CN113965332A - Enterprise cloud method, device, system and storage medium - Google Patents
Enterprise cloud method, device, system and storage medium Download PDFInfo
- Publication number
- CN113965332A CN113965332A CN202010605476.3A CN202010605476A CN113965332A CN 113965332 A CN113965332 A CN 113965332A CN 202010605476 A CN202010605476 A CN 202010605476A CN 113965332 A CN113965332 A CN 113965332A
- Authority
- CN
- China
- Prior art keywords
- cloud
- enterprise
- server
- intranet
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides an enterprise cloud method, equipment, a system and a storage medium, wherein a cloud request sent by an intranet server in an enterprise intranet is obtained on the basis of cloud network slicing, a target relay network cloud slice is determined from a plurality of relay network cloud slices to be selected in an operator private network according to the cloud request, and finally communication connection between the intranet server and the cloud server is established by using the target relay network cloud slice. The cloud server is not required to be directly fused with an enterprise intranet through a cloud special line or a public network, the problems that the existing enterprise cloud service is not high in safety due to the fact that the public network needs to be connected, or the use cost is high due to the fact that the cloud special line needs to be added are solved, the existing intranet in a multiplexing enterprise and the existing special transmission network of an operator are achieved, the enterprise cloud can be achieved only by adding cloud server connecting nodes, and the cloud server system is safe, efficient, low in cost and easy and convenient to operate.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, a device, a system, and a storage medium for cloud service in an enterprise.
Background
With the continuous development of information technology, the amount of information to be processed by a computer is larger and larger, especially enterprises need to process a large amount of business data information, even perform big data analysis, but the processing capacity of an internal server of the enterprise is limited, and in order to improve the processing capacity, a large amount of cost is needed to add and maintain a performance computer. In order to solve the problem, computer cloud services have been rapidly developed in recent years, and a high-performance mainframe computer is used as a cloud server, so that resource sharing and efficient utilization can be realized.
Currently, enterprises generally connect to cloud servers through a public network such as the internet, or connect to cloud servers by separately opening exclusive cloud lines.
However, the existing cloud service networking method causes the following problems: 1) the public network can be attacked by hackers of the public network, so that confidential data of enterprises are leaked, namely, the cloud security is poor; 2) the cloud dedicated line is opened by long laying time of basic equipment, laying cost is high, high dedicated line use and maintenance cost is paid every year, and the utilization rate of the general cloud dedicated line is low, so that resource waste is caused.
Disclosure of Invention
Based on the above problems, the application provides an enterprise cloud method, an enterprise cloud device, an enterprise cloud system and a storage medium, so as to solve the problems that in the prior art, communication equipment is frequently switched on and off according to real-time traffic, so that various adverse effects on mobile communication are caused, and the service life of the equipment is adversely affected.
In a first aspect, the present application provides an enterprise cloud method applied to a cloud network slice, where the cloud network slice includes an enterprise intranet, a carrier private network, and a cloud server, the enterprise intranet is connected to the carrier private network through a cloud-up dedicated node, the cloud-up dedicated node is an intranet node in the enterprise intranet, the carrier private network is connected to the cloud server, and the method includes:
acquiring a cloud-going request sent by an intranet server in the enterprise intranet;
determining a target relay network cloud slice from a plurality of relay network cloud slices to be selected of the operator private network according to the cloud-up request;
and establishing communication connection between the intranet server and the cloud server by using the target relay network cloud slice.
In one possible design, the cloud-up request includes: first address information of the intranet server, second address information of the cloud dedicated node and third address information of the cloud server;
correspondingly, the establishing of the communication connection between the intranet server and the cloud server by using the target relay network cloud slice includes:
establishing a first transmission channel between the intranet server and the upper cloud special node according to the first address information and the second address information;
establishing a second transmission channel between the upper cloud special node and the cloud server according to the second address information and the third address information;
and establishing communication connection between the intranet server and the cloud server by utilizing the first transmission channel and the second transmission channel.
Optionally, the cloud request further includes: a cloud license identifier, the cloud license identifying the intranet;
correspondingly, before the determining a target relay network cloud slice from a plurality of candidate relay network cloud slices of the operator private network according to the cloud-up request, the method further includes:
and authenticating the enterprise private network according to the cloud permission identifier, wherein the authentication result is that the authentication is passed.
In one possible design, after the establishing the communication connection between the intranet server and the cloud server by using the target relay network cloud slice, the method further includes:
transmitting an information processing request sent by the intranet server to the cloud server so that the cloud server determines a processing result according to the information processing request;
and feeding back the processing result sent by the cloud server to the intranet server.
In a second aspect, the present application provides an enterprise cloud device, including a memory, a processor, and computer executable instructions stored in the memory and executable on the processor, where the processor executes the computer executable instructions to implement the following steps: acquiring a cloud-going request sent by an intranet server in an enterprise intranet;
determining a target relay network cloud slice from a plurality of relay network cloud slices to be selected of the operator private network according to the cloud-up request;
and establishing communication connection between the intranet server and the cloud server by using the target relay network cloud slice.
