, the third operation instruction may be a scanning request, and after receiving the scanning request, the WEB development unit distributes the scanning request to the bug scanning unit, and the server corresponding to the bug scanning unit starts a bug scanning program and presents a scanning result to the user through the client. For example, the vulnerability scanning unit in this embodiment may be a Nessus vulnerability scanning system, Nessus employs a client/server architecture, a client provides a graphical interface running in an X window, receives a command of a user to communicate with a server, transmits a scanning request of the user to the server, and the server starts scanning and presents a scanning result to the user; the scanning code and the vulnerability data are independent from each other, Nessus has a corresponding plug-in unit for each vulnerability, the vulnerability plug-in unit is a small section of code which is written by NASL (NESSUS attach coding language) and simulates the vulnerability Attack, the scanning technology using the vulnerability plug-in unit greatly facilitates the maintenance and the updating of the vulnerability data, the Nessus has the capability of scanning any service of any port, detailed output reports are generated in user-specified formats such as ASCII text, html and the like, and the output reports comprise the vulnerability of a target, how to repair the vulnerability to prevent hacker intrusion, danger level and the like.
In this embodiment, the configuration backup unit is configured to backup configuration data of the server and the operating device, generate backup information, and output the backup information to the WEB development unit. For example, the configuration backup unit may be an Oxidized network automated configuration backup system, and may be capable of periodically backing up configurations of the configuration server and the operating device, for example, the operation and maintenance management system may preset at least one backup event, where the at least one backup event includes at least one of reaching the backup event according to a set period, receiving an external backup instruction, restoring a connection to the network, and detecting an event that needs to be shut down. For example, the backup is automatically performed once a day according to a set period, the backup is stored in an oxidized server, and the backup configuration is checked through a WEB page.
In this embodiment, the WEB development unit, the bastion unit, the network monitoring unit, the bug scanning unit, and the configuration backup unit are open source tools, and may be applied to any data center to improve the compatibility of the system.
< method examples >
Fig. 3 is a schematic flowchart of an operation and maintenance management method of an internet data center disclosed in this embodiment. The implementation subject of the method is an operation and maintenance management system of an internet data center, for example, an operation and maintenance management system of an internet data center as shown in fig. 1.
As shown in fig. 3, the operation and maintenance management method of the internet data center of this embodiment may include the following steps S310 to S350:
s310, receiving an operation instruction of the client.
In this embodiment, a plurality of operation and maintenance tools may be integrated through WEB development to form an operation and maintenance management page with a plurality of operation and maintenance tools, the page is displayed to a user through a client, and meanwhile, data transmission is performed with the client through a WEB development technology to receive an operation instruction of the client. The operation instruction may be an instruction for running a network device program, or an instruction for executing a corresponding operation and maintenance scheme, or the like. Specifically, the operation instruction may be a first operation instruction, a second operation instruction, and a third operation instruction, and if the operation instruction is the first operation instruction, access control is performed; under the condition that the operation instruction is a second operation instruction, running corresponding network equipment; and if the operation instruction is a third operation instruction, carrying out vulnerability scanning.
In this embodiment, html is set as the default access file by creating a home page navigation page, uploading files corresponding to all operation and maintenance tools included in the home page navigation page to a content directory of a WEB server. Html file corresponding to navigation link of operation and maintenance tool, can add or delete any operation and maintenance tool by adding or deleting code in index html file, can add tool link and name by code in corresponding tool, can modify link or name by modifying code, thus making system have high flexibility.
And S320, under the condition that the operation instruction is the first operation instruction, performing access control according to the first operation instruction, and recording the first operation instruction.
In this embodiment, the first operation instruction may be an account login request, access control is performed according to the account login request, illegal access and malicious attack are intercepted, an illegal command in the account login request is blocked by the instruction, all illegal access behaviors to the target device are filtered, and the account login request is recorded, so that responsibility tracking after the fact is facilitated.
In this embodiment, when the first operation instruction is executed, the identity information of the client may also be verified; under the condition that the identity information of the client passes the verification, giving corresponding operation authority according to the first operation instruction; distributing different account number authority information to the client according to the operation authority, and executing a first operation instruction; and tracing and analyzing the executing process of the first operation instruction.
In this embodiment, all accounts such as servers, network devices, and security devices may be managed in a centralized manner, and when a login request is sent by a client, the client and the login account are verified, thereby preventing fraudulent use and reuse of identities.
In this embodiment, when the identity information of the client passes the verification, the client may be allowed to log in the account, obtain data through the server, and start the network device. If the identity authentication is not passed, intercepting the first operation instruction to intercept illegal access and malicious attack, carrying out command blocking on illegal commands in the account login request, filtering out all illegal access behaviors to the target equipment, and simultaneously recording the account login request so as to facilitate the follow-up responsibility tracking. And different authorities can be set for different accounts to prevent internal misoperation and authority abuse.
In one embodiment, the mode of the identity authentication module for the client identity authentication can be a plurality of authentication modes such as a dynamic password, a static password, a hardware key, a biological characteristic and the like.
In one embodiment, in order to realize management of personnel and assets, different account authority information can be allocated to a client according to an operation authority, and the authority information can realize fine-grained operation authorization based on factors such as a user, target equipment, time, protocol type IP, behaviors and the like, so that the safety of user resources can be protected to the maximum extent.
In one embodiment, the execution process of the first operation instruction is traced and analyzed through auditing the whole-process operation behaviors such as character strings, graphs, file transmission, databases and the like, for example, various operations of operation and maintenance personnel on an operation system, security equipment, network equipment, a database and other target units are monitored in real time in an equipment video recording mode, illegal behaviors are controlled in the incident, terminal instruction information can be accurately searched, and video recording is accurately positioned.
S330, monitoring the running states of the server and the running equipment executing the second operation instruction under the condition that the operation instruction is the second operation instruction.
In this embodiment, the second operation instruction may be an instruction for implementing a function of the network device, for example, network connection is implemented through the routing device, after the second operation instruction is received, the second operation instruction is sent to the running device capable of executing the second operation instruction, and the running device executes the corresponding second operation instruction.
In this embodiment, when the running device executes the corresponding second operation instruction, the normal operation of the system is ensured by monitoring the running states of the server and the running device executing the second operation instruction. And generating first alarm information under the condition that the server and/or the running equipment are abnormal.
In this embodiment, the first alarm information includes first monitoring data and second monitoring data, where a data type of the first monitoring data is graphical data, and a data type of the second monitoring data is non-graphical data. For example, a Cacti network monitoring system can be used to generate graphic data, and a Zabbix network monitoring system can be used to generate non-graphic data, wherein Cacti is a network traffic monitoring graphic analysis tool developed based on PHP, MySQL, SNMP, and RRDTool, and has a good graphic display effect. The Zabbix network monitoring system is an enterprise-level solution providing distributed system monitoring and network monitoring functions based on a WEB interface, and has a good fault processing and recording function.
S340, detecting whether loopholes exist in the server and the running equipment according to the third operation instruction under the condition that the operation instruction is the third operation instruction;
in this embodiment, the third operation instruction may be a scanning request, and after receiving the scanning request, the server starts the vulnerability scanning program, and presents a scanning result to the user through the client. For example, vulnerability scanning can be performed through a Nessus vulnerability scanning system, Nessus adopts a client/server architecture, a client provides a graphical interface running in an X window, receives a command of a user to communicate with a server, transmits a scanning request of the user to the server, and the server starts scanning and presents a scanning result to the user. The scanning code and the vulnerability data are independent, Nessus has a corresponding plug-in unit for each vulnerability, the vulnerability plug-in unit is a small section of code which is written by NASL (NESSUS attach coding language) and simulates Attack vulnerability, the scanning technology using the vulnerability plug-in unit greatly facilitates the maintenance and updating of vulnerability data, and Nessus has the capability of scanning any service of any port.
In this embodiment, the second warning information is generated when detecting that the server and/or the operating device have vulnerabilities. The second alarm information may include a detailed output report including vulnerability of the target, how to fix the vulnerability to prevent hacking, and a level of danger.
In this embodiment, the file format of the detection report may be customized by a user, and specifically, the file format type requested by the client may be received, and the detection report consistent with the file format type is generated and then sent to the client. The file format type may be a user-specified format such as ASCII text, html, etc.
And S350, backing up the configuration data of the server and the operating equipment, generating backup information, and storing the backup information.
In this embodiment, backup information may be generated by periodically backing up the configuration of the configuration server and the operating device, and stored in the server, so as to avoid data loss caused by server or device failure.
In this embodiment, the periodic data backup may be implemented by presetting at least one backup event, where the at least one backup event includes at least one of reaching the backup event according to a set period, receiving an external backup instruction, restoring a connection of a network, and detecting an event that needs to be shut down. For example, the backup is automatically performed once a day according to a set period, the backup is stored in an oxidized server, and the backup configuration is checked through a WEB page.
In this embodiment, after detecting that the backup information changes, the difference comparison may be performed with the previous configuration. For example, first configuration data and second configuration data are obtained, wherein the first configuration data and the second configuration data are data backed up twice adjacently; comparing the consistency of the first configuration data and the second configuration data; in the event that the first configuration data and the second configuration data change, a discrepancy report is generated. The change of the backup file can be found in time so as to monitor the abnormity of the data all the time.
< apparatus embodiment >
Fig. 4 is a hardware configuration diagram of an electronic device according to another embodiment.
As shown in fig. 4, the electronic device 400 comprises a processor 410 and a memory 420, the memory 420 being adapted to store an executable computer program, the processor 410 being adapted to perform a method according to any of the above method embodiments, under control of the computer program.
The electronic device 400 may be an operation and maintenance management system of the internet data center in fig. 1.
The modules of the electronic device 400 may be implemented by the processor 410 in the present embodiment executing the computer program stored in the memory 410, or may be implemented by other circuit structures, which is not limited herein.
The present invention may be a system, method and/or computer program product. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied therewith for causing a processor to implement various aspects of the present invention.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
The computer program instructions for carrying out operations of the present invention may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, aspects of the present invention are implemented by personalizing an electronic circuit, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA), with state information of computer-readable program instructions, which can execute the computer-readable program instructions.
Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. It is well known to those skilled in the art that implementation by hardware, by software, and by a combination of software and hardware are equivalent.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein. The scope of the invention is defined by the appended claims.
Claims (11)
1. An operation and maintenance management method for an internet data center is characterized by comprising the following steps:
receiving an operation instruction of a client;
under the condition that the operation instruction is a first operation instruction, performing access control according to the first operation instruction, and recording the first operation instruction;
monitoring the running states of a server and running equipment executing the second operation instruction under the condition that the operation instruction is the second operation instruction;
under the condition that the operation instruction is a third operation instruction, detecting whether loopholes exist in the server and the running equipment or not according to the third operation instruction;
and backing up the configuration data of the server and the running equipment, generating backup information, and storing the backup information.
2. The operation and maintenance management method according to claim 1, wherein in a case that the operation instruction is a first operation instruction, the method further comprises:
verifying the identity information of the client;
under the condition that the identity information of the client passes the verification, giving corresponding operation permission according to the first operation instruction;
distributing different account number authority information to the client according to the operation authority, and executing the first operation instruction;
and tracing and analyzing the executing process of the first operation instruction.
3. The operation and maintenance management method according to claim 1, wherein the monitoring of the operation states of the server and the operation device comprises:
and generating first alarm information under the condition that the server and/or the running equipment are abnormal.
4. The operation and maintenance management method according to claim 3, wherein the first alarm information includes first monitoring data and second monitoring data, the data type of the first monitoring data is graphical data, and the data type of the second monitoring data is non-graphical data.
5. The operation and maintenance management method according to claim 1, wherein the detecting whether the server and the running device have vulnerabilities according to the third operation instruction includes: and generating second alarm information under the condition that the server and/or the running equipment are detected to have the loopholes.
6. The operation and maintenance management method according to claim 5, further comprising:
receiving a file format type requested by a client,
and generating a detection report consistent with the file format type.
7. The operation and maintenance management method according to claim 1, wherein the generating backup information comprises:
acquiring first configuration data and second configuration data, wherein the first configuration data and the second configuration data are data backed up twice adjacently;
comparing the consistency of the first configuration data and the second configuration data;
generating a discrepancy report if the first configuration data and the second configuration data change.
8. An operation and maintenance management system of an internet data center, characterized in that the method comprises:
the WEB development unit is used for receiving an operation instruction of a client and distributing the first operation instruction to the bastion machine unit under the condition that the operation instruction is the first operation instruction; under the condition that the operation instruction is a second operation instruction, distributing the second operation instruction to corresponding running equipment; distributing the third operation instruction to a vulnerability scanning unit under the condition that the operation instruction is the third operation instruction;
the bastion machine unit is used for carrying out access control according to the first operation instruction distributed by the WEB development unit and recording the first operation instruction;
the network monitoring unit comprises a first network monitoring unit and a second network monitoring unit, and is used for monitoring the running states of the server and running equipment executing the second operation instruction;
and the vulnerability scanning unit is used for detecting whether vulnerabilities exist in the server and the running equipment according to a third operation instruction of the client, which is distributed by the WEB development unit.
And the configuration backup unit is used for backing up configuration data of the server and the running equipment, generating backup information and outputting the backup information to the WEB development unit.
9. The operation and maintenance management system of the internet data center according to claim 8, wherein the bastion machine unit comprises:
the identity authentication module is used for authenticating the identity information of the client;
the authorization control module is used for giving corresponding operation authority according to the first operation instruction under the condition that the identity information of the client is verified;
the account management module is used for distributing different account authority information to the client according to the operation authority;
and the safety audit module is used for tracing and analyzing the execution process of the first operation instruction.
10. An electronic device comprising a memory and a processor, the memory for storing a computer program; the processor is adapted to execute the computer program to implement the method according to any of claims 1-7.
11. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011511445.8A CN112688808A (en) | 2020-12-18 | 2020-12-18 | Operation and maintenance management method and system of internet data center and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011511445.8A CN112688808A (en) | 2020-12-18 | 2020-12-18 | Operation and maintenance management method and system of internet data center and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112688808A true CN112688808A (en) | 2021-04-20 |
Family
ID=75450209
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011511445.8A Pending CN112688808A (en) | 2020-12-18 | 2020-12-18 | Operation and maintenance management method and system of internet data center and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112688808A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113934607A (en) * | 2021-09-29 | 2022-01-14 | 深圳竹云科技有限公司 | Management method, device and storage medium of operation and maintenance assets |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105119750A (en) * | 2015-09-08 | 2015-12-02 | 南京联成科技发展有限公司 | Distributed information security operation and maintenance management platform based on massive data |
| CN107563713A (en) * | 2017-06-20 | 2018-01-09 | 华迪计算机集团有限公司 | A kind of electronic document system and its method for operation monitoring |
| CN109257209A (en) * | 2018-09-04 | 2019-01-22 | 山东浪潮云投信息科技有限公司 | A kind of data center server centralized management system and method |
| CN110677415A (en) * | 2019-09-29 | 2020-01-10 | 信阳农林学院 | Network information safety protection system |
| CN110691064A (en) * | 2018-09-27 | 2020-01-14 | 国家电网有限公司 | Safety access protection and detection system for field operation terminal |
-
2020
- 2020-12-18 CN CN202011511445.8A patent/CN112688808A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105119750A (en) * | 2015-09-08 | 2015-12-02 | 南京联成科技发展有限公司 | Distributed information security operation and maintenance management platform based on massive data |
| CN107563713A (en) * | 2017-06-20 | 2018-01-09 | 华迪计算机集团有限公司 | A kind of electronic document system and its method for operation monitoring |
| CN109257209A (en) * | 2018-09-04 | 2019-01-22 | 山东浪潮云投信息科技有限公司 | A kind of data center server centralized management system and method |
| CN110691064A (en) * | 2018-09-27 | 2020-01-14 | 国家电网有限公司 | Safety access protection and detection system for field operation terminal |
| CN110677415A (en) * | 2019-09-29 | 2020-01-10 | 信阳农林学院 | Network information safety protection system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113934607A (en) * | 2021-09-29 | 2022-01-14 | 深圳竹云科技有限公司 | Management method, device and storage medium of operation and maintenance assets |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11627054B1 (en) | Methods and systems to manage data objects in a cloud computing environment | |
| US10467426B1 (en) | Methods and systems to manage data objects in a cloud computing environment | |
| RU2677378C2 (en) | Systems and methods for network analysis and reporting | |
| Kent et al. | Guide to Computer Security Log Management:. | |
| US10671723B2 (en) | Intrusion detection system enrichment based on system lifecycle | |
| Spyridopoulos et al. | Incident analysis & digital forensics in SCADA and industrial control systems | |
| CN105139139A (en) | Data processing method, device and system for operation and maintenance audit | |
| US20070250699A1 (en) | Automated evidence gathering | |
| CN113704767A (en) | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system | |
| US20180054456A1 (en) | Website security tracking across a network | |
| Tariq | Towards information security metrics framework for cloud computing | |
| CN110033174A (en) | A kind of industrial information efficient public security system building method | |
| CN113407949A (en) | Information security monitoring system, method, equipment and storage medium | |
| US20180034780A1 (en) | Generation of asset data used in creating testing events | |
| Iakovakis et al. | Analysis and classification of mitigation tools against cyberattacks in COVID‐19 era | |
| KR101201629B1 (en) | Cloud computing system and Method for Security Management for each Tenant in Multi-tenancy Environment | |
| CN112688808A (en) | Operation and maintenance management method and system of internet data center and electronic equipment | |
| CN112732539A (en) | Data responsibility adjustment early warning method and system based on personnel organization and post information transaction | |
| CN112163198A (en) | Host login security detection method, system, device and storage medium | |
| CN112364342A (en) | Safety protection system based on cloud platform | |
| Dorigo | Security information and event management | |
| Kent et al. | Sp 800-92. guide to computer security log management | |
| KR102192232B1 (en) | System for providing verification and guide line of cyber security based on block chain | |
| CN114036505A (en) | Safety operation and maintenance analysis server, safety operation and maintenance analysis method and computer equipment | |
| Pitzer et al. | Addressing and managing cyber security risks and exposures in process control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210420 |
|
| RJ01 | Rejection of invention patent application after publication |