CN113904942B - Management method and device of cloud platform system, electronic equipment and storage medium - Google Patents
Management method and device of cloud platform system, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113904942B CN113904942B CN202111201808.2A CN202111201808A CN113904942B CN 113904942 B CN113904942 B CN 113904942B CN 202111201808 A CN202111201808 A CN 202111201808A CN 113904942 B CN113904942 B CN 113904942B
- Authority
- CN
- China
- Prior art keywords
- information
- data block
- cloud platform
- data
- network topology
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 34
- 238000010586 diagram Methods 0.000 claims abstract description 70
- 238000000034 method Methods 0.000 claims abstract description 31
- 238000012544 monitoring process Methods 0.000 claims abstract description 20
- 230000002159 abnormal effect Effects 0.000 claims abstract description 11
- 238000004590 computer program Methods 0.000 claims description 17
- 238000013475 authorization Methods 0.000 claims description 11
- 230000008859 change Effects 0.000 claims description 11
- 238000012508 change request Methods 0.000 claims description 5
- 230000008447 perception Effects 0.000 abstract description 5
- 238000004891 communication Methods 0.000 description 6
- 238000012217 deletion Methods 0.000 description 4
- 230000037430 deletion Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5072—Grid computing
Abstract
The invention provides a management method, a device, electronic equipment and a storage medium of a cloud platform system, wherein a network topology diagram of the cloud platform is drawn, and elements in the network topology diagram are connected on the cloud platform according to the network topology diagram to generate the cloud platform system; generating first chained data information of the cloud platform system according to the network topology diagram and the information of each element in the network topology diagram, wherein the first chained data information comprises data blocks corresponding to each element connected according to the sequence of the network topology diagram, the data block corresponding to any element comprises a hash value of first information and information of the element, and the first information comprises hash values of all data blocks before the data block in the first chained data information and the information of the element; and monitoring the information of each element in the cloud platform system according to the first chain data information. The method and the system can automatically generate the cloud platform system, and improve the perception capability and the judgment accuracy of the abnormal state of each element in the cloud platform system based on the first chain type data information.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a management method and device of a cloud platform system, electronic equipment and a storage medium.
Background
Cloud platforms, also referred to as cloud computing platforms, refer to services that provide computing, networking, and storage capabilities based on hardware resources and software resources.
In the prior art, a security product is deployed in a cloud platform, the security product is required to be deployed in the cloud platform, the security product is installed in a virtual machine or a container to run, and then a virtual instance running the security product is connected with other virtual servers by manually establishing a virtual network card so as to realize network communication and corresponding security capability.
In the manual management mode, if a certain security product is down or deleted, and other servers or application systems affected by the downtime or the deletion cannot uniformly sense that the down or the deletion of the security product can affect other nodes in the system only if the access of the whole system is interrupted or the access of the whole system is abnormal, and the sensing capability of the system is poor; and which nodes are affected and need to be judged manually, and the situation of misjudgment or incomplete judgment can occur.
Disclosure of Invention
The invention provides a management method, a management device, electronic equipment and a storage medium of a cloud platform system, which are used for automatically generating the cloud platform system and improving the perception capability and judgment accuracy of abnormal states of elements in the cloud platform system.
A first aspect of the present invention provides a method for managing a cloud platform system, the method including:
responding to a drawing operation instruction of the network topology diagram of the cloud platform, and generating the network topology diagram of the cloud platform;
according to the network topology diagram, connecting all elements in the network topology diagram on a cloud platform to generate a cloud platform system;
generating first chained data information of the cloud platform system according to the network topology diagram and information of each element in the network topology diagram, wherein the first chained data information comprises data blocks corresponding to each element connected according to the sequence of the network topology diagram, hash values of the first information and information of the element are included in the data block corresponding to any element, and the first information comprises hash values of all data blocks before the data block and information of the element in the first chained data information;
and monitoring the information of each element in the cloud platform system according to the first chained data information.
A second aspect of the present invention provides a management apparatus of a cloud platform system, including:
the drawing module is used for responding to a drawing operation instruction of the network topology diagram of the cloud platform and generating the network topology diagram of the cloud platform;
the connection module is used for connecting all elements in the network topological graph on a cloud platform according to the network topological graph to generate a cloud platform system;
the generation module is used for generating first chained data information of the cloud platform system according to the network topological graph and the information of each element in the network topological graph, wherein the first chained data information comprises data blocks corresponding to each element connected according to the sequence of the network topological graph, the data block corresponding to any element comprises a hash value of the first information and the information of the element, and the first information comprises hash values in all data blocks before the data block in the first chained data information and the information of the element;
and the monitoring module is used for monitoring the information of each element in the cloud platform system according to the first chained data information.
A third aspect of the present invention provides an electronic apparatus, comprising:
a memory for storing a computer program;
A processor for running a computer program stored in the memory to implement the method as described in the first aspect.
A fourth aspect of the present invention is to provide a computer-readable storage medium having a computer program stored thereon;
the computer program, when executed by a processor, implements the method as described in the first aspect.
A fifth aspect of the invention provides a computer program product comprising a computer program;
the computer program, when executed by a processor, implements the method as described in the first aspect.
According to the management method, the management device, the electronic equipment and the storage medium of the cloud platform system, the network topology diagram of the cloud platform is generated by responding to the drawing operation instruction of the network topology diagram of the cloud platform; according to the network topology diagram, connecting all elements in the network topology diagram on a cloud platform to generate a cloud platform system; generating first chained data information of the cloud platform system according to the network topology diagram and information of each element in the network topology diagram, wherein the first chained data information comprises data blocks corresponding to each element connected according to the sequence of the network topology diagram, hash values of first information and information of the element are included in the data block corresponding to any element, and the first information comprises hash values of all data blocks before the data block in the first chained data information and information of the element; and monitoring the information of each element in the cloud platform system according to the first chain data information. According to the embodiment of the invention, the efficiency of constructing the cloud platform system can be improved by drawing the network topological graph of the cloud platform and automatically generating the cloud platform system, meanwhile, the first chained data information of the cloud platform system is generated, the information of each element is recorded, and based on the first chained data information, the abnormal elements and other affected elements in the cloud platform system can be rapidly known, and the perception capability and the judgment accuracy are improved.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
Fig. 1a is a schematic diagram of an interface drawn and displayed by a network topology map in a management method of a cloud platform system according to an embodiment of the present invention;
fig. 1b is a schematic diagram of first chain data information in a management method of a cloud platform system according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for managing a cloud platform system according to an embodiment of the present invention;
fig. 3 is a flowchart of a management method of a cloud platform system according to another embodiment of the present invention;
fig. 4 is a flowchart of a management method of a cloud platform system according to another embodiment of the present invention;
FIG. 5 is a flowchart of a method for managing a cloud platform system according to another embodiment of the present invention;
fig. 6 is a schematic diagram of second chain data information in a management method of a cloud platform system according to an embodiment of the present invention;
Fig. 7 is a flowchart of a management method of a cloud platform system according to another embodiment of the present invention;
fig. 8 is a block diagram of a management device of a cloud platform system according to an embodiment of the present invention;
fig. 9 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the prior art, a security product is deployed in a cloud platform, the security product is required to be deployed in the cloud platform, the security product is installed in a virtual machine or a container to run, and then a virtual instance running the security product is connected with other virtual servers by manually establishing a virtual network card so as to realize network communication and corresponding security capability.
In the manual management mode, if a certain security product is down or deleted, and other servers or application systems affected by the downtime or the deletion cannot uniformly sense that the down or the deletion of the security product can affect other nodes in the system only if the access of the whole system is interrupted or the access of the whole system is abnormal, and the sensing capability of the system is poor; and which nodes are affected and need to be judged manually, and the situation of misjudgment or incomplete judgment can occur.
In order to solve the technical problems, the method automatically connects elements through drawing a network topology graph of a cloud platform to generate a cloud platform system, and generates first chained data information of the cloud platform system according to the network topology graph and information of the elements in the network topology graph, wherein the first chained data information comprises data blocks corresponding to the elements connected according to the sequence of the network topology graph, hash values of the first information and information of the elements are included in the data blocks corresponding to any element, and the first information comprises hash values of all the data blocks before the data blocks and information of the element in the first chained data information; and then the information of each element in the cloud platform system can be monitored according to the first chained data information, if the information of any element changes, the hash value in the corresponding data block changes, and further the hash value in the subsequent data blocks also changes, so that the first target element with changed information can be determined according to the data block with changed hash value, the corresponding element of each data block after the data block corresponding to the first target element is determined as the second target element influenced by the first target element, thereby the abnormal node and other affected nodes in the cloud platform system can be quickly obtained, the perceptibility is improved, and the situation of misjudgment or incompleteness is avoided.
In the management method of the cloud platform system of the present invention, the electronic device may draw a network topology diagram of the cloud platform through the interface 110 shown in fig. 1a, icons and names of elements such as network products, security products, server products, network connection lines, and other basic network elements in the network may be preconfigured in the first area 111 in the interface 110, the second area 112 may be a network topology diagram drawing and displaying area, the user may add the icon of the network element in the first area to the second area, for example, by a drag manner, and connect the elements together using corresponding network connection lines (network lines, optical fibers, hundred megameters, gigabytes, etc.), and draw a network topology diagram 121, thereby according to the network topology diagram and information of the elements in the network topology diagram, generating first chained data information of the cloud platform system, as shown in fig. 1b, wherein the first chained data information comprises data blocks corresponding to elements connected according to a network topological graph sequence, the data blocks corresponding to the internet are initial data blocks, the data blocks corresponding to the server are end data blocks, the data blocks corresponding to any element comprise hash values of the first information and information of the element, the first information comprises hash values of all data blocks before the data block in the first chained data information and information of the element, for example, for the data block corresponding to a firewall, hash value 1 in the data block corresponding to the internet before the data block, hash value 2 in the data block of an internet router and information of the firewall can be spliced to form first information, hash calculation is performed on the first information to obtain hash value 3, as a hash value in the data block corresponding to the firewall. And finally, monitoring the information of each element in the cloud platform system according to the first chain data information.
The management process of the cloud platform system is explained and illustrated in detail below with reference to specific embodiments.
Fig. 2 is a flowchart of a management method of a cloud platform system according to an embodiment of the present invention. The embodiment provides a management method of a cloud platform system, which comprises the following specific steps:
s201, responding to a drawing operation instruction of the network topology diagram of the cloud platform, and generating the network topology diagram of the cloud platform.
In this embodiment, the cloud platform construction is divided into three layers, i.e., an IaaS (Infrastructure as a service ) layer, a PaaS (Platform as aservice, platform service) layer, and a SaaS (Software as a Service ) layer, where the cloud platform system is deployed as a software system in the IaaS layer, and can provide services of the PaaS layer and the SaaS layer.
When the cloud platform system provides service for users, the bottom layer virtual machine adopts a KVM (Kernel-basedVirtual Machine) technology, the container adopts a Docker (application container engine) technology, and the security capability of the cloud platform system is embedded into the virtual machine and the container without providing security capability through external security products.
In this embodiment, a cloud platform is built with default security products, including a firewall, a WEB application firewall, WEB vulnerability scanning, system vulnerability scanning, database auditing, log auditing, situation awareness system, fort machine, load balancing system, and the like. The self-defined security product can be added as an element and built into the cloud platform by deploying a virtual machine or container.
In the present embodiment, the network topology refers to a network configuration diagram constituted by network node devices and communication media. Elements such as network products (switches, routers, etc.), security products, server products, network connection lines, etc. may be included in the network topology.
The electronic equipment can receive drawing operation instructions of the network topology graph of the cloud platform, and the network topology graph of the cloud platform is drawn in the interface according to the drawing operation instructions. Specifically, in this embodiment, an interface for drawing and displaying a network topology map may be provided, in a first area in the interface, icons and names of elements such as a network product, a security product, a server product, a network connection line, etc. in the network may be preconfigured, where the icons correspond to information security products prestored in the system, and other basic network elements (such as a network product, a server product, a network connection line, etc.); the second area may be a network topology drawing and display area, and the user may add the icon of the element in the first area to the second area, for example by dragging, and connect the elements using corresponding network connection lines (network lines, optical fibers, hundred megas, gigas, etc.), so as to draw the network topology.
Optionally, on the basis of the topology map of the existing cloud platform, the user can also input a drawing operation instruction for the network topology map of the cloud platform, so that elements are added or deleted to the topology map of the existing cloud platform, especially some security products, and finally the modified network topology map of the cloud platform is generated.
And S202, connecting all elements in the network topology diagram on a cloud platform according to the network topology diagram to generate a cloud platform system.
In this embodiment, after the network topology map is obtained, each element may be connected on the cloud platform, so as to generate a cloud platform system.
Specifically, in an alternative embodiment, a virtual network card may be automatically generated between adjacent elements, so as to connect the adjacent elements through the virtual network card. In a further alternative embodiment, the virtual network card may be used as an element, and the user may add the virtual network card to the network topology map by dragging.
On the basis of the above embodiment, when a certain element or some elements need to be added to the cloud platform system, the user may input an operation instruction of adding the element, including a target type of the newly added element and a target addition position, for example, the user may drag an icon of the newly added element from the first area to the target addition position of the current network topology map displayed in the second area. Further, the newly added element can be connected to the current cloud platform system through the virtual network card.
For example, a firewall is added between the internet router and the core switch, an icon of the firewall can be dragged between the internet router and the core switch of the current network topology, the cloud platform can delete a virtual network card between the internet router and the core switch, disconnect the connection between the two elements, and then newly generate two virtual network cards, one is connected with the internet router and the firewall, and the other is connected with the firewall and the core switch.
S203, generating first chained data information of the cloud platform system according to the network topological graph and information of each element in the network topological graph;
the first chained data information comprises data blocks corresponding to elements connected in sequence according to a network topological graph, the data block corresponding to any element comprises hash values of first information and information of the element, and the first information comprises hash values of all data blocks before the data block in the first chained data information and information of the element.
In this embodiment, in order to better monitor whether each element in the cloud platform system changes, the present embodiment uses the block chain technology principle, and generates, according to the network topology graph and the information of each element in the network topology graph, first chained data information of the cloud platform system, where the first chained data information includes a plurality of data blocks, each data block corresponds to one element in the network topology graph, and the plurality of data blocks are sequentially connected according to the network topology graph sequence, as shown in fig. 1b, for the network topology graph shown in fig. 1a, the data block corresponding to the internet is a starting data block, and then sequentially is a data block corresponding to an internet router, a firewall, and a core switch, and the data block corresponding to the server is a final data block; each data block includes two parts, one part is information (such as configuration information and state information) of a corresponding element, the other part is a hash value, the hash value is obtained after the hash values of all data blocks before the data block and the information of the element are combined, for example, for a data block corresponding to a firewall, the hash value in the data block corresponding to the internet before the data block, the hash value in the data block of the internet router and the information of the firewall can be spliced to form first information, and then the hash value is obtained for the first information to be used as the hash value in the data block corresponding to the firewall.
S204, monitoring information of each element in the cloud platform system according to the first chained data information.
In this embodiment, after the first chained data information is obtained, information of each element in the cloud platform system may be monitored based on the first chained data information, especially, if information of any element changes (for example, a state changes, a downtime occurs, etc.), a hash value in a data block corresponding to the element changes accordingly, and further, other subsequent data blocks also respond to the change, so that the hash value in each data block in the first chained data information may be monitored, that is, whether each element in the cloud platform system changes may be monitored. Optionally, in this embodiment, the first chain data information may be updated at preset intervals, and compared with the first chain data information before updating; or when any element changes, the first chain type data information is updated in real time and compared with the first chain type data information before updating, so that monitoring is realized.
As an optional embodiment, as shown in fig. 3, S204, monitoring information of each element in the cloud platform system according to the first chained data information includes:
S301, if the hash value in at least one data block in the first chained data information changes, determining a first target element with changed information according to the data block with the changed hash value;
s302, determining corresponding elements of each data block after the data block corresponding to the first target element as second target elements influenced by the first target element.
In this embodiment, if the hash value in at least one data block in the first chained data information changes, it is described that the information of at least one element in the first chained data information changes, and the element whose information changes may be determined from the changed data block, specifically, it may be considered that the information of the element corresponding to the forefront data block certainly changes, and it is determined as the first target element, and whether the information of the following element changes cannot be determined, but may be affected, and it is determined as the second target element.
Further, a first alarm prompt message is sent to an administrator terminal of the first target element and/or the second target element. The administrator can be prompted to pay attention to the corresponding target elements through the first alarm prompt information, and whether the abnormal condition occurs or not is judged.
According to the management method of the cloud platform system, the network topology diagram of the cloud platform is generated by responding to the drawing operation instruction of the network topology diagram of the cloud platform; according to the network topology diagram, connecting all elements in the network topology diagram on a cloud platform to generate a cloud platform system; generating first chained data information of the cloud platform system according to the network topology diagram and information of each element in the network topology diagram, wherein the first chained data information comprises data blocks corresponding to each element connected according to the sequence of the network topology diagram, hash values of first information and information of the element are included in the data block corresponding to any element, and the first information comprises hash values of all data blocks before the data block in the first chained data information and information of the element; and monitoring the information of each element in the cloud platform system according to the first chain data information. According to the embodiment, the efficiency of constructing the cloud platform system can be improved by drawing the network topological graph of the cloud platform and automatically generating the cloud platform system, meanwhile, the first chained data information of the cloud platform system is generated, the information of each element is recorded, the abnormal elements and other affected elements in the cloud platform system can be rapidly known based on the first chained data information, and the perception capability and the judgment accuracy are improved.
As a further improvement of the foregoing embodiment, as shown in fig. 4, after the generating the first chained data information of the cloud platform system, the method may further include:
s401, acquiring the data block type of each data block in the first chained data information;
s402, judging whether the network topological graph is reasonable or not according to the data block type of each data block, the position of each data block in the first chained data information and the data block type of the adjacent data block;
s403, if the network topological graph is unreasonable, displaying second alarm prompt information.
In this embodiment, for the first chained data information, each data block has its corresponding data block type, for example, for the "internet" data block, the data block type is "start data block", and all the first chained data information uses the "start data block" as the first data block; for the "server" data block, the data block type is "last data block", and all the first chained data information uses "last data block" as the last data block; for example, the data block is classified into different data block types according to different types of products, such as a firewall product, and the data block types are serial type security products. The back-end data block of this data block must contain a server, and may contain a data block of a switch, a router, or the like; for example, for a "web tamper resistant" product, the data block type is "deployment type security product" and the data block of this type of data block must be located immediately before the data block of the "server".
Therefore, whether the network topology map is reasonable or not can be judged according to the data block type of each data block, the position of each data block in the first chained data information and the data block type of the adjacent data block, and if the unreasonable position exists, second alarm prompt information is displayed so as to prompt a user to modify the network topology map of the cloud platform.
On the basis of any one of the above embodiments, as shown in fig. 5, the method further includes:
s501, generating second chained data information of the cloud platform system according to the network topological graph and information of each element in the network topological graph;
the second chained data information comprises data blocks corresponding to all elements connected in reverse order according to a network topological graph, wherein the data block corresponding to any element comprises hash values of second information and information of the element, and the second information comprises hash values of all data blocks before the data block and information of the element in the second chained data information;
s502, if any element to be configured needs to be configured and changed, sending a change request to an administrator device of the corresponding element of each data block before the element to be configured in the second chained data information, so that each administrator device adaptively changes the configuration of the corresponding element, and writing authorization information for performing configuration and change on the element to be configured and information after updating each element into the corresponding data block;
S503, performing configuration change on the element to be configured, and updating the data block and the subsequent data block of the element to be configured.
In this embodiment, the second chained data information of the cloud platform system may also be generated, where the second chained data information of the cloud platform system is similar to the first chained data information, and a difference is that a plurality of data blocks included in the second chained data information are connected in reverse order according to a network topology diagram, that is, as shown in fig. 6, for the network topology diagram shown in fig. 1a, a data block corresponding to a server is a starting data block, then a data block corresponding to a core switch, a firewall, and an internet router is sequentially used, and a data block corresponding to the internet is a final data block; for each data block, two parts are included, one part is information (such as configuration information, state information, etc.) of the corresponding element, and the other part is a hash value, where the hash value is a hash value obtained after combining the hash values in all data blocks before the data block and the information of the element.
In this embodiment, the second chained data information of the cloud platform system is used for authority authentication when any element is configured. Specifically, for example, a firewall needs to be configured, since the firewall related configuration affects elements such as a core switch and a server behind the firewall in the network topology map, all the elements behind the firewall need to be confirmed, that is, an administrator device of the core switch and the server behind the firewall sends a change request, where the change request may include information of the firewall, then the element behind the firewall may perform adaptive configuration modification according to the information of the firewall, authorize the firewall change configuration, write each modified information and authorization information into a corresponding data block, and sequentially calculate hash values of each data block from a sequence of data blocks in the second chained data information, that is, calculate hash values of the data blocks corresponding to the server first, calculate hash values of the data blocks corresponding to the core switch, and the firewall may read authorization information from the data blocks corresponding to the server and the core switch, and further change the configuration, and then update the data blocks corresponding to the firewall and the data blocks of other elements. After the configuration of any element is changed, the first chain data information also needs to be changed accordingly.
Based on the above embodiment, the strong authentication of login according to the second chained data information may further be performed, as shown in fig. 7, which specifically includes:
s601, if any element to be configured needs to be logged in, a login request is sent to the manager equipment of the corresponding element of each data block before the element to be configured in the second chained data information, so that each manager equipment writes the authorization information of logging in the element to be configured into the corresponding data block;
s602, logging in the element to be configured, and updating the data block and the subsequent data block of the element to be configured.
In this embodiment, if a certain element to be configured needs to be logged in, since configuration may need to be changed after logging in, the element behind the element to be configured in the network topology graph is affected, so authorization verification may be performed, and a login request is sent to an administrator device of the element behind the element to be configured in the network topology graph, that is, the element corresponding to each data block before the element to be configured in the second chained data information, if the administrators agree to log in, authorization information logged in by the element to be configured may be written in the corresponding data block, and the hash value of the data block may be recalculated in response to the need, and the element to be configured may read from the data block to the authorization information logged in by the element to be configured.
Fig. 8 is a block diagram of a management device of a cloud platform system according to an embodiment of the present invention. The management device of the cloud platform system provided in this embodiment may execute the processing flow provided by the management method embodiment of the cloud platform system, as shown in fig. 8, where the management device 800 of the cloud platform system includes a drawing module 801, a connection module 802, a generating module 803, and a monitoring module 804.
A drawing module 801, configured to generate a network topology map of the cloud platform in response to a drawing operation instruction for the network topology map of the cloud platform;
a connection module 802, configured to connect, according to the network topology map, each element in the network topology map on a cloud platform, so as to generate a cloud platform system;
a generating module 803, configured to generate, according to the network topology graph and information of each element in the network topology graph, first chained data information of the cloud platform system, where the first chained data information includes data blocks corresponding to each element connected in sequence according to the network topology graph, a data block corresponding to any element includes a hash value of the first information and information of the element, and the first information includes hash values in all data blocks before the data block in the first chained data information and information of the element;
And the monitoring module 804 is configured to monitor information of each element in the cloud platform system according to the first chained data information.
On the basis of any one of the foregoing embodiments, when the monitoring module 804 monitors information of each element in the cloud platform system according to the first chained data information, the monitoring module is configured to:
if the hash value in at least one data block in the first chained data information is changed, determining a first target element with changed information according to the data block with the changed hash value;
and determining each data block corresponding element after the data block corresponding to the first target element as a second target element influenced by the first target element.
On the basis of any one of the above embodiments, the management device of the cloud platform system further includes an alarm module, configured to send a first alarm prompt message to an administrator terminal of the first target element and/or the second target element.
On the basis of any of the above embodiments, the monitoring module 804 is further configured to:
acquiring the data block type of each data block in the first chained data information;
judging whether the network topological graph is reasonable or not according to the data block type of each data block, the position of each data block in the first chained data information and the data block type of the adjacent data block;
And if the network topological graph is unreasonable, displaying second alarm prompt information.
On the basis of any of the above embodiments, the generating module 803 is further configured to:
generating second chained data information of the cloud platform system according to the network topology diagram and the information of each element in the network topology diagram, wherein the second chained data information comprises data blocks corresponding to each element connected in reverse order according to the network topology diagram, the data block corresponding to any element comprises hash values of the second information and the information of the element, and the second information comprises hash values of all data blocks before the data block and the information of the element in the second chained data information;
the apparatus further comprises a configuration module 805 for:
if any element to be configured needs to be configured and changed, sending a change request to an administrator device of the corresponding element of each data block before the element to be configured in the second chained data information, so that the administrator device adapts to change the configuration of the corresponding element, and writing authorization information for performing configuration and change on the element to be configured and information after updating each element into the corresponding data block; and carrying out configuration change on the element to be configured, and updating the data block and the subsequent data block of the element to be configured.
On the basis of any of the above embodiments, the configuration module 805 is further configured to:
if any element to be configured needs to be logged in, a login request is sent to the manager equipment of the corresponding element of each data block before the element to be configured in the second chained data information, so that each manager equipment writes the authorization information of the login of the element to be configured into the corresponding data block;
logging in the element to be configured, and updating the data block and the subsequent data block of the element to be configured.
On the basis of any one of the foregoing embodiments, when each element in the network topology is connected on a cloud platform according to the network topology, the connection module 802 is configured to:
and generating a virtual network card between adjacent elements so as to connect the adjacent elements through the virtual network card.
The management device of the cloud platform system provided in the embodiment of the present invention may be specifically used to execute the method embodiments provided in fig. 2 to 5 and fig. 7, and specific functions are not repeated herein.
The management device of the cloud platform system provided by the embodiment of the invention generates the network topology diagram of the cloud platform by responding to the drawing operation instruction of the network topology diagram of the cloud platform; according to the network topology diagram, connecting all elements in the network topology diagram on a cloud platform to generate a cloud platform system; generating first chained data information of the cloud platform system according to the network topology diagram and information of each element in the network topology diagram, wherein the first chained data information comprises data blocks corresponding to each element connected according to the sequence of the network topology diagram, hash values of first information and information of the element are included in the data block corresponding to any element, and the first information comprises hash values of all data blocks before the data block in the first chained data information and information of the element; and monitoring the information of each element in the cloud platform system according to the first chain data information. According to the embodiment, the efficiency of constructing the cloud platform system can be improved by drawing the network topological graph of the cloud platform and automatically generating the cloud platform system, meanwhile, the first chained data information of the cloud platform system is generated, the information of each element is recorded, the abnormal elements and other affected elements in the cloud platform system can be rapidly known based on the first chained data information, and the perception capability and the judgment accuracy are improved.
Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. The electronic device provided by the embodiment of the present invention may execute the processing flow provided by the management method embodiment of the cloud platform system, as shown in fig. 9, the electronic device 90 includes a memory 91, a processor 92, and a computer program; wherein the computer program is stored in the memory 91 and configured to be executed by the processor 92 in the cloud platform system management method described in the above embodiment. The electronic device 90 may also have a communication interface 93 for transmitting instructions or data.
The electronic device of the embodiment shown in fig. 9 may be used to implement the technical solution of the above-mentioned method embodiment, and its implementation principle and technical effects are similar, and are not repeated here.
In addition, the present embodiment also provides a computer-readable storage medium having stored thereon a computer program that is executed by a processor to implement the method for managing a cloud platform system described in the above embodiment.
In addition, the present embodiment also provides a computer program product, including a computer program, where the computer program is executed by a processor to implement the method for managing a cloud platform system according to the foregoing embodiment.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.
The integrated units implemented in the form of software functional units described above may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform part of the steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above. The specific working process of the above-described device may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (10)
1. The management method of the cloud platform system is characterized by comprising the following steps of:
responding to a drawing operation instruction of the network topology diagram of the cloud platform, and generating the network topology diagram of the cloud platform;
according to the network topology diagram, connecting all elements in the network topology diagram on a cloud platform to generate a cloud platform system;
generating first chained data information of the cloud platform system according to the network topology diagram and information of each element in the network topology diagram, wherein the first chained data information comprises data blocks corresponding to each element connected according to the sequence of the network topology diagram, hash values of the first information and information of the element are included in the data block corresponding to any element, and the first information comprises hash values of all data blocks before the data block and information of the element in the first chained data information; the information of the element is information capable of reflecting the abnormal operation of the network element;
And monitoring the information of each element in the cloud platform system according to the hash value in the data block in the first chained data information.
2. The method according to claim 1, wherein monitoring information of each element in the cloud platform system according to the first chained data information comprises:
if the hash value in at least one data block in the first chained data information is changed, determining a first target element with changed information according to the data block with the changed hash value;
and determining each data block corresponding element after the data block corresponding to the first target element as a second target element influenced by the first target element.
3. The method as recited in claim 2, further comprising:
and sending a first alarm prompt message to an administrator terminal of the first target element and/or the second target element.
4. The method of claim 1, further comprising, after the generating the first chained data information of the cloud platform system:
acquiring the data block type of each data block in the first chained data information;
judging whether the network topological graph is reasonable or not according to the data block type of each data block, the position of each data block in the first chained data information and the data block type of the adjacent data block;
If the network topological graph is unreasonable, displaying second alarm prompt information;
if the data block is the internet, the data block type is the initial data block; if the data block is a server, the data block type is a final data block; if the data block is a firewall product, the data block type is a serial type security product; if the data block is a 'webpage tamper-proof' product, the data block type is a 'deployment type security product'.
5. The method according to claim 1, wherein the method further comprises:
generating second chained data information of the cloud platform system according to the network topology diagram and the information of each element in the network topology diagram, wherein the second chained data information comprises data blocks corresponding to each element connected in reverse order according to the network topology diagram, the data block corresponding to any element comprises hash values of the second information and the information of the element, and the second information comprises hash values of all data blocks before the data block and the information of the element in the second chained data information;
if any element to be configured needs to be configured and changed, sending a change request to an administrator device of the corresponding element of each data block before the element to be configured in the second chained data information, so that the administrator device adapts to change the configuration of the corresponding element, and writing authorization information for performing configuration and change on the element to be configured and information after updating each element into the corresponding data block;
And carrying out configuration change on the element to be configured, and updating the data block and the subsequent data block of the element to be configured.
6. The method of claim 5, wherein the method further comprises:
if any element to be configured needs to be logged in, a login request is sent to the manager equipment of the corresponding element of each data block before the element to be configured in the second chained data information, so that each manager equipment writes the authorization information of the login of the element to be configured into the corresponding data block;
logging in the element to be configured, and updating the data block and the subsequent data block of the element to be configured.
7. The method according to claim 1, wherein the connecting elements in the network topology on a cloud platform according to the network topology comprises:
and generating a virtual network card between adjacent elements so as to connect the adjacent elements through the virtual network card.
8. A management device of a cloud platform system, comprising:
the drawing module is used for responding to a drawing operation instruction of the network topology diagram of the cloud platform and generating the network topology diagram of the cloud platform;
the connection module is used for connecting all elements in the network topological graph on a cloud platform according to the network topological graph to generate a cloud platform system;
The generation module is used for generating first chained data information of the cloud platform system according to the network topological graph and the information of each element in the network topological graph, wherein the first chained data information comprises data blocks corresponding to each element connected according to the sequence of the network topological graph, the data block corresponding to any element comprises a hash value of the first information and the information of the element, and the first information comprises hash values in all data blocks before the data block in the first chained data information and the information of the element; the information of the element is information capable of reflecting the abnormal operation of the network element;
and the monitoring module is used for monitoring the information of each element in the cloud platform system according to the hash value in the data block in the first chained data information.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for running a computer program stored in the memory to implement the method of any one of claims 1-7.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon;
the computer program implementing the method according to any of claims 1-7 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111201808.2A CN113904942B (en) | 2021-10-15 | 2021-10-15 | Management method and device of cloud platform system, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111201808.2A CN113904942B (en) | 2021-10-15 | 2021-10-15 | Management method and device of cloud platform system, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113904942A CN113904942A (en) | 2022-01-07 |
| CN113904942B true CN113904942B (en) | 2024-04-09 |
Family
ID=79192177
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111201808.2A Active CN113904942B (en) | 2021-10-15 | 2021-10-15 | Management method and device of cloud platform system, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113904942B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1728717A (en) * | 2004-07-27 | 2006-02-01 | 邓里文 | Adaptation method in use for syncretizing Ethernet and plesiochronous digital hierarchy |
| CN104360237A (en) * | 2014-11-21 | 2015-02-18 | 国家电网公司 | Intelligent on-line distinguishing method for main equipment failures of regional power grid |
| US9621428B1 (en) * | 2014-04-09 | 2017-04-11 | Cisco Technology, Inc. | Multi-tiered cloud application topology modeling tool |
| KR20200017577A (en) * | 2018-07-25 | 2020-02-19 | 주식회사 유비벨록스모바일 | IOT device state monitor-control system using blockchain network |
| CN111565389A (en) * | 2020-06-04 | 2020-08-21 | 上海金卓网络科技有限公司 | Node management method, device, equipment and storage medium |
| CN112307458A (en) * | 2020-10-29 | 2021-02-02 | 深圳市赛肯威科技有限公司 | Light node uplink method and device, Internet of things central control terminal and block chain network |
| CN112804081A (en) * | 2020-12-25 | 2021-05-14 | 中国科学院信息工程研究所 | Method for constructing and dynamically changing virtual network topology |
| CN113014652A (en) * | 2021-03-03 | 2021-06-22 | 福建碧霞环保科技有限公司 | Environment-friendly online monitoring method and system based on cloud computing and block chain technology |
-
2021
- 2021-10-15 CN CN202111201808.2A patent/CN113904942B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1728717A (en) * | 2004-07-27 | 2006-02-01 | 邓里文 | Adaptation method in use for syncretizing Ethernet and plesiochronous digital hierarchy |
| US9621428B1 (en) * | 2014-04-09 | 2017-04-11 | Cisco Technology, Inc. | Multi-tiered cloud application topology modeling tool |
| CN104360237A (en) * | 2014-11-21 | 2015-02-18 | 国家电网公司 | Intelligent on-line distinguishing method for main equipment failures of regional power grid |
| KR20200017577A (en) * | 2018-07-25 | 2020-02-19 | 주식회사 유비벨록스모바일 | IOT device state monitor-control system using blockchain network |
| CN111565389A (en) * | 2020-06-04 | 2020-08-21 | 上海金卓网络科技有限公司 | Node management method, device, equipment and storage medium |
| CN112307458A (en) * | 2020-10-29 | 2021-02-02 | 深圳市赛肯威科技有限公司 | Light node uplink method and device, Internet of things central control terminal and block chain network |
| CN112804081A (en) * | 2020-12-25 | 2021-05-14 | 中国科学院信息工程研究所 | Method for constructing and dynamically changing virtual network topology |
| CN113014652A (en) * | 2021-03-03 | 2021-06-22 | 福建碧霞环保科技有限公司 | Environment-friendly online monitoring method and system based on cloud computing and block chain technology |
Non-Patent Citations (1)
| Title |
|---|
| 基于区块链的物联网可伸缩管理机制;徐晓冰;戚枭宏;王建平;李奇越;孙伟;;计算机应用研究(第07期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113904942A (en) | 2022-01-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2980583C (en) | Networking flow logs for multi-tenant environments | |
| CN106790091B (en) | Cloud safety protection system and flow cleaning method | |
| EP2987090B1 (en) | Distributed event correlation system | |
| EP3271819A1 (en) | Executing commands within virtual machine instances | |
| CN107544837B (en) | Cloud service equipment performance data acquisition system, method and device | |
| US7933981B1 (en) | Method and apparatus for graphical representation of elements in a network | |
| CN104981784A (en) | Software deployment and control method and system | |
| CN105074692A (en) | Distributed network management system using a logical multi-dimensional label-based policy model | |
| US8694993B1 (en) | Virtualization platform for secured communications between a user device and an application server | |
| CN105095103B (en) | For the storage device management method and apparatus under cloud environment | |
| CN107111510B (en) | Method and device for operating VNF packet | |
| CN103501237A (en) | Device management method, management platform, device and system | |
| CN111428094A (en) | Asset-based network topology generation method, device, equipment and storage medium | |
| CN112333289A (en) | Reverse proxy access method, device, electronic equipment and storage medium | |
| WO2024021703A1 (en) | Server control method, server, and storage medium | |
| CN113904942B (en) | Management method and device of cloud platform system, electronic equipment and storage medium | |
| CN111818081A (en) | Virtual encryption machine management method and device, computer equipment and storage medium | |
| CN113726813B (en) | Network security configuration method, device and storage medium | |
| CN111510431B (en) | Universal terminal access control platform, client and control method | |
| JP2019022099A (en) | Security policy information management system, security policy information management method, and program | |
| CN110941412A (en) | Method, system and terminal for realizing multi-terminal animation co-browsing based on imaging | |
| CN114679290B (en) | Network security management method and electronic equipment | |
| CN113179320B (en) | Storage method and device for public letter files | |
| US11316884B2 (en) | Software defined network white box infection detection and isolation | |
| CN115629706A (en) | Host management method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: Room 402, block B, Qingdao International Innovation Park, No.1 Keyuan Weiyi Road, Zhonghan street, Laoshan District, Qingdao City, Shandong Province, 266101 Patentee after: Kaos Digital Technology (Qingdao) Co.,Ltd. Country or region after: China Patentee after: Kaos Digital Technology (Shanghai) Co.,Ltd. Patentee after: Qingdao haichain Digital Technology Co.,Ltd. Patentee after: CAOS industrial Intelligence Research Institute (Qingdao) Co.,Ltd. Address before: Room 402, block B, Qingdao International Innovation Park, No.1 Keyuan Weiyi Road, Zhonghan street, Laoshan District, Qingdao City, Shandong Province, 266101 Patentee before: Haier digital technology (Qingdao) Co.,Ltd. Country or region before: China Patentee before: HAIER DIGITAL TECHNOLOGY (SHANGHAI) Co.,Ltd. Patentee before: Qingdao haichain Digital Technology Co.,Ltd. Patentee before: QINGDAO HAIER INDUSTRIAL INTELLIGENCE RESEARCH INSTITUTE Co.,Ltd. |