In one possible design, the cloud-up request includes: first address information of the intranet server, second address information of the cloud dedicated node and third address information of the cloud server;
correspondingly, the establishing of the communication connection between the intranet server and the cloud server by using the target relay network cloud slice includes:
establishing a first transmission channel between the intranet server and the upper cloud special node according to the first address information and the second address information;
establishing a second transmission channel between the upper cloud special node and the cloud server according to the second address information and the third address information;
and establishing communication connection between the intranet server and the cloud server by utilizing the first transmission channel and the second transmission channel.
Optionally, the cloud request further includes: a cloud license identifier, the cloud license identifying the intranet;
correspondingly, before the determining a target relay network cloud slice from a plurality of candidate relay network cloud slices of the operator private network according to the cloud-up request, the method further includes:
and authenticating the enterprise private network according to the cloud permission identifier, wherein the authentication result is that the authentication is passed.
In one possible design, after the establishing the communication connection between the intranet server and the cloud server by using the target relay network cloud slice, the method further includes:
transmitting an information processing request sent by the intranet server to the cloud server so that the cloud server determines a processing result according to the information processing request;
and feeding back the processing result sent by the cloud server to the intranet server.
In a third aspect, the present application provides an enterprise cloud system, comprising:
the system comprises an enterprise intranet, an operator private network, a cloud server and enterprise cloud equipment, wherein the enterprise intranet is connected with the operator private network through a cloud special node, the cloud special node is an intranet node in the enterprise intranet, and the operator private network is connected with the cloud server;
the cloud-on-enterprise device is configured to implement any one of the possible cloud-on-enterprise methods provided by the first aspect.
In a fourth aspect, the present application provides a storage medium, where a computer program is stored, where the computer program is configured to execute any one of the possible cloud-on-enterprise methods provided in the first aspect.
The application provides a method, equipment, system and storage medium for enterprise cloud-up, connect operator private network through increasing network node in the intranet of enterprise, access cloud ware to operator private network, it directly fuses with the intranet of enterprise to have realized that cloud ware need not to pass through cloud private line or public network, it is not high to have solved the security that current enterprise cloud ware need connect public network and cause, or need to increase cloud private line and lead to the problem that use cost is high, the existing intranet in multiplexing enterprise and the existing private transport network of operator have been reached, only increase cloud ware connected node and just can realize enterprise cloud-up, safety and high efficiency, low cost, easy and simple to handle's technical effect.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIGS. 1a-1b are schematic diagrams of a prior art cloud-on-enterprise architecture provided herein;
fig. 2 is a schematic flowchart of an enterprise cloud method provided in the present application;
fig. 3 is a schematic diagram of an intranet structure after an enterprise is clouded;
fig. 4 is a schematic diagram illustrating a principle of multiplexing a plurality of cloud network slices with an operator private network provided in the present application;
FIG. 5 is a schematic flow chart of another method for cloud-on-business provided herein;
fig. 6 is a schematic diagram of an enterprise cloud system architecture provided by the present application;
fig. 7 is a schematic view of a cooperative application scenario of a cloud system on multiple enterprises including multiple cloud servers according to the present application;
fig. 8 is a schematic structural diagram of a cloud device on an enterprise according to the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments, including but not limited to combinations of embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any inventive step are within the scope of the present application.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the above-described drawings (if any) are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
To facilitate understanding, the following explains and describes terms related to embodiments of the present application.
Enterprise intranet: enterprises cover the private network of operators nationwide through rented network operators, and connect the headquarters of the enterprises with the branch offices of other regions to form a regional-crossing enterprise computer local area network.
Operator private network: relay networks, which are laid by network operators and cover all over the country, are dedicated to serving enterprise data traffic. The private network of the operator has high bandwidth and high data transmission capability. The carrier private network is the backbone network for enterprise data transmission. The private network of the operator is laid according to the network arrangement plan of the operator, and is a main data path for connecting long distances, such as provinces.
Cloud special line: the communication line is specially used for connecting the cloud server with a server in a certain enterprise. The general cloud special line is exclusively shared by one enterprise user and is not physically connected with other servers. The cloud special line needs to be laid according to the application of enterprise users.
Slicing the cloud network: and a logically closed network space, wherein the cloud server is fused into a computer local area network of the enterprise intranet by adding network nodes on the basis of the enterprise intranet, and the cloud server is born by a region-crossing connecting line of a private network of an operator.
Fig. 1a-1b are schematic diagrams of existing cloud architecture on an enterprise provided by the present application, and as shown in fig. 1a, since the computing processing capacity of a cloud computing service is 6 times that of a traditional server and the cloud service is continuously developed, a considerable part of enterprises have deployed services originally in an intranet onto the cloud, but the services migrated to the cloud are still limited to services with low or medium security levels, and core services with high security levels are still strictly limited in the intranet by the enterprise. The reason for this phenomenon is that currently, as shown in fig. 1a, an intranet is connected to a remote cloud server by using a public network space such as the internet, which results in the risk of intercepting or attacking business data of an enterprise, and for this problem, a cloud service provider generally superimposes a protective fence on a public network layer by layer through a vpc (virtual port channel) virtual link aggregation technology: and deploying intrusion detection, intrusion prevention, a network layer firewall, vulnerability scanning, antivirus software, an application layer firewall, database security protection software and the like. However, the layer-by-layer security barriers still cannot fundamentally solve the security risk of data transmission in the public network, and enterprise customers need to pay more use and maintenance cost for the security protection. This results in that the core services of the enterprise still need to be strictly limited in the intranet, but the core services are also data services with the highest requirements on computing power, and there is still a great development space for the cloud requirement on the core services of the enterprise.
In order to solve the security problem, a cloud service provider provides a scheme for separately opening a cloud-dedicated line for each enterprise to replace a public network, as shown in fig. 1b, a cloud server is connected to a server of an enterprise headquarter through the cloud-dedicated line, and each enterprise branch needs to implement cloud service through the relay of the server of the enterprise headquarter. However, as the enterprise digitization process extends from the office to the production field, the enterprise digital information resources are distributed in a wide spatial range, which makes the cloud service move from central cloud computing covering the core data assets of the enterprise to edge cloud computing covering the production of the enterprise. The cloud server can only realize the connection with the servers of other enterprise branches through the transfer of the enterprise headquarters server, so that the enterprise headquarters server returns to the old route with increased processing capacity, and obviously, the cost is too high if each branch is provided with a special cloud line.
In order to solve the above problems, the inventor of the present application finds that a root of the problems lies in that in the prior art, a cloud server is taken as a networking center, the cloud server and an intranet are separately established, and then a thinking trend of how to connect the cloud server and the intranet is considered, that is, existing clouds in an enterprise all regard clouds as an external connection server of the intranet, the cloud server is free outside the intranet, the intranet and the cloud server need to be connected through a public network or a dedicated line for cloud service, a service provider providing cloud services only considers to leave an external connection interface, the enterprise only considers to leave an external connection interface in an internal local area network, a network operator can only connect the cloud server and the intranet under the requirement of the cloud service provider and the enterprise on one side, and the three parties are equivalent to passively constructing a network.
The inventor of the application stands in the angle of a network operator and takes enterprise customers as a networking center to plan the cloud of the enterprise overall, and the invention concept of the application is as follows: the construction of the enterprise intranet is that the enterprise rents the operator private network of the network operator architecture, the existing operator private network only needs to utilize cloud network cooperative equipment, namely cloud equipment on the enterprise, to uniformly distribute the transmission of cloud service data of different enterprise customers, so that the cloud private line can be replaced by the operator private network, only the cloud private node needs to be added in the enterprise intranet, then the cloud server can be integrated into the enterprise intranet through the cloud private node, the cloud data interaction is changed into the data interaction among all nodes in the closed intranet, the cloud private line is prevented from being independently laid for each enterprise customer, the full and efficient utilization of the operator private network resources is realized, the cloud service on the enterprise is simplified, the cloud cost on the enterprise is reduced, the security of the enterprise cloud data is also improved, because the operator private network is not a public network, the operator private network is not open to the outside, the system is independent and closed, and the data security is the same as that of a special cloud line. The definition of the private network of the operator is introduced by the above technical terms and is not described in detail herein.
The enterprise cloud method of the present application is described in detail below with reference to embodiments.
It should be noted that the following enterprise cloud method is applied to a "cloud network slice" type intranet architecture scheme. The cloud network slice is characterized in that an enterprise intranet is connected with a nationwide operator private network, exclusive network data transmission channel resources are distributed to enterprise customers through cloud network cooperative equipment on the operator private network, namely cloud equipment on an enterprise, so that the enterprise intranet is extended to a cloud server, computer resource slices such as virtual machines, physical machines and even rack resources corresponding to the enterprise customers on the cloud server are sealed in the enterprise intranet, and the logically sealed and independent cloud-containing enterprise local area network is formed into the cloud network slice. Each cloud network slice is not communicated logically and is closed by itself, so that high security of data is guaranteed, but high sharing is realized on the level of a physical transmission medium and a cloud server, a large amount of physical resources are saved, and a brand new channel is provided for enterprises to rapidly access or expand cloud services.
Fig. 2 is a schematic flowchart of an enterprise cloud service method provided by the present application. As shown in fig. 2, the method includes the following specific steps:
s201, a cloud-up request sent by an intranet server in an enterprise intranet is obtained.
Fig. 3 is a schematic diagram of an intranet structure after an enterprise is clouded according to the present application. As shown in fig. 3, the intranet 31 includes a plurality of network nodes, each node is connected to at least one computer server, the servers of the whole enterprise are connected to each other two by two through the intranet 31, for example, the server of the enterprise headquarters in fig. 3 is connected to the servers of the branches of the enterprise, and the geographic locations of the nodes may be far apart, such as the nodes are distributed across cities, the nodes are distributed across provinces, and the like, or the nodes may be divided into office nodes and production area nodes, and the office nodes and the production area nodes span a large geographic area.
An intranet server under a certain node in the intranet of the enterprise, such as an intranet server in branch 1, combines the address of the intranet server, the address of the dedicated cloud node 32, and other relevant cloud service information into a cloud request, and sends the cloud request to the intranet of the enterprise, and a network device of the dedicated cloud node, such as a gateway, forwards the cloud request to the private network 33 of the operator, and the cloud request is received by a cloud network cooperative device, that is, an enterprise cloud device, connected to the private network 33 of the operator. Different intranet networks achieve the technical effects that enterprises can fast go to the cloud and cloud servers can be rapidly added or deleted through orthogonal multiplexing of the operator private network 33.
S202, determining a target relay network cloud slice from a plurality of relay network cloud slices to be selected of the private network of the operator according to the cloud request.
Fig. 4 is a schematic diagram illustrating a principle of multiplexing a plurality of cloud network slices with an operator private network provided in the present application. As shown in fig. 4, since the multiple cloud network slices share the private network of the operator, that is, the enterprise intranet a, the enterprise intranet B, and the enterprise intranet C in fig. 4 are all connected to the private network of the operator on physical connection lines, the private network of the operator may transmit cloud service data of the multiple cloud network slices at the same time, so that data transmission channel resources of the private network of the operator must be allocated comprehensively, a relay network in charge of remote cross-region data transmission in the private network of the operator is called a relay network cloud slice, allocation of the data transmission channel resources is called a relay network cloud slice, and all the data transmission channel resources are divided into multiple relay network cloud slices. And the relay network cloud slices which are idle in the period are called relay network cloud slices to be selected, and the cloud equipment on the enterprise screens out target relay network cloud slices from the relay network cloud slices to be selected according to the cloud request and a preset resource allocation rule/a preset allocation algorithm. Specifically, matching is performed according to one or more dimensions of data size, task emergency degree, enterprise customer level, cloud resource use information of a cloud server and the like in the upper cloud request, and a relay network cloud slice matched with the upper cloud request is determined.
It should be noted that, in this embodiment, implementation manners of the information included in the cloud uploading request and the preset allocation algorithm are not limited, and a person skilled in the art may select a specific implementation manner according to actual situations, and all of the implementation manners belong to the range described in this step.
S203, establishing communication connection between the intranet server and the cloud server by using the target relay network cloud slice.
As shown in fig. 4, after determining the target relay network cloud slice, the relay network transmits information of the enterprise cloud service to the cloud server, and returns a result processed by the cloud server to a server in the target node in the enterprise intranet, so as to establish a communication connection between the intranet server and the cloud server.
The embodiment provides an enterprise cloud method, which includes the steps of obtaining a cloud request sent by an intranet server in an enterprise intranet on the basis of cloud network slices, determining a target relay network cloud slice from a plurality of relay network cloud slices to be selected in a private network of an operator according to the cloud request, and establishing communication connection between the intranet server and the cloud server by using the target relay network cloud slice. The cloud server is not required to be directly fused with an enterprise intranet through a cloud special line or a public network, the problems that the existing enterprise cloud service is not high in safety due to the fact that the public network needs to be connected, or the use cost is high due to the fact that the cloud special line needs to be added are solved, the existing intranet in a multiplexing enterprise and the existing special transmission network of an operator are achieved, the enterprise cloud can be achieved only by adding cloud server connecting nodes, and the cloud server system is safe, efficient, low in cost and easy and convenient to operate.
Fig. 5 is a flowchart illustrating another method for cloud-on-enterprise provided by the present application. As shown in fig. 5, the method includes the following specific steps:
s501, a cloud-up request sent by an intranet server in an enterprise intranet is obtained.
In this step, the cloud entry request includes: the cloud-up permission identification, the first address information of the intranet server, the second address information of the cloud-up dedicated node and the third address information of the cloud server.
It should be noted that the address information may be understood as intranet IP addresses, and the IP addresses can only be seen in the same cloud network slice, that is, other intranet networks cannot obtain the IP address information of the intranet network, so that logical closure of the cloud network slice can be realized, and the security of data is ensured.
The rest of the step is explained in S101, and is not described herein.
And S502, authenticating the enterprise private network according to the cloud permission identifier, wherein the authentication result is that the authentication is passed.
The cloud-up permission identifier is unique identification information distributed to the enterprise customer by the cloud service provider or the network service operator after the cloud service provider, the network service operator and the enterprise customer sign a cloud service agreement, and the cloud-up permission identifier can correspond to the cloud service authority level of the enterprise customer. After receiving the cloud-going request from the cloud-going dedicated node, the cloud-going equipment on the enterprise authenticates according to the cloud-going permission identifier in the cloud-going request, judges whether the enterprise client is still in the cloud-going service agreement period, and provides corresponding priority and resource allocation basis for subsequent relay network cloud slices according to the permission level corresponding to the cloud-going permission identifier.
S503, establishing a first transmission channel between the intranet server and the upper cloud special node according to the first address information and the second address information.
For the convenience of understanding the present step, a Virtual Private Network technology based on Multi-Protocol Label Switching (MPLS _ VPN) is exemplified herein. The MPLS _ VPN network mainly includes ce (customer Edge router) customer network Edge router devices, pe (provider Edge router) network operator Edge router devices, and p (provider router) network operator core router devices, which are part 3. The CE is directly connected with the operator network, the CE cannot sense the existence of the VPN, the PE is directly connected with the CE of the user and is responsible for VPN service access and VPN-IPv4 routing processing, the PE is a main implementer of the MPLS three-layer VPN, and the P is responsible for rapidly forwarding data and is not directly connected with the CE. The PE equipment adds an MPLS label to information in an enterprise intranet, and then performs route distribution among branches of the same VPN user, namely the enterprise intranet user, namely first address information and second address information are added to the MPLS label to form a VPN data packet, and a data channel of an intranet server and a cloud dedicated node is established.
In a possible design, to improve data transmission efficiency, the enterprise intranet server may first submit a resource allocation application to the dedicated cloud node, and the enterprise intranet edge router or the cloud equipment allocates a transmission channel resource of the corresponding intranet server and the dedicated cloud node, that is, a first transmission channel is established through the first address information and the second address information.
S504, a second transmission channel between the cloud special node and the cloud server is established according to the second address information and the third address information.
When the first transmission channel is established, the operator core router device or the cloud-on-enterprise device establishes a second transmission channel, which is used for connecting the cloud-on-cloud special node of the intranet with the cloud server, by using a preset allocation algorithm according to the data bearing condition of the current relay network. It is understood that this function of the upper cloud device may also be included in the operator core router device.
Specifically, the intranet can be divided into VLAN segments by a VLAN (virtual Local Area network) VLAN technology, one VLAN segment is a broadcast domain, the communication between VLANs is completed by a layer 3 router, and the broadcast domain may be a virtual segment composed of a group of arbitrarily selected second layer network addresses (MAC addresses). In this way, the division of work groups in the network can break through the geographical location restrictions in the shared network, but be completely divided according to administrative functions. The grouping mode based on the workflow greatly improves the management functions of network planning and recombination. Stations in the same VLAN communicate as if on separate switches, regardless of which switch they are actually connected to. The broadcast in the same VLAN can be heard only by members in the VLAN and can not be transmitted to other VLANs, so that the technical effect that a plurality of internal enterprises and intranets share a physical transmission medium, namely, an operator private network can be realized, the cloud speed of enterprises is accelerated, and the resource utilization rate is improved.
And S505, establishing communication connection between the intranet server and the cloud server by using the first transmission channel and the second transmission channel.
After the first transmission channel and the second transmission channel are established, namely the relay network cloud slice is distributed, the enterprise intranet server and the cloud server receive the connection establishment notification, and therefore the intranet server and the cloud server can start data transmission.
It should be noted that, one cloud server corresponds to one dedicated cloud node, and when multiple intranet nodes send cloud requests to the dedicated cloud node at the same time, the cloud equipment on the enterprise or the router equipment of the dedicated cloud node allocates the relay network cloud slice resources according to a preset priority scheme. For example, for a central cloud server, an intranet node corresponding to an enterprise headquarters or an intranet node responsible for big data analysis service has the highest priority and can be allocated to the maximum bandwidth; for example, the 5G edge cloud server is mainly responsible for basic cloud services of a production area or other branch organizations, and the corresponding production area node or branch organization node has a relatively high priority.
In a possible design, an enterprise intranet may set a plurality of candidate nodes as to-be-selected dedicated cloud nodes, and after an enterprise signs a service agreement with a cloud service provider, the enterprise may directly select one of the to-be-selected dedicated cloud nodes as a dedicated cloud node corresponding to the cloud server, and when the contract expires, the dedicated cloud node may be directly released. Therefore, the expansion or reduction of the cloud services corresponding to the enterprise can be quickly realized, and the condition that enterprise customers need to open a plurality of special cloud lines to realize the cloud service requirements of different cloud service providers or different enterprise branch organizations is avoided.
S506, the information processing request sent by the intranet server is transmitted to the cloud server, so that the cloud server determines a processing result according to the information processing request.
In this step, the information processing request may be a request for big data analysis of the enterprise core operation data, a request for service data processing of a web portal, or the like.
And S507, feeding back the processing result sent by the cloud server to the intranet server.
In this step, the cloud server may transmit the processing result to the intranet server at one time, or may transmit a feedback result for processing the content with less time consumption according to the content of the service request, so that the experience of the user can be improved.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments can be implemented by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps including the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
According to the enterprise cloud method provided by the embodiment, the cloud request sent by the intranet server in the intranet of the enterprise is obtained on the basis of cloud network slicing, then the private network of the enterprise is authenticated according to the cloud permission identification, after the authentication is passed, a first transmission channel between the intranet server and the cloud dedicated node is established according to the first address information and the second address information, then a second transmission channel between the cloud dedicated node and the cloud server is established according to the second address information and the third address information, and then the communication connection between the intranet server and the cloud server is established by using the first transmission channel and the second transmission channel, so that cloud service data interaction is realized. The cloud server is not required to be directly fused with an enterprise intranet through a cloud special line or a public network, the problems that the existing enterprise cloud service is not high in safety due to the fact that the public network needs to be connected, or the use cost is high due to the fact that the cloud special line needs to be added are solved, the existing intranet in a multiplexing enterprise and the existing special transmission network of an operator are achieved, the enterprise cloud can be achieved only by adding cloud server connecting nodes, and the cloud server system is safe, efficient, low in cost and easy and convenient to operate.
Fig. 6 is a schematic diagram of an enterprise cloud system architecture provided by the present application. As shown in fig. 6, the intranet is connected to the private network 62 of the operator through a dedicated cloud node 611 via a node 61, the cloud equipment 64 of the enterprise is responsible for planning and scheduling data transmission of each cloud network slice on the private network 62 of the operator, and a cloud server 63 in a different location is interacted with a certain intranet server in the intranet 61 of the enterprise through the private network 62 of the operator. It should be noted that the private network 62 of the operator refers to a trans-regional private backbone network laid by a network operator, which is a relay network for long-distance transmission, and a connection network between branches of the private intranet itself is also a private network of the operator laid by a leased network operator, so that the private network 62 of the operator can be regarded as an extension of the intranet 61, and the cloud server 63 is merged into the intranet 61. The enterprise cloud service method is realized through the enterprise cloud service system, and the enterprise can realize rapid cloud service or rapid expansion of the number of cloud servers only by increasing the number of the cloud dedicated nodes 611 in the enterprise intranet 61, for example, the cloud dedicated nodes corresponding to the 5G edge cloud service can be increased, and the 5G edge cloud server can be connected with the servers of all branches in the enterprise intranet through the operator private network 62, so that rapid expansion of the 5G edge cloud service is realized.
Fig. 7 is a schematic view of a collaborative application scenario of a multi-enterprise cloud system including multiple cloud servers according to the present application. As shown in fig. 7, the enterprise intranet a and the enterprise intranet B are connected to the private network of the operator through respective dedicated cloud nodes, that is, orthogonal multiplexing of the private network of the operator is achieved, one physical line can serve hundreds of enterprise customers, the private network of the enterprise is divided into a plurality of logical isolation areas through the cloud devices of the enterprise or the core router of the private network of the operator, and different private networks and network nodes in the private networks of the enterprise are distinguished through logical isolation. In the same intranet, an intranet node can simultaneously send a cloud service request to a plurality of cloud dedicated nodes, for example, a headquarter node a of the intranet a can simultaneously send a cloud service request of a center cloud service and a cloud service request of a 5G edge cloud service to two cloud dedicated nodes corresponding to a center cloud server and a 5G edge cloud, the center cloud server processes data analysis services, and the 5G edge cloud server can send edge cloud service data to wireless terminal devices in branches of an enterprise, for example, work communication information among employees of the enterprise is pushed. It should be noted that, although the enterprise intranet a and the enterprise intranet B are logically isolated and share the same operator private network, the operator private network is not a public network like the internet, and the operator private network is not open to individual users, so that data between the enterprise intranets is not exposed to the public network, and the possibility that the data is attacked by hackers is also avoided, thereby improving the security problem of the enterprise core service data.
Fig. 8 is a schematic structural diagram of a cloud device on an enterprise according to the present application. As shown in fig. 8, the cloud device 800 on the enterprise may include: at least one processor 801 and a memory 802. Fig. 8 shows an electronic device as an example of a processor.
The memory 802 stores programs. In particular, the program may include program code including computer operating instructions.
The processor 801 is configured to execute computer execution instructions stored in the memory 802 to implement the cloud-on-enterprise method described in the above method embodiments, and the detailed steps of the implementation may refer to the cloud-on-enterprise method flow shown in fig. 5, and specific terms and working principles refer to S501 to S507, which are not described herein again.
The processor 801 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present application.
Alternatively, the memory 802 may be separate or integrated with the processor 801. When the memory 802 is a device independent of the processor 801, the electronic device 800 may further include:
a bus 803 for connecting the processor 801 and the memory 802. The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. Buses may be classified as address buses, data buses, control buses, etc., but do not represent only one bus or type of bus.
Alternatively, in a specific implementation, if the memory 802 and the processor 801 are integrated into a chip, the memory 802 and the processor 801 may communicate through an internal interface.
The present application also provides a computer-readable storage medium, which may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, are specifically stored in the computer-readable storage medium, where the program instructions are used in the above-mentioned cloud-on-enterprise method in each embodiment, and are not described herein again.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.
Claims (10)
1. An enterprise cloud method is applied to a cloud network slice, the cloud network slice comprises an enterprise intranet, a carrier private network and a cloud server, the enterprise intranet is connected with the carrier private network through a cloud dedicated node, the cloud dedicated node is an intranet node in the enterprise intranet, and the carrier private network is connected with the cloud server, and the method comprises the following steps:
acquiring a cloud-going request sent by an intranet server in the enterprise intranet;
determining a target relay network cloud slice from a plurality of relay network cloud slices to be selected of the operator private network according to the cloud-up request;
and establishing communication connection between the intranet server and the cloud server by using the target relay network cloud slice.
2. The enterprise clouding method of claim 1, wherein the clouding request comprises: first address information of the intranet server, second address information of the cloud dedicated node and third address information of the cloud server;
correspondingly, the establishing of the communication connection between the intranet server and the cloud server by using the target relay network cloud slice includes:
establishing a first transmission channel between the intranet server and the upper cloud special node according to the first address information and the second address information;
establishing a second transmission channel between the upper cloud special node and the cloud server according to the second address information and the third address information;
and establishing communication connection between the intranet server and the cloud server by utilizing the first transmission channel and the second transmission channel.
3. The enterprise clouding method of claim 2, wherein the clouding request further comprises: a cloud license identifier, the cloud license identifying the intranet;
correspondingly, before the determining a target relay network cloud slice from a plurality of candidate relay network cloud slices of the operator private network according to the cloud-up request, the method further includes:
and authenticating the enterprise private network according to the cloud permission identifier, wherein the authentication result is that the authentication is passed.
4. The enterprise cloud method according to any one of claims 1 to 3, further comprising, after the establishing the communication connection between the intranet server and the cloud server by using the target relay network cloud slice, the following steps:
transmitting an information processing request sent by the intranet server to the cloud server so that the cloud server determines a processing result according to the information processing request;
and feeding back the processing result sent by the cloud server to the intranet server.
5. An enterprise cloud device comprising a memory, a processor, and computer executable instructions stored in the memory and executable on the processor, the processor implementing the following steps when executing the computer executable instructions:
acquiring a cloud-going request sent by an intranet server in an enterprise intranet;
determining a target relay network cloud slice from a plurality of relay network cloud slices to be selected of the operator private network according to the cloud-up request;
and establishing communication connection between the intranet server and the cloud server by using the target relay network cloud slice.
6. The cloud-on-enterprise device of claim 5, wherein the cloud-on-request comprises: first address information of the intranet server, second address information of the cloud dedicated node and third address information of the cloud server;
correspondingly, the establishing of the communication connection between the intranet server and the cloud server by using the target relay network cloud slice includes:
establishing a first transmission channel between the intranet server and the upper cloud special node according to the first address information and the second address information;
establishing a second transmission channel between the upper cloud special node and the cloud server according to the second address information and the third address information;
and establishing communication connection between the intranet server and the cloud server by utilizing the first transmission channel and the second transmission channel.
7. The cloud-on-enterprise device of claim 6, wherein the cloud-on-request further comprises: a cloud license identifier, the cloud license identifying the intranet;
correspondingly, before the determining a target relay network cloud slice from a plurality of candidate relay network cloud slices of the operator private network according to the cloud-up request, the method further includes:
and authenticating the enterprise private network according to the cloud permission identifier, wherein the authentication result is that the authentication is passed.
8. The cloud-on-enterprise device according to any one of claims 5 to 7, further comprising, after the establishing of the communication connection between the intranet server and the cloud server by using the target relay network cloud slice:
transmitting an information processing request sent by the intranet server to the cloud server so that the cloud server determines a processing result according to the information processing request;
and feeding back the processing result sent by the cloud server to the intranet server.
9. An enterprise cloud system, comprising:
the system comprises an enterprise intranet, an operator private network, a cloud server and enterprise cloud equipment, wherein the enterprise intranet is connected with the operator private network through a cloud special node, the cloud special node is an intranet node in the enterprise intranet, and the operator private network is connected with the cloud server;
the on-enterprise cloud device is used for realizing the on-enterprise cloud method of any one of claims 1 to 4.
10. A computer-readable storage medium, on which a computer program is stored, the computer program, when executed by a processor, implementing the on-enterprise cloud method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010605476.3A CN113965332B (en) | 2020-06-29 | 2020-06-29 | Enterprise cloud loading method, equipment, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010605476.3A CN113965332B (en) | 2020-06-29 | 2020-06-29 | Enterprise cloud loading method, equipment, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113965332A true CN113965332A (en) | 2022-01-21 |
| CN113965332B CN113965332B (en) | 2023-08-08 |
Family
ID=79459096
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010605476.3A Active CN113965332B (en) | 2020-06-29 | 2020-06-29 | Enterprise cloud loading method, equipment, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113965332B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115243229A (en) * | 2022-05-30 | 2022-10-25 | 浪潮通信技术有限公司 | Cloud network fusion method, device and system, electronic equipment and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283755A (en) * | 2013-07-01 | 2015-01-14 | 阿里巴巴集团控股有限公司 | Virtual private cloud accessing method and system thereof |
| US20150256391A1 (en) * | 2014-03-07 | 2015-09-10 | Matthew A. HARDY | Cloud device identification and authentication |
| CN105120530A (en) * | 2015-09-11 | 2015-12-02 | 北京金山安全软件有限公司 | Method and device for acquiring data and data acquisition system |
| US20150372982A1 (en) * | 2014-06-20 | 2015-12-24 | Zscaler, Inc. | Intelligent, cloud-based global virtual private network systems and methods |
| CN109286954A (en) * | 2018-11-05 | 2019-01-29 | 中国联合网络通信集团有限公司 | A kind of data transmission method and transmission net controller |
| WO2019095374A1 (en) * | 2017-11-20 | 2019-05-23 | Nokia Shanghai Bell Co., Ltd. | Apparatus, system and method for security management based on event correlation in a distributed multi-layered cloud environment |
| CN110198555A (en) * | 2019-05-21 | 2019-09-03 | 中国联合网络通信集团有限公司 | A kind of configuration method and device of network slice |
| CN110266767A (en) * | 2019-05-22 | 2019-09-20 | 中国联合网络通信集团有限公司 | Cloud method and equipment in enterprise |
| CN111106991A (en) * | 2018-10-29 | 2020-05-05 | 中国移动通信集团浙江有限公司 | Cloud special line system and service issuing and opening method thereof |
| CN111340456A (en) * | 2020-03-06 | 2020-06-26 | 国网冀北电力有限公司 | Edge cloud collaborative data processing method, device and equipment based on Internet of things |
-
2020
- 2020-06-29 CN CN202010605476.3A patent/CN113965332B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283755A (en) * | 2013-07-01 | 2015-01-14 | 阿里巴巴集团控股有限公司 | Virtual private cloud accessing method and system thereof |
| US20150256391A1 (en) * | 2014-03-07 | 2015-09-10 | Matthew A. HARDY | Cloud device identification and authentication |
| US20150372982A1 (en) * | 2014-06-20 | 2015-12-24 | Zscaler, Inc. | Intelligent, cloud-based global virtual private network systems and methods |
| CN105120530A (en) * | 2015-09-11 | 2015-12-02 | 北京金山安全软件有限公司 | Method and device for acquiring data and data acquisition system |
| WO2019095374A1 (en) * | 2017-11-20 | 2019-05-23 | Nokia Shanghai Bell Co., Ltd. | Apparatus, system and method for security management based on event correlation in a distributed multi-layered cloud environment |
| CN111106991A (en) * | 2018-10-29 | 2020-05-05 | 中国移动通信集团浙江有限公司 | Cloud special line system and service issuing and opening method thereof |
| CN109286954A (en) * | 2018-11-05 | 2019-01-29 | 中国联合网络通信集团有限公司 | A kind of data transmission method and transmission net controller |
| CN110198555A (en) * | 2019-05-21 | 2019-09-03 | 中国联合网络通信集团有限公司 | A kind of configuration method and device of network slice |
| CN110266767A (en) * | 2019-05-22 | 2019-09-20 | 中国联合网络通信集团有限公司 | Cloud method and equipment in enterprise |
| CN111340456A (en) * | 2020-03-06 | 2020-06-26 | 国网冀北电力有限公司 | Edge cloud collaborative data processing method, device and equipment based on Internet of things |
Non-Patent Citations (4)
| Title |
|---|
| ISMAIL ARI: "Data stream analytics and mining in the cloud", 《4TH IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE PROCEEDINGS》 * |
| 庄性华;梁勇;周二玲;李文扬;: "5G时代中国移动将推动云网融合", 通信企业管理, no. 01 * |
| 王君兰;: "企业上云 高歌猛进 运营商该何去何从", 通信世界, no. 17 * |
| 程淑荣: "边缘计算技术在企业专网中的应用", 《移动通信》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115243229A (en) * | 2022-05-30 | 2022-10-25 | 浪潮通信技术有限公司 | Cloud network fusion method, device and system, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113965332B (en) | 2023-08-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11005818B2 (en) | Dynamic, user-configurable virtual private network | |
| CN107959654B (en) | Data transmission method and device and mixed cloud system | |
| CN109561108B (en) | Policy-based container network resource isