CN113839990A - Networking safety system and method based on electronic file - Google Patents
Networking safety system and method based on electronic file Download PDFInfo
- Publication number
- CN113839990A CN113839990A CN202110999806.6A CN202110999806A CN113839990A CN 113839990 A CN113839990 A CN 113839990A CN 202110999806 A CN202110999806 A CN 202110999806A CN 113839990 A CN113839990 A CN 113839990A
- Authority
- CN
- China
- Prior art keywords
- storage
- network
- eds
- cluster
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000006855 networking Effects 0.000 title claims abstract description 24
- 238000004891 communication Methods 0.000 claims abstract description 27
- 230000002776 aggregation Effects 0.000 claims abstract description 12
- 238000004220 aggregation Methods 0.000 claims abstract description 12
- 238000002955 isolation Methods 0.000 claims description 12
- 238000007726 management method Methods 0.000 abstract description 31
- 238000013500 data storage Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 abstract description 2
- 238000004590 computer program Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 101150042248 Mgmt gene Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a networking security method based on an electronic file, which comprises the following steps: dividing the network types into a management network, a storage private network and a storage external network; connecting the storage external network with the EDS cluster through a stacked storage external network switch in a communication manner; the management network is in communication connection with the EDS cluster through a management switch; connecting the storage private network with the EDS cluster through a stacked storage private network switch in a communication manner; the EDS cluster needs to ensure that the storage node management IP and the EDS cluster IP are in the same network segment. As a preferred embodiment of the present invention, specifically, the storage external network and the storage private network are connected to the EDS cluster in a link aggregation or no link aggregation manner. The invention provides a networking safety scheme for the data storage system of the electronic file, can resist the accident situation in the service process to a certain extent, provides end-to-end high availability and ensures the safe and efficient operation of the service.
Description
Technical Field
The invention relates to the field of data processing, in particular to a networking security system and a networking security method based on electronic files.
Background
Most of the existing online case handling service systems only have a general functional framework, and the problems in some details are still not perfected, for example, how to ensure the networking safety of the system related to the electronic file is a problem which needs to be solved urgently by the current system for the electronic file.
Disclosure of Invention
The invention aims to solve at least one of the defects of the prior art and provides a networking security system and a networking security method based on electronic files.
In order to achieve the purpose, the invention adopts the following technical scheme:
specifically, a networking security method based on the electronic portfolio is provided, which comprises the following steps:
dividing the network types into a management network, a storage private network and a storage external network;
connecting the storage external network with the EDS cluster through a stacked storage external network switch in a communication manner;
the management network is in communication connection with the EDS cluster through a management switch;
connecting the storage private network with the EDS cluster through a stacked storage private network switch in a communication manner;
the EDS cluster needs to ensure that the storage node management IP and the EDS cluster IP are in the same network segment.
Further, specifically, the storage external network and the storage private network are connected to the EDS cluster in a link aggregation or no link aggregation manner.
Further, specifically, the storage external network and the storage private network are in communication connection with the EDS cluster in the following manner;
the method comprises the steps that a storage external network and a storage private network are divided into 1 storage plane respectively, flow isolation is carried out between the two planes through a vlan, 4 network cards are equipped in each server based on the flow isolation, every 2 blocks of the 4 network cards are used as 1 bond, the obtained 2 bonds are used for storing the external network and the storage private network respectively and are connected to 2 different switches respectively, the 2 switches are arranged in a stacked mode across cabinets, and the access switches and cores are gathered to carry out duplex connection.
Further, the storage extranet directly multiplexes a management network.
Further, the method further comprises the steps that the EDS cluster mounts the high-availability virtual IP on each node on the basis of the storage external network, when an unexpected disconnection occurs to a certain node, the node virtual IP can drift to other nodes, and the service accessed through the node virtual IP cannot cause interruption.
The invention also provides a networking security system based on the electronic file, which comprises the following steps:
the management network is used as a platform management network and provides a Web page for logging in the EDS;
the storage private network is responsible for storing data communication among the storage nodes;
the storage external network is used for providing storage service for the external connection client;
the EDS cluster needs to ensure that the storage node management IP and the EDS cluster IP are in the same network segment;
the storage extranet is communicatively connected to the EDS cluster through a stacked storage extranet switch,
the storage private network is in communication connection with the EDS cluster through a stacked storage private network switch,
and the management network is in communication connection with the EDS cluster through a management switch.
Further, specifically, the management network is connected with the EDS cluster through a gigabit network cable, and the storage external network is connected with the storage private network and the EDS cluster through a gigabit network cable.
Further, the storage external network and the storage private network are in communication connection with the EDS cluster in the following mode;
the method comprises the steps that a storage external network and a storage private network are divided into 1 storage plane respectively, flow isolation is carried out between the two planes through a vlan, 4 network cards are equipped in each server based on the flow isolation, every 2 blocks of the 4 network cards are used as 1 bond, the obtained 2 bonds are used for storing the external network and the storage private network respectively and are connected to 2 different switches respectively, the 2 switches are arranged in a stacked mode across cabinets, and the access switches and cores are gathered to carry out duplex connection.
The invention has the beneficial effects that:
the invention provides a networking safety scheme for the data storage system of the electronic file, can resist the accident situation in the service process to a certain extent, provides end-to-end high availability and ensures the safe and efficient operation of the service.
Drawings
The foregoing and other features of the present disclosure will become more apparent from the detailed description of the embodiments shown in conjunction with the drawings in which like reference characters designate the same or similar elements throughout the several views, and it is apparent that the drawings in the following description are merely some examples of the present disclosure and that other drawings may be derived therefrom by those skilled in the art without the benefit of any inventive faculty, and in which:
FIG. 1 is a flow chart of the networking security method based on electronic portfolio of the present invention;
FIG. 2 is a schematic structural diagram of the electronic file-based networking security system according to the present invention;
FIG. 3 is a schematic diagram of a dual-upload connection of the electronic portfolio based networked security system of the present invention.
Detailed Description
The conception, the specific structure and the technical effects of the present invention will be clearly and completely described in conjunction with the embodiments and the accompanying drawings to fully understand the objects, the schemes and the effects of the present invention. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The same reference numbers will be used throughout the drawings to refer to the same or like parts.
Referring to fig. 1, embodiment 1, the present invention provides a networking security method based on an electronic file, including the following steps:
dividing the network types into a management network, a storage private network and a storage external network;
connecting the storage external network with the EDS cluster through a stacked storage external network switch in a communication manner;
the management network is in communication connection with the EDS cluster through a management switch;
connecting the storage private network with the EDS cluster through a stacked storage private network switch in a communication manner;
the EDS cluster needs to ensure that the storage node management IP and the EDS cluster IP are in the same network segment.
As a preferred embodiment of the present invention, specifically, the storage external network and the storage private network are connected to the EDS cluster in a link aggregation or no link aggregation manner.
Referring to fig. 3, as a preferred embodiment of the present invention, specifically, the storage extranet and the storage private network are connected to the EDS cluster in a communication manner specifically as follows;
the method comprises the steps that a storage external network and a storage private network are divided into 1 storage plane respectively, flow isolation is carried out between the two planes through a vlan, 4 network cards are equipped in each server based on the flow isolation, every 2 blocks of the 4 network cards are used as 1 bond, the obtained 2 bonds are used for storing the external network and the storage private network respectively and are connected to 2 different switches respectively, the 2 switches are arranged in a stacked mode across cabinets, and the access switches and cores are gathered to carry out duplex connection.
Through the mode of double-up connection,
the networking mode provides high availability from end to end;
the fault of one exchanger can be tolerated, and the network is automatically switched to another exchanger;
the service plane and the storage plane of the server network are both bound by adopting double network ports, so that the high availability of the service can still be ensured when the network card fails.
The Mgmt interface in fig. 3 is connected to 24 × 10GE (1) and 24 × 10GE (3) to form a 1GE BMC gateway, and the other lines are 10GE gateways.
As a preferred embodiment of the present invention, the storage extranet directly multiplexes a management network.
As a preferred embodiment of the present invention, the method further includes that the EDS cluster mounts a highly available virtual IP on each node on the basis of the storage external network, and when an unexpected drop occurs in a node, the node virtual IP will drift to another node, and a service accessed through the node virtual IP will not cause an interruption.
Referring to fig. 2, the present invention also provides a networking security system based on electronic files, comprising the following:
the management network is used as a platform management network and provides a Web page for logging in the EDS;
the storage private network is responsible for storing data communication among the storage nodes;
the storage external network is used for providing storage service for the external connection client;
the EDS cluster needs to ensure that the storage node management IP and the EDS cluster IP are in the same network segment;
the storage extranet is communicatively connected to the EDS cluster through a stacked storage extranet switch,
the storage private network is in communication connection with the EDS cluster through a stacked storage private network switch,
and the management network is in communication connection with the EDS cluster through a management switch.
Based on the above, it is possible to provide,
1) managing the network: and the platform management network is used for providing functions of logging in the EDS by a Web webpage for operation and maintenance management, resource management and control and the like, and communication among EDS cluster storage nodes and the like. And requiring that the EDS cluster storage node management IP and the EDS cluster IP are in the same network segment.
2) Storing a private network: and the storage nodes are responsible for storing data communication. And adopting a link aggregation/no link aggregation mode for connection.
3) And (4) storing an external network: the system is used for providing storage service for the external connection client. And adopting a link aggregation/no link aggregation mode for connection. The management network can also be directly multiplexed under the condition that IP resources are insufficient or the network environment is restricted.
4) In order to meet the service requirement with high reliability requirement, the EDS can mount high-availability virtual IPs on each node on the basis of an external storage network, when a certain node is accidentally disconnected, the node virtual IPs can drift to other nodes, and the service accessed through the node virtual IPs cannot be interrupted.
Specifically, the management network and the EDS cluster are connected by a gigabit network cable, and the storage external network and the storage private network are connected by a gigabit network cable.
As a preferred embodiment of the present invention, the storage extranet and the storage private network are in communication connection with the EDS cluster specifically in the following manner;
the method comprises the steps that a storage external network and a storage private network are divided into 1 storage plane respectively, flow isolation is carried out between the two planes through a vlan, 4 network cards are equipped in each server based on the flow isolation, every 2 blocks of the 4 network cards are used as 1 bond, the obtained 2 bonds are used for storing the external network and the storage private network respectively and are connected to 2 different switches respectively, the 2 switches are arranged in a stacked mode across cabinets, and the access switches and cores are gathered to carry out duplex connection.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium and can implement the steps of the above-described method embodiments when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media which may not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
While the present invention has been described in considerable detail and with particular reference to a few illustrative embodiments thereof, it is not intended to be limited to any such details or embodiments or any particular embodiments, but it is to be construed as effectively covering the intended scope of the invention by providing a broad, potential interpretation of such claims in view of the prior art with reference to the appended claims. Furthermore, the foregoing describes the invention in terms of embodiments foreseen by the inventor for which an enabling description was available, notwithstanding that insubstantial modifications of the invention, not presently foreseen, may nonetheless represent equivalent modifications thereto.
The above description is only a preferred embodiment of the present invention, and the present invention is not limited to the above embodiment, and the present invention shall fall within the protection scope of the present invention as long as the technical effects of the present invention are achieved by the same means. The invention is capable of other modifications and variations in its technical solution and/or its implementation, within the scope of protection of the invention.
Claims (8)
1. The networking security method based on the electronic files is characterized by comprising the following steps:
dividing the network types into a management network, a storage private network and a storage external network;
connecting the storage external network with the EDS cluster through a stacked storage external network switch in a communication manner;
the management network is in communication connection with the EDS cluster through a management switch;
connecting the storage private network with the EDS cluster through a stacked storage private network switch in a communication manner;
the EDS cluster needs to ensure that the storage node management IP and the EDS cluster IP are in the same network segment.
2. The electronic volume-based networking security method according to claim 1, wherein the storage extranet and the storage private network are connected to the EDS cluster by link aggregation or no link aggregation.
3. The electronic portfolio-based networking security method of claim 2, wherein in particular the storage extranet and the storage private network are communicatively coupled to the EDS cluster in particular by;
the method comprises the steps that a storage external network and a storage private network are divided into 1 storage plane respectively, flow isolation is carried out between the two planes through a vlan, 4 network cards are equipped in each server based on the flow isolation, every 2 blocks of the 4 network cards are used as 1 bond, the obtained 2 bonds are used for storing the external network and the storage private network respectively and are connected to 2 different switches respectively, the 2 switches are arranged in a stacked mode across cabinets, and the access switches and cores are gathered to carry out duplex connection.
4. The electronic portfolio-based networking security method of claim 1, wherein the storage extranet directly multiplexes a management network.
5. The electronic volume-based networking security method according to claim 2, wherein the EDS cluster mounts highly available virtual IPs at each node on the basis of the storage extranet, when an unexpected drop occurs at a node, the node virtual IP drifts to other nodes, and the service accessed through the node virtual IP does not cause interruption.
6. The networking safety system based on the electronic file is characterized by comprising the following components:
the management network is used as a platform management network and provides a Web page for logging in the EDS;
the storage private network is responsible for storing data communication among the storage nodes;
the storage external network is used for providing storage service for the external connection client;
the EDS cluster needs to ensure that the storage node management IP and the EDS cluster IP are in the same network segment;
the storage extranet is communicatively connected to the EDS cluster through a stacked storage extranet switch,
the storage private network is in communication connection with the EDS cluster through a stacked storage private network switch,
and the management network is in communication connection with the EDS cluster through a management switch.
7. The electronic volume-based networking security system of claim 6, wherein the management network is connected to the EDS cluster via gigabit cable, and the storage extranet is connected to the storage private network and the EDS cluster via gigabit cable.
8. The electronic portfolio-based networked security system of claim 6, wherein the storage extranet and the storage private network are communicatively coupled to the EDS cluster, particularly by;
the method comprises the steps that a storage external network and a storage private network are divided into 1 storage plane respectively, flow isolation is carried out between the two planes through a vlan, 4 network cards are equipped in each server based on the flow isolation, every 2 blocks of the 4 network cards are used as 1 bond, the obtained 2 bonds are used for storing the external network and the storage private network respectively and are connected to 2 different switches respectively, the 2 switches are arranged in a stacked mode across cabinets, and the access switches and cores are gathered to carry out duplex connection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110999806.6A CN113839990A (en) | 2021-08-30 | 2021-08-30 | Networking safety system and method based on electronic file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110999806.6A CN113839990A (en) | 2021-08-30 | 2021-08-30 | Networking safety system and method based on electronic file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113839990A true CN113839990A (en) | 2021-12-24 |
Family
ID=78961485
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110999806.6A Pending CN113839990A (en) | 2021-08-30 | 2021-08-30 | Networking safety system and method based on electronic file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113839990A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200007622A1 (en) * | 2018-06-29 | 2020-01-02 | International Business Machines Corporation | Isolation of management data for security and operational advantages |
| CN111314107A (en) * | 2019-12-26 | 2020-06-19 | 贵阳朗玛信息技术股份有限公司 | Automatic networking system and automatic networking method based on Internet service |
-
2021
- 2021-08-30 CN CN202110999806.6A patent/CN113839990A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200007622A1 (en) * | 2018-06-29 | 2020-01-02 | International Business Machines Corporation | Isolation of management data for security and operational advantages |
| CN111314107A (en) * | 2019-12-26 | 2020-06-19 | 贵阳朗玛信息技术股份有限公司 | Automatic networking system and automatic networking method based on Internet service |
Non-Patent Citations (4)
| Title |
|---|
| MOB604756F19185: "几种分布式存储组网架构参考", pages 4, Retrieved from the Internet <URL:https:// blog.51cto.com/u_15127572/2721229> * |
| 张宗杰;: "数据中心不同安全域共享集中存储体系的设计", 华南金融电脑, no. 04 * |
| 张明伟;王匀;: "中央核心处理式多层级流量管理系统网络结构设计", 指挥信息系统与技术, no. 03 * |
| 翟丽娜;: "数据中心云主机资源池部署方案初探", 广东通信技术, no. 07 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9547611B2 (en) | Computer system with groups of processor boards | |
| US6889345B2 (en) | System and method for locating a failed storage device in a data storage system | |
| RU2543558C2 (en) | Input/output routing method and device and card | |
| US9454501B2 (en) | Intelligent patch panel port monitoring system | |
| EP3140976B1 (en) | Apparatus, systems, platforms, and methods for securing communication data exchanges between multiple networks for industrial and non-industrial applications | |
| WO2007064467A2 (en) | Subrack with front and rear insertion of amc modules | |
| CN107968775B (en) | Data processing method and device, computer equipment and computer readable storage medium | |
| US20150156117A1 (en) | High density server system | |
| EP3012707B1 (en) | Miniaturized calculation and storage merged system | |
| CN103856357A (en) | Stack system fault processing method and stack system | |
| CN103023973A (en) | Cluster server designing method based on CPCI (Compact Peripheral Component Interconnect) structure | |
| CN105553697A (en) | Avionics system network management system adopting SNMP protocol | |
| CN214851260U (en) | Intelligent network card out-of-band connection system | |
| CN110532202A (en) | A kind of storage cluster system, data transmission method and device | |
| US7206963B2 (en) | System and method for providing switch redundancy between two server systems | |
| CN113839990A (en) | Networking safety system and method based on electronic file | |
| CN105471746A (en) | Relay system and switching device | |
| CN108733610B (en) | Exchange board and blade server | |
| CN104503871A (en) | Implementation method based on full-redundancy model of small computer system | |
| EP2897325B1 (en) | Communication system | |
| CN104104549A (en) | Implementation method of high-availability cluster storage system | |
| CN113392053B (en) | Storage system, communication method and component | |
| US9413692B2 (en) | Line processing unit and switch fabric system | |
| CN211702228U (en) | Management device for video files | |
| CN216599676U (en) | Data exchange equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |