CN113114503B - Deployment method and device based on application delivery network requirements - Google Patents

Deployment method and device based on application delivery network requirements Download PDF

Info

Publication number
CN113114503B
CN113114503B CN202110392905.8A CN202110392905A CN113114503B CN 113114503 B CN113114503 B CN 113114503B CN 202110392905 A CN202110392905 A CN 202110392905A CN 113114503 B CN113114503 B CN 113114503B
Authority
CN
China
Prior art keywords
network
application
firewall
requirement
load balancing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110392905.8A
Other languages
Chinese (zh)
Other versions
CN113114503A (en
Inventor
闫凡茜
李欣阳
李譞
李静晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110392905.8A priority Critical patent/CN113114503B/en
Publication of CN113114503A publication Critical patent/CN113114503A/en
Application granted granted Critical
Publication of CN113114503B publication Critical patent/CN113114503B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0889Techniques to speed-up the configuration process

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a deployment method and device based on application delivery network requirements, and belongs to the technical field of information safety. The deployment method comprises the following steps: acquiring network requirement application information through a preset application delivery network requirement application page; determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network based on the network requirement application information; sequencing each network configuration item based on a preset sequencing sequence; and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence. The invention can effectively improve the coverage rate and the implementation efficiency of network requirements, replaces manual IP allocation and network configuration implementation, reduces the manual repeated workload and reduces the network requirement implementation pressure.

Description

Deployment method and device based on application delivery network requirements
Technical Field
The invention relates to the technical field of information security, in particular to a deployment method and device based on application delivery network requirements.
Background
With the rapid development of the internet, higher requirements are put on the aspects of high availability, high performance, high concurrency, high security and the like of internet applications, and the realization of the requirements depends on the network services at the bottom layer. At present, a layered network deployment architecture is gradually adopted in the large financial industry to provide safe and reliable services for internet application. The framework realizes second-level switching of a fault line or a park through domain name resolution service, and provides powerful guarantee for external malicious attacks suffered by application through double-layer security protection of a firewall and an application firewall; aiming at the problem that the resource consumption of the HTTPS request certificate unloading is too large in the high-concurrency scene, a certificate unloading layer is separately deployed, so that the pressure of load balancing equipment or a WEB server which originally undertakes the certificate unloading function is greatly reduced, and the bottleneck of a high-concurrency service data link is solved; the L4 and L7 double-layer load balancing framework realizes high availability and diversified load requirements of applications, the L4 layer load nodes realize quick forwarding of application access requests, and the L7 layer load nodes realize a complex scheduling forwarding strategy, so that the service support capability of the whole load balancing system is improved.
The internet application delivery on-line needs to submit domain name resolution, load balancing, certificate unloading, application firewall and firewall network change applications, professional terms of change application contents are greatly different from business requirement descriptions, and application personnel can hardly accurately submit change contents and can accurately submit the change contents after multiple modifications by the application personnel. Network professionals need to implement a large amount of network changes every day, and because of various network devices and large change quantity, a large amount of manpower is needed to be consumed for manual implementation, and meanwhile, the accuracy cannot be completely guaranteed. The delivery efficiency is greatly reduced by applying the problems of long change process, long time consumption, large quantity and the like of the delivery network, and meanwhile, network professionals face great pressure and challenges in change implementation and problem troubleshooting.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a deployment method and a deployment device based on application delivery network requirements, which can effectively improve the coverage rate and the implementation efficiency of the network requirements, replace manual IP allocation and network configuration implementation, reduce the manual repeated workload and reduce the network requirement implementation pressure.
In order to solve the technical problems, the invention provides the following technical scheme:
in a first aspect, the present invention provides a deployment method based on application delivery network requirements, including:
acquiring network requirement application information through a preset application delivery network requirement application page;
determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network based on the network requirement application information;
sequencing each network configuration item based on a preset sequencing sequence;
and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence.
After determining the network configuration items corresponding to the domain name resolution network, the load balancing network, the certificate unloading network, the application firewall network and the firewall network based on the network requirement application information, the method further comprises the following steps:
determining a network IP address corresponding to at least one of a load balancing network, a certificate unloading network and an application firewall network to be acquired based on the network demand application information;
and integrating the acquired network IP address to a network configuration item corresponding to the network IP address.
Before integrating the obtained network IP address into the network configuration item corresponding to the network IP address, the method further includes:
and respectively acquiring network IP addresses of the load balancing network, the certificate unloading network and the application firewall network.
The respectively obtaining network IP addresses of the load balancing network, the certificate offloading network, and the application firewall network includes:
and acquiring network IP addresses corresponding to the pre-recorded load balancing network, the certificate unloading network and the application firewall network from the network IP address distribution table, and modifying the to-be-started state of the acquired network IP addresses into a use state.
Determining respective corresponding network configuration items of a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network based on the network demand application information, wherein the determining comprises the following steps:
analyzing the network requirement application information to obtain network requirements corresponding to a domain name analysis network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network;
retrieving respective network configuration items from respective corresponding lists based on respective network requirements of a domain name resolution network, a load balancing network, a certificate offload network, an application firewall network and a firewall network;
the corresponding list is used for storing the corresponding relation between the network requirement and the network configuration item.
Wherein the preset sorting order comprises:
the first to last order is the domain name resolution network, the firewall network, the L4 load balancing network, the certificate offload network, the application firewall network, and the L7 load balancing network.
Wherein, the preset sequencing sequence further comprises:
the sequence from first to last is L4 load balancing network, certificate offload network, application firewall network, L7 load balancing network, firewall network and domain name resolution network.
In a second aspect, the present invention provides a deployment apparatus based on application delivery network requirements, including:
the acquisition module is used for acquiring network demand application information through a preset application delivery network demand application page;
the configuration item module is used for determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network based on the network demand application information;
the sequencing module is used for sequencing each network configuration item based on a preset sequencing sequence;
and the deployment module is used for deploying the sequenced network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sequencing order.
In a third aspect, the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the deployment method based on the application delivery network requirement when executing the program.
In a fourth aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for deployment based on application delivery network requirements.
According to the technical scheme, the invention provides the deployment method and the device based on the application delivery network requirement, and the network requirement application information is obtained through the application page of the preset application delivery network requirement; determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network respectively based on the network demand application information; sequencing each network configuration item based on a preset sequencing sequence; and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence. The coverage rate and implementation efficiency of network requirements can be effectively improved, manual IP allocation and network configuration implementation are replaced, manual repeated workload is reduced, and network requirement implementation pressure is reduced.
Drawings
In order to more clearly illustrate the embodiments or technical solutions of the present invention, the drawings used in the embodiments or technical solutions in the prior art are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a first flowchart of a deployment method based on an application delivery network requirement according to an embodiment of the present invention.
Fig. 2 is a second flowchart of the deployment method based on the application delivery network requirement according to the embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a deployment apparatus for delivering network requirements based on applications in an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a deployment system based on an application delivery network requirement according to an embodiment of the present invention.
Fig. 5 and fig. 6 are service access data flow diagrams of the present invention.
Fig. 7 is a unit structure diagram of a network requirement analysis module according to the present invention.
Fig. 8 is a block diagram of a service orchestration module according to the present invention.
Fig. 9 is a unit structure diagram of the network IP address management module of the present invention.
FIG. 10 is a flow chart of an Internet application delivery network requirement automation implementation device according to the invention.
Fig. 11 is a schematic structural diagram of an electronic device in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Before the technical solutions in the embodiments of the present invention are clearly and completely described, technical terms involved in the embodiments of the present invention are explained in detail.
The domain name resolution and domain name resolution equipment comprises: the domain name resolution refers to resolving a domain name into an IP address, and the domain name resolution equipment refers in particular to network equipment which is self-maintained by an enterprise and is specially used for configuring the corresponding relation between the own Internet domain name and the Internet address of the enterprise.
The load balancing device of the L4\ L7 layer and the load balancing device of the L4\ L7 layer are as follows: load balancing refers to combining a plurality of servers into a server set in a symmetrical manner, and by means of a certain load sharing technology, requests sent from the outside are distributed to a certain server at the rear end in a balanced manner, and L4 layer load balancing mainly refers to performing load scheduling according to transport layer protocol content (quintuple), for example, performing load based on TCP connection. The L7 layer load balancing refers to performing load scheduling according to specific content of the application layer, for example, performing load scheduling according to content such as user ID information and Cookie information of the application layer. The L4\ L7 layer load balancing equipment in the invention refers in particular to L4 and L7 layer network equipment which is deployed in an Internet isolation area by an enterprise and is used for bearing service request balanced distribution. Hereinafter, the L4\ L7 layer load balancing is collectively called load balancing.
Certificate uninstallation and certificate uninstallation apparatus: certificate offload refers to the encryption and decryption of data in an HTTPS request. The certificate offload device is specifically a device self-maintained by the enterprise and dedicated to HTTPS certificate offload.
Application firewall and application firewall equipment: the application firewall is used for providing a safety protection function for an application layer. The invention particularly relates to network equipment which is deployed in an Internet isolation area by an enterprise and is specially used for providing security protection for WEB application by executing a series of security strategies aiming at HTTP/HTTPS.
Firewall and firewall equipment: a firewall refers to a method of separating an intranet from a public network access network (e.g., the Internet). The invention particularly relates to network equipment for isolating an internal network from an external network environment by an enterprise.
The application asset management system comprises: the invention particularly relates to a system for maintaining application node information and IP address information in enterprises.
The invention provides an embodiment of a deployment method based on application delivery network requirements, which specifically comprises the following contents in reference to fig. 1:
s101: acquiring network requirement application information through a preset application delivery network requirement application page;
in this step, the application page of the network requirement is delivered through the preset application, and the application personnel only need to select the service requirement that needs to be met by the network, including but not limited to: the method comprises the following steps of applying a name, applying a node name, deploying a single or multiple parks, accessing through a domain name or an IP, applying an external service port, unloading a certificate on a network side, obtaining a real IP address of a client by an application, distributing a service access request to each server on a back end in a balanced manner, sensing the real-time state of the application server by the network side in a real manner, keeping a transaction request of the same client in the same application server all the time, and playing an attack protection role for the application on the network side.
The application page for the application delivery network requirements translates the natural language submitted by the application personnel into a computer language that can be implemented automatically.
S102: determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network based on the network requirement application information;
in the step, the network requirement application information is analyzed to obtain the network requirements corresponding to the domain name analysis network, the load balancing network, the certificate unloading network, the application firewall network and the firewall network; retrieving respective network configuration items from respective corresponding lists based on respective network requirements of a domain name resolution network, a load balancing network, a certificate offload network, an application firewall network and a firewall network; the corresponding list is used for storing the corresponding relation between the network requirement and the network configuration item.
In specific implementation, after receiving the network requirement application information, the network requirement application information is analyzed to obtain the network requirements corresponding to the domain name analysis network, the load balancing network, the certificate unloading network, the application firewall network and the firewall network contained in the network requirement application information.
And according to the network requirements corresponding to the domain name resolution network, the load balancing network, the certificate unloading network, the application firewall network and the firewall network obtained by resolution, retrieving the corresponding network configuration items from the corresponding lists corresponding to the domain name resolution network, the load balancing network, the certificate unloading network, the application firewall network and the firewall network.
For example: and searching the network configuration item of the domain name resolution function according to the network requirement from a corresponding relation table for maintaining the application scene network requirement and the domain name resolution network function configuration item. And searching the network configuration item with the load balancing function according to the network requirement from the corresponding relation table for maintaining the application scene network requirement and the load balancing network function configuration item. And searching the network configuration item of the certificate unloading function according to the network requirement from the corresponding relation table of the application scene network requirement and the certificate unloading network function configuration item. And searching the network configuration item of the application firewall function according to the network requirement from the corresponding relation table for maintaining the application scene network requirement and the application firewall network function configuration item. And searching the network configuration item of the firewall function according to the network requirement from the corresponding relation table of the network requirement of the application scene maintenance and the firewall network function configuration item.
S103: sequencing each network configuration item based on a preset sequencing sequence;
in this step, the network configuration items are received, and the automatic implementation sequence of the network configuration items is sequenced according to the service access data stream and the logic relation that the automatic implementation sequence of each network configuration item has zero influence on the service. In this embodiment, the preset sorting order includes: access data flow order and network configuration item automation implementation order.
Wherein, the sequence of the access data stream is as follows: the sequence from first to last is a domain name resolution network, a firewall network, an L4 load balancing network, a certificate offload network, an application firewall network, and an L7 load balancing network.
The automatic implementation sequence of the network configuration items is as follows: the sequence from first to last is L4 load balancing network, certificate offload network, application firewall network, L7 load balancing network, firewall network and domain name resolution network.
It should be noted that four-layer load balancing, certificate offloading, application firewall, and seven-layer load balancing may be implemented in parallel.
S104: and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence.
In this step, the logic judgment and the network configuration generation are carried out according to the domain name resolution configuration item, the generated configuration is issued to the domain name resolution network equipment, and the verification is carried out according to the configuration item content and the configuration actually issued to the equipment, so as to ensure the consistency of the requirements and the implementation. And carrying out logic judgment, network configuration generation and issuing the generated configuration to the load balancing network equipment according to the load balancing configuration item, and carrying out inspection according to the content of the configuration item and the configuration actually issued to the equipment to ensure the consistency of the requirements and the implementation. And carrying out logic judgment, network configuration generation and issuing the generated configuration to the certificate unloading network equipment according to the certificate unloading configuration item, and checking according to the content of the configuration item and the configuration actually issued to the equipment to ensure that the requirements are consistent with the implementation. And carrying out logic judgment, network configuration generation and issuing the generated configuration to the application firewall network equipment according to the application firewall configuration item, and carrying out inspection according to the content of the configuration item and the configuration actually issued to the equipment to ensure the consistency of the requirements and the implementation. And carrying out logic judgment, generating network configuration and issuing the generated configuration to firewall network equipment according to the firewall configuration item, and checking according to the content of the configuration item and the configuration actually issued to the equipment to ensure that the requirements are consistent with the implementation.
As can be seen from the above description, in the deployment method based on the application delivery network requirement provided in the embodiment of the present invention, the network requirement application information is acquired through the application page of the preset application delivery network requirement; determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network based on the network requirement application information; sequencing all the network configuration items based on a preset sequencing sequence; and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence. The coverage rate and implementation efficiency of network requirements can be effectively improved, manual IP allocation and network configuration implementation are replaced, manual repeated workload is reduced, and network requirement implementation pressure is reduced.
In an embodiment of the present invention, referring to fig. 2, after step S102 in the deployment method based on the application delivery network requirement, the following contents are specifically included:
s105: determining a network IP address corresponding to at least one of a load balancing network, a certificate unloading network and an application firewall network to be acquired based on the network demand application information;
s106: and respectively acquiring network IP addresses of the load balancing network, the certificate unloading network and the application firewall network. The method comprises the steps of obtaining network IP addresses corresponding to a load balancing network, a certificate unloading network and an application firewall network which are input in advance from a network IP address distribution table, and modifying the state of the obtained network IP addresses to be started into a use state.
S107: and integrating the acquired network IP address to a network configuration item corresponding to the network IP address.
In this embodiment, the network demand application information is analyzed to determine whether the network demand application information includes: a network IP address requirement and a network requiring a network IP address. And determining a network IP address corresponding to at least one of a load balancing network, a certificate unloading network and an application firewall network to be acquired according to the network requirement application information.
The method for acquiring the network IP address of the corresponding network by calling the network IP address stored in the network IP address allocation unit specifically includes: and acquiring network IP addresses corresponding to the pre-recorded load balancing network, the certificate unloading network and the application firewall network from the network IP address distribution table, and modifying the to-be-started state of the acquired network IP addresses into a use state.
And sequencing the network functions to be implemented according to the uploaded network configuration item content, acquiring the network IP address if the load balancing virtual address, the application firewall virtual service address or the certificate unloading virtual address are required before the network functions are automatically implemented, and integrating the acquired network IP address into the corresponding network configuration item.
And deploying the information of each network configuration item to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the arranged service sequence.
And receiving the arranged network function automation sequence and the network configuration item information, and distributing the load balancing network, the certificate unloading network and the application firewall network configuration. After the network configuration is issued, the firewall network configuration item configuration is issued and verified; and after the verification is correct, the configuration of the domain name resolution configuration network is issued and verified.
The invention comprises a domain name resolution, a four-seven-layer load balancing, a certificate unloading, an application firewall and an automatic implementation method of the firewall, solves the pain points of long application delivery process, more communication, inaccurate network requirement description, large manpower consumption for network configuration implementation and the like from the aspects of requirement submission, network configuration item translation, service arrangement, network IP address acquisition and the like, and effectively improves the execution efficiency and the accuracy of network requirement realization.
1. The network function scenario natural language requirement application page which is easy to understand is provided, professional network terms are shielded, application personnel can concentrate on the application requirements, and accuracy of network requirement description is improved.
2. Network equipment of multiple manufacturers and various models related to application delivery network requirements are integrated together, various network requirements can be met, a passive network service mode is converted into active output service to the application, and the coverage rate and the implementation efficiency of the network requirements are greatly improved.
3. The original multiple network requirement applications are compressed into one application, the network requirements are manually filled, other processes do not need manual intervention, manual IP allocation and network configuration implementation are replaced, manual repeated workload is reduced, and network requirement implementation pressure is reduced.
An embodiment of the present invention provides a specific implementation manner of a deployment apparatus based on an application delivery network requirement, which is capable of implementing all contents in the deployment method based on the application delivery network requirement, and referring to fig. 3, the deployment apparatus based on the application delivery network requirement specifically includes the following contents:
the acquisition module 10 is used for acquiring network demand application information through a preset application delivery network demand application page;
a configuration item module 20, configured to determine, based on the network demand application information, network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate offload network, an application firewall network, and a firewall network;
a sorting module 30, configured to sort the network configuration items based on a preset sorting order;
and the deployment module 40 is configured to deploy the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting order.
Wherein, still include:
the network address module is used for determining a network IP address corresponding to at least one of a load balancing network, a certificate unloading network and an application firewall network to be acquired based on the network demand application information;
and the integration module is used for integrating the acquired network IP address to the network configuration item corresponding to the network IP address.
Wherein, still include:
and the acquisition module is used for respectively acquiring the network IP addresses of the load balancing network, the certificate unloading network and the application firewall network.
Wherein the acquisition module comprises:
and the address allocation unit is used for acquiring network IP addresses corresponding to the pre-recorded load balancing network, the certificate unloading network and the application firewall network from the network IP address allocation table and modifying the state to be started of the acquired network IP addresses into a use state.
Wherein the configuration item module 20 includes:
the analysis unit is used for analyzing the network requirement application information to obtain network requirements corresponding to a domain name analysis network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network;
the retrieval unit is used for retrieving respective network configuration items from respective corresponding lists based on the network requirements of the domain name resolution network, the load balancing network, the certificate unloading network, the application firewall network and the firewall network;
the corresponding list is used for storing the corresponding relation between the network requirement and the network configuration item.
Wherein the preset sorting order comprises:
the first to last order is the domain name resolution network, the firewall network, the L4 load balancing network, the certificate offload network, the application firewall network, and the L7 load balancing network.
Wherein, the preset sequencing sequence further comprises:
the sequence from first to last is L4 load balancing network, certificate offload network, application firewall network, L7 load balancing network, firewall network, and domain name resolution network.
The embodiment of the deployment apparatus based on the application delivery network requirement provided by the present invention may be specifically used for executing the processing flow of the embodiment of the deployment method based on the application delivery network requirement in the foregoing embodiment, and the function of the deployment apparatus based on the application delivery network requirement is not described herein again, and reference may be made to the detailed description of the embodiment of the method.
As can be seen from the above description, the deployment device based on the application delivery network requirement according to the embodiment of the present invention obtains the network requirement application information through the application page of the preset application delivery network requirement; determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network based on the network requirement application information; sequencing all the network configuration items based on a preset sequencing sequence; and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence. The coverage rate and implementation efficiency of network requirements can be effectively improved, manual IP allocation and network configuration implementation are replaced, manual repeated workload is reduced, and network requirement implementation pressure is reduced.
An embodiment of the present invention provides a specific implementation of a deployment system based on an application delivery network requirement, which, referring to fig. 4, specifically includes the following contents:
an application delivery network requirement application module 101, a network requirement analysis module 102, a business orchestration module 103, a network IP address management module 104, a domain name resolution automation module 105, a load balancing automation module 106, a certificate offload automation module 107, an application firewall automation module 108, and a firewall automation module 109.
The application delivery network requirement application module 101 provides a network requirement application interface for application personnel, and the application personnel fills application contents according to business requirements and uploads the application contents to the network requirement analysis module 102; the network requirement analysis module 102 analyzes according to the uploaded network requirement content, and uploads the analyzed result to the service arrangement module 103; the service arranging module 103 judges whether the network IP address needs to be acquired according to the analyzed network demand content, if the network IP address needs to be acquired, the service arranging module 103 calls the network IP address management module 104 to acquire the IP address needed by the network demand realization; and finally, respectively uploading the information of each network configuration item to a corresponding domain name resolution automation module 105, a load balancing automation module 106, a certificate unloading automation module 107, an application firewall automation module 108 and a firewall automation module 109 according to the arranged service sequence, and completing the automation implementation and verification of the application delivery network requirement.
The application delivery network requirement application module 101 is used for filling and submitting an application delivery network requirement application. The interface provides a scene natural language which is easy to understand for application personnel, the application personnel only needs to select service requirements which need to be met by a network without paying attention to professional terms of network requirements, and the service requirements include but are not limited to application names, application node names, single-garden or multi-garden deployment, access through domain names or IP, external service ports applied, whether certificate unloading is implemented on a network side, whether real IP addresses of clients are obtained by application, service access requests are distributed to each server on a back end in a balanced mode, the real-time state of the application servers can be really sensed by the network side, transaction requests of the same client are always kept in the same application server, and the network side plays a role in attack protection and the like for the application. The network requirement content submitted by the application personnel is uploaded to the network requirement analysis module 102.
The network requirement analysis module 102 is configured to translate the natural language submitted by the application staff into an automatically implementable network configuration item, and analyze an IP address corresponding to the application node according to the network requirement submitted by the application staff. The resolved application node IP address and configuration items for domain name resolution, load balancing, certificate offloading, application firewall and firewall functions are uploaded to the business orchestration module 103.
The service orchestration module 103 is configured to order the uploaded network configuration items. According to the service access data flow diagram, as shown in fig. 5 and 6, the network functions to be implemented are sorted according to the content of the network configuration items sent, and before the network functions are automatically implemented, if a load balancing virtual address, an application firewall virtual service address or a certificate uninstalling virtual address is needed, the network IP address management module 104 is called to obtain the network IP addresses, and the obtained network IP addresses are integrated into the corresponding network configuration items. And finally, the sorted network configuration items are sequentially uploaded to a corresponding domain name resolution automation module 105, a load balancing automation module 106, a certificate unloading automation module 107, application firewall modules 108 and a firewall automation module 109.
The network IP address management module 104 is used for load balancing, application firewall virtual service address, and certificate offload virtual address entry, allocation, and release.
The domain name resolution automation module 105 is used for automated implementation of domain name resolution configuration. And carrying out logic judgment and network configuration generation according to the uploaded domain name resolution configuration item, issuing the generated configuration to the domain name resolution network equipment, and checking according to the content of the configuration item and the configuration actually issued to the equipment to ensure that the requirements are consistent with the implementation.
The load balancing automation module 106 is used for automated implementation of load balancing configurations. And carrying out logic judgment, network configuration generation and issuing the generated configuration to the load balancing network equipment according to the uploaded load balancing configuration item, and carrying out inspection according to the content of the configuration item and the configuration actually issued to the equipment to ensure the consistency of the requirements and the implementation.
The certificate offload automation module 107 is used for automated implementation of certificate offload configuration. And carrying out logic judgment, network configuration generation and issuing the generated configuration to the certificate unloading network equipment according to the uploaded certificate unloading configuration item, and checking according to the content of the configuration item and the configuration actually issued to the equipment to ensure that the requirements are consistent with the implementation.
The application firewall automation module 108 is used to automate the implementation of the application security protection configuration. And carrying out logic judgment, network configuration generation and generated configuration transmission to the application firewall network equipment according to the uploaded application firewall configuration items, and checking according to the configuration item content and the configuration actually transmitted to the equipment to ensure that the requirements are consistent with the implementation.
The firewall automation module 109 is used for automated enforcement of firewall policies. And performing logic judgment, generating network configuration and issuing the generated configuration to firewall network equipment according to the uploaded firewall configuration items, and checking according to the content of the configuration items and the configuration actually issued to the equipment to ensure that the requirements are consistent with the implementation.
Fig. 7 is a block diagram of the network requirement analysis module 102 according to the present invention, where the network requirement analysis module 102 includes an application requirement allocation unit 201, an application IP address reading unit 202, a domain name analysis configuration item translation unit 203, a load balancing configuration item translation unit 204, a certificate uninstallation configuration item translation unit 205, an application firewall configuration item translation unit 206, a firewall configuration item translation unit 207, and a network requirement item uploading unit 208, where:
the application network demand allocation unit 201: and receiving and distributing the natural language required by the application network. The unit is responsible for receiving information submitted by the application delivery network requirement application module 101, sequentially retrieving network functions corresponding to each piece of information according to the application network requirement application information, and respectively allocating the retrieved application network requirement application information to the application IP address reading unit 202, the domain name resolution configuration item translation unit 203, the load balancing configuration item translation unit 204, the certificate unloading configuration item translation unit 205, the application firewall configuration item translation unit 206 and the firewall configuration item translation unit 207 for processing.
Application IP address reading unit 202: according to the application network requirement application information sent by the application network requirement allocation unit 201, the unit marks an application IP according to the application node minimum unit partition principle, including but not limited to information such as usage environment, service group, service environment, and service node. And acquiring an application IP address from the application asset management system according to the relevant information of the application node, wherein the returned IP address information is used as input information of the network requirement item uploading unit 208.
The domain name resolution configuration item translation unit 203: the unit is used for maintaining the corresponding relation between the application scene network requirements and the domain name resolution network function configuration items, and can perform addition, modification, deletion and query on the application scene requirements along with the continuous change of the internet application requirements. Meanwhile, the network configuration item with the domain name resolution function is retrieved according to the application network requirement application information uploaded by the application network requirement allocation unit 201, for example, the domain name, the load balancing algorithm and the health check mode configuration item are translated according to three network requirements, that is, the three network requirements can sense the real-time state of the application server through domain name access, user access service nearby and domain name resolution equipment, and the translated network configuration item is used as the input information of the network requirement item uploading unit 208.
The load balancing configuration item translation unit 204: the unit is used for maintaining the corresponding relation between the application scenario network requirement and the load balancing network function configuration item, and can add, modify, delete and query the application scenario requirement along with the continuous change of the internet application requirement. Meanwhile, a network configuration item with a load balancing function is retrieved according to the application network requirement application information sent by the application network requirement allocation unit 201, for example, the network configuration item is dynamically allocated to each back-end server in a balanced manner according to a service access request, a client real IP address is obtained, and all requests of a user are loaded to the same application server, and translated into a load balancing algorithm of client-Connections-members, a client source address is inserted, and a Cookie session maintaining configuration item is implemented, and the translated network configuration item is used as input information of the network requirement item sending unit 208.
The certificate uninstall configuration item translation unit 205: the unit is used for maintaining the corresponding relation between the application scene network requirements and the certificate uninstalling network function configuration items, and can perform addition, modification, deletion and inquiry on the application scene requirements along with the continuous change of the internet application requirements. Meanwhile, the network configuration item with the certificate uninstalling function is retrieved according to the application network requirement application information uploaded by the application network requirement allocation unit 201, for example, the TLS protocol, the algorithm suite and the bidirectional authentication configuration item are translated according to three network requirements, namely, that the certificate uninstall supports all TLS protocols, the RC4 algorithm is disabled, and the client and the server perform bidirectional authentication, and the translated network configuration item is used as the input information of the network requirement item uploading unit 208.
The application firewall configuration item translation unit 206: the unit is used for maintaining the corresponding relation between the application scene network requirements and the application firewall network function configuration items, and can perform addition, modification, deletion and query on the application scene requirements along with the continuous change of the internet application requirements. Meanwhile, the network configuration item with the firewall function is retrieved according to the application network requirement application information uploaded by the application network requirement allocation unit 201, for example, the corresponding security protection policy is translated according to the protection against brute force cracking, the protection against malicious scanning of the Web, and the protection against SQL injection, and the translated network configuration item is used as the input information of the network requirement item uploading unit 208.
The firewall configuration item translation unit 207: the unit is used for maintaining the corresponding relation between the application scene network requirements and the firewall network function configuration items, and can perform addition, modification, deletion and query on the application scene requirements along with the continuous change of the internet application requirements. Meanwhile, the network configuration item of the firewall function is retrieved according to the application requirement application information uploaded by the application requirement allocation unit 201, for example, the firewall opening direction and range configuration item is translated according to the network requirements of all the IP access service systems that allow the internet, and the translated network configuration item is used as the input information of the network requirement item uploading unit 208.
The network requirement item uploading unit 208: the unit integrates the application IP address sent by the application IP address reading unit 202 into the function configuration items of the load balancing network, and sends each integrated function configuration item to the service arrangement module 103 for processing.
Fig. 8 is a unit structure diagram of the service orchestration module 103 according to the present invention, where the service orchestration module 103 includes a network IP address reading unit 301, a service orchestration processing unit 302, and an automation task allocating unit 303, where:
network IP address reading unit 301: the unit mainly obtains the required network IP address according to the network configuration item. The unit receives the network configuration item information sent by the network requirement analysis module 102, determines which network IP addresses are needed according to the sent network configuration item information, takes the type of the needed network IP addresses as the input information of the network IP address allocation unit 402, and calls the network IP address allocation unit 402 to obtain the network IP addresses of the corresponding type. The network configuration item information uploaded by the network requirement analysis module 102 and the IP address obtained by the network IP address allocation unit 402 are integrated and then uploaded to the service orchestration processing unit 302 for processing.
The business arrangement processing unit 302: the unit mainly sequences the network configuration item automation implementation sequence. For example, the access data flow of the service is from outside to inside, the client initiates access through a domain name, the service request passes through a firewall to a domain name resolution device, the domain name resolution device returns an IP address, then the client initiates access through the IP address, the access data flow is domain name resolution, a firewall, four-layer load balancing, certificate unloading, an application firewall, seven-layer load balancing and an application server, in order to ensure that the service is not affected during the automatic implementation of the network function, the automatic implementation sequence of the network configuration item is from inside to outside, the four-layer load balancing, the certificate unloading, the application firewall and the seven-layer load balancing of the inner layer can be implemented in parallel, the firewall is implemented, and finally the domain name resolution is implemented. The unit receives the network configuration item information sent by the network IP reading unit 301, sorts the network configuration item automation implementation sequence according to the service access data stream and the logic relationship that each network configuration item automation implementation sequence has zero influence on the service, and uses the sorted result as the input information of the automation task allocating unit 303.
The automation task assigning unit 303: the unit is mainly used for distributing the arranged network configuration items to the corresponding network function automation modules. The unit receives the network function automation sequence and the network configuration item information arranged by the service arrangement processing unit 302, and takes the load balancing, certificate unloading and application firewall configuration items as the input information of the load balancing automation module 106, the certificate unloading automation module 107 and the application firewall automation module 108 in sequence, and calls the automation module to complete network configuration issuing. After the load balancing automation module 106, the certificate unloading automation module 107 and the application firewall automation module 108 finish the automatic configuration distribution and check, the firewall configuration item is used as input information of the firewall automation module 109, the firewall automation module is called to finish the configuration distribution and the check, after the check is correct, the domain name resolution configuration item is used as input information of the domain name resolution automation module 105, and the domain name resolution automation module is called to finish the configuration distribution and the check.
Fig. 9 is a unit structure diagram of the network IP address management module 104 of the present invention, where the network IP address management module 104 includes a network IP address entering unit 401, a network IP address allocating unit 402, and a network IP address releasing unit 403, where:
network IP address entry unit 401: the unit is mainly used for logging in the load balancing virtual address, the application firewall virtual service address and the certificate unloading virtual address. And inputting and setting the three types of addresses into a state to be started according to the network IP address planning.
Network IP address assignment unit 402: the unit is mainly used for distributing network IP addresses required by network function automatic configuration according to network functions required to be realized and setting the network IP addresses to be in a use state. The assigned load balancing virtual address, application firewall virtual service address, or certificate offload virtual address is returned to the transaction orchestration module 103.
Network IP address releasing unit 403: the unit is mainly used for releasing the load balancing virtual address, the application firewall virtual service address and the certificate unloading virtual address. When an application person notifies a certain service to be offline, releasing the load balancing virtual address, the application firewall virtual service address or the certificate unloading virtual address related to the service, and resetting the IP address to be in a state to be started.
Fig. 10 is a flowchart of the deployment system based on the application delivery network requirement, and the application delivery network requirement application module 101 provides an application personnel network requirement application page through which the application personnel fills in and submits the network requirement. The network requirement analysis module 102 translates the scenario network requirement submitted by the application personnel into network configuration items of different network functions. The service arrangement module 103 firstly judges whether a network IP address is needed according to the content of the network configuration item, and if the network IP address is needed, the network IP address management module 104 is called to obtain the network IP address; secondly, after the network IP address is obtained, the network IP address is integrated into the corresponding network configuration items, and all the network configuration items are sequenced according to the service access data flow and the logic relation of zero influence of the automation implementation sequence on the service; and finally, according to the sequencing result, sequentially calling a responsible equalization automation module 106, a certificate unloading automation module 107 and an application firewall automation module 108, calling the firewall automation module after the responsible equalization, the certificate unloading and the application firewall network configuration are implemented and verified, and calling a domain name resolution automation module 105 after the firewall network configuration is implemented and verified to complete the domain name resolution network configuration implementation and verification.
According to the invention, through providing a network function requirement application page which is easy to understand for application personnel, the network requirement is analyzed into configuration items of each function such as domain name analysis, load balancing, certificate unloading, application firewall, firewall and the like according to the network requirement submitted by the application personnel, the service arrangement is carried out on each analyzed function configuration item, and the configuration items are configured and issued by a domain name analysis unit, a load balancing unit, a certificate unloading unit, an application firewall and firewall automatic implementation unit according to an arrangement result. According to the network hierarchical architecture and functional module division, configuration items related to all functions are sorted out from the aspects of domain name resolution, load balancing, safety protection, certificate unloading and the like, according to an application delivery network requirement application form submitted by application personnel, configuration items related to all functions are automatically extracted, configuration automation implementation is completed, and application delivery efficiency is greatly improved.
The application provides an embodiment of an electronic device for implementing all or part of content in the deployment method based on the application delivery network requirement, where the electronic device specifically includes the following content:
a processor (processor), a memory (memory), a communication Interface (Communications Interface), and a bus; the processor, the memory and the communication interface complete mutual communication through the bus; the communication interface is used for realizing information transmission between related devices; the electronic device may be a desktop computer, a tablet computer, a mobile terminal, and the like, but the embodiment is not limited thereto. In this embodiment, the electronic device may refer to an embodiment of the method for implementing the deployment based on the application delivery network requirement and an embodiment of the apparatus for implementing the deployment based on the application delivery network requirement, which are incorporated herein and repeated details are omitted.
Fig. 11 is a schematic block diagram of a system configuration of an electronic device 9600 according to the embodiment of the present application. As shown in fig. 11, the electronic device 9600 can include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this FIG. 11 is exemplary; other types of structures may also be used in addition to or in place of the structure to implement telecommunications or other functions.
In one embodiment, the deployment functionality based on application delivery network requirements may be integrated into the central processor 9100. The central processor 9100 may be configured to control as follows:
acquiring network requirement application information through a preset application delivery network requirement application page; determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network respectively based on the network demand application information; sequencing each network configuration item based on a preset sequencing sequence; and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence.
As can be seen from the above description, in the electronic device provided in the embodiment of the present application, the network demand application information is acquired through the application page where the preset application delivery network demand is provided; determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network respectively based on the network demand application information; sequencing all the network configuration items based on a preset sequencing sequence; and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence. The coverage rate and implementation efficiency of network requirements can be effectively improved, manual IP allocation and network configuration implementation are replaced, manual repeated workload is reduced, and network requirement implementation pressure is reduced.
In another embodiment, the deployment apparatus based on the application delivery network requirement may be configured separately from the central processor 9100, for example, the deployment apparatus based on the application delivery network requirement may be configured as a chip connected to the central processor 9100, and the deployment function based on the application delivery network requirement is realized by the control of the central processor.
As shown in fig. 11, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 also does not necessarily include all of the components shown in fig. 11; in addition, the electronic device 9600 may further include components not shown in fig. 11, which may be referred to in the prior art.
As shown in fig. 11, a central processor 9100, sometimes referred to as a controller or operational control, can include a microprocessor or other processor device and/or logic device, which central processor 9100 receives input and controls the operation of the various components of the electronic device 9600.
The memory 9140 can be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information relating to the failure may be stored, and a program for executing the information may be stored. And the central processing unit 9100 can execute the program stored in the memory 9140 to realize information storage or processing, or the like.
The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or a touch input device. Power supply 9170 is used to provide power to electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, but is not limited to, an LCD display.
The memory 9140 may be a solid-state memory, e.g., read Only Memory (ROM), random Access Memory (RAM), a SIM card, or the like. There may also be a memory that holds information even when power is off, can be selectively erased, and is provided with more data, an example of which is sometimes called an EPROM or the like. The memory 9140 could also be some other type of device. Memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage portion 9142, the application/function storage portion 9142 being used for storing application programs and function programs or for executing a flow of operations of the electronic device 9600 by the central processor 9100.
The memory 9140 can also include a data store 9143, the data store 9143 being used to store data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers for the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, contact book applications, etc.).
The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. The communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, which may be the same as in the case of a conventional mobile communication terminal.
Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, may be provided in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and receive audio input from the microphone 9132, thereby implementing ordinary telecommunications functions. The audio processor 9130 may include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100, thereby enabling recording locally through the microphone 9132 and enabling locally stored sounds to be played through the speaker 9131.
An embodiment of the present invention further provides a computer-readable storage medium capable of implementing all the steps in the deployment method based on the application delivery network requirement in the foregoing embodiment, where the computer-readable storage medium stores thereon a computer program, and when the computer program is executed by a processor, the computer program implements all the steps in the deployment method based on the application delivery network requirement in the foregoing embodiment, for example, when the processor executes the computer program, the processor implements the following steps:
acquiring network requirement application information through a preset application delivery network requirement application page; determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network respectively based on the network demand application information; sequencing each network configuration item based on a preset sequencing sequence; and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence.
As can be seen from the above description, in the computer-readable storage medium provided in the embodiment of the present invention, the network demand application information is acquired through a preset application delivery network demand application page; determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network respectively based on the network demand application information; sequencing all the network configuration items based on a preset sequencing sequence; and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence. The coverage rate and implementation efficiency of network requirements can be effectively improved, manual IP allocation and network configuration implementation are replaced, manual repeated workload is reduced, and network requirement implementation pressure is reduced.
Although the present invention provides method steps as described in the examples or flowcharts, more or fewer steps may be included based on routine or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When implemented in practice, the apparatus or client products may be executed sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the methods shown in the embodiments or figures.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, apparatus (system) or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
All the embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from other embodiments. It should be noted that the embodiments and features of the embodiments of the present invention may be combined with each other without conflict. The present invention is not limited to any single aspect or embodiment, nor is it limited to any single embodiment, nor to any combination and/or permutation of such aspects and/or embodiments. Moreover, each aspect and/or embodiment of the present invention may be utilized alone or in combination with one or more other aspects and/or embodiments thereof.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.

Claims (10)

1. A deployment method based on application delivery network requirements is characterized by comprising the following steps:
acquiring network requirement application information through a preset application delivery network requirement application page, and selecting a service requirement to be met by a network by an application person through the preset application delivery network requirement application page; an application page for delivering network requirements is used for translating natural language submitted by an application staff into a computer language which can be automatically implemented;
determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network based on the network requirement application information;
sequencing each network configuration item based on a preset sequencing sequence;
and deploying the sorted network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sorting sequence.
2. The method for deploying network requirements based on application delivery according to claim 1, wherein after determining the network configuration items corresponding to the domain name resolution network, the load balancing network, the certificate offload network, the application firewall network, and the firewall network based on the network requirement application information, the method further comprises:
determining a network IP address corresponding to at least one of a load balancing network, a certificate unloading network and an application firewall network to be acquired based on the network demand application information;
and integrating the acquired network IP address to a network configuration item corresponding to the network IP address.
3. The method for deploying network demand based on application delivery according to claim 2, wherein before integrating the obtained network IP address into the network configuration item corresponding to the network IP address, the method further comprises:
and respectively acquiring network IP addresses of the load balancing network, the certificate unloading network and the application firewall network.
4. The application delivery network requirement based deployment method according to claim 3, wherein the respectively obtaining the network IP addresses of the load balancing network, the certificate offloading network and the application firewall network comprises:
and acquiring network IP addresses corresponding to the pre-recorded load balancing network, the certificate unloading network and the application firewall network from the network IP address distribution table, and modifying the to-be-started state of the acquired network IP addresses into a use state.
5. The application delivery network requirement based deployment method of claim 1, wherein the determining of the network configuration items corresponding to the domain name resolution network, the load balancing network, the certificate offload network, the application firewall network and the firewall network based on the network requirement application information comprises:
analyzing the network requirement application information to obtain network requirements corresponding to a domain name analysis network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network;
retrieving respective network configuration items from respective corresponding lists based on respective network requirements of a domain name resolution network, a load balancing network, a certificate offload network, an application firewall network and a firewall network;
the corresponding list is used for storing the corresponding relation between the network requirement and the network configuration item.
6. The application delivery network requirement based deployment method of claim 1, wherein the preset sequencing order comprises:
the first to last order is the domain name resolution network, the firewall network, the L4 load balancing network, the certificate offload network, the application firewall network, and the L7 load balancing network.
7. The application delivery network requirement based deployment method of claim 1, wherein the preset sequencing order further comprises:
the sequence from first to last is L4 load balancing network, certificate offload network, application firewall network, L7 load balancing network, firewall network and domain name resolution network.
8. A deployment apparatus for delivering network requirements based on an application, comprising:
the acquisition module is used for acquiring network requirement application information through a preset application delivery network requirement application page, and an application person only needs to select a service requirement to be met by a network through the preset application delivery network requirement application page; an application page for delivering network requirements is used for translating natural language submitted by an application staff into a computer language which can be automatically implemented;
the configuration item module is used for determining network configuration items corresponding to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network based on the network demand application information;
the sequencing module is used for sequencing each network configuration item based on a preset sequencing sequence;
and the deployment module is used for deploying the sequenced network configuration items to a domain name resolution network, a load balancing network, a certificate unloading network, an application firewall network and a firewall network according to the sequencing order.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of the application delivery network requirement based deployment method of any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the application delivery network requirement based deployment method of any one of claims 1 to 7.
CN202110392905.8A 2021-04-13 2021-04-13 Deployment method and device based on application delivery network requirements Active CN113114503B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110392905.8A CN113114503B (en) 2021-04-13 2021-04-13 Deployment method and device based on application delivery network requirements

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110392905.8A CN113114503B (en) 2021-04-13 2021-04-13 Deployment method and device based on application delivery network requirements

Publications (2)

Publication Number Publication Date
CN113114503A CN113114503A (en) 2021-07-13
CN113114503B true CN113114503B (en) 2022-12-20

Family

ID=76716177

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110392905.8A Active CN113114503B (en) 2021-04-13 2021-04-13 Deployment method and device based on application delivery network requirements

Country Status (1)

Country Link
CN (1) CN113114503B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116389444B (en) * 2023-04-10 2023-09-15 北京智享嘉网络信息技术有限公司 Traffic scheduling method and system based on user web application

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442469A (en) * 2007-11-22 2009-05-27 中国移动通信集团公司 Method, system and apparatus for down distributing configuration data
CN105511906A (en) * 2015-11-25 2016-04-20 苏州科达科技股份有限公司 Automatic deploy method, device and system of video platform
CN105591819A (en) * 2015-12-24 2016-05-18 杭州华三通信技术有限公司 Method and device of configuring network equipment
CN110113197A (en) * 2019-04-26 2019-08-09 新华三技术有限公司合肥分公司 The method and SDN controller of SDN controller Configuration network equipment
CN110855458A (en) * 2018-08-20 2020-02-28 阿里巴巴集团控股有限公司 Configuration command generation method and equipment
CN112202587A (en) * 2019-07-08 2021-01-08 富士通株式会社 Method and apparatus for recommending and generating network configurations

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10298467B2 (en) * 2015-11-08 2019-05-21 RRC Networks Oy Methods and systems for configuring communication networks

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442469A (en) * 2007-11-22 2009-05-27 中国移动通信集团公司 Method, system and apparatus for down distributing configuration data
CN105511906A (en) * 2015-11-25 2016-04-20 苏州科达科技股份有限公司 Automatic deploy method, device and system of video platform
CN105591819A (en) * 2015-12-24 2016-05-18 杭州华三通信技术有限公司 Method and device of configuring network equipment
CN110855458A (en) * 2018-08-20 2020-02-28 阿里巴巴集团控股有限公司 Configuration command generation method and equipment
CN110113197A (en) * 2019-04-26 2019-08-09 新华三技术有限公司合肥分公司 The method and SDN controller of SDN controller Configuration network equipment
CN112202587A (en) * 2019-07-08 2021-01-08 富士通株式会社 Method and apparatus for recommending and generating network configurations

Also Published As

Publication number Publication date
CN113114503A (en) 2021-07-13

Similar Documents

Publication Publication Date Title
JP7203444B2 (en) Selectively provide mutual transport layer security using alternate server names
US11216756B2 (en) Mapping portal applications in multi-tenant environment
US9553782B2 (en) Dynamically modifying quality of service levels for resources running in a networked computing environment
US8875135B2 (en) Assigning component operations of a task to multiple servers using orchestrated web service proxy
CN105393220B (en) System and method for disposing dotted virtual server in group system
US8843636B1 (en) Managing digital certificates for WAN optimization over content delivery networks
CN107690800A (en) Manage dynamic IP addressing distribution
CN105122772B (en) A kind of method and apparatus by head swap server state and client-side information
US9753786B2 (en) Client server communication system
CN101227343B (en) Method and device for testing TCPv6 and UDPv6
WO2019210580A1 (en) Access request processing method, apparatus, computer device, and storage medium
CN106961469A (en) Unaware orientation Proxy Method and system based on http proxy servers
CN103238151A (en) Techniques for network replication
CN106533713A (en) Application deployment method and device
CN107787483A (en) Reallocated via the seamless address of multi-tenant link
CN102298647A (en) Inspection and allocation system and method of data file
JP2023500669A (en) Cloud services for cross-cloud operations
CN110008019B (en) Method, device and system for sharing server resources
CN106921721A (en) A kind of server, conversation managing method and system
CN115428514A (en) Sharing geographically focused workloads between adjacent MEC hosts of multiple operators
CN113114503B (en) Deployment method and device based on application delivery network requirements
US9760412B2 (en) Client server communication system
CN113626002A (en) Service execution method and device
CN111935260B (en) Account synchronization method and device, electronic equipment and storage medium
US11093477B1 (en) Multiple source database system consolidation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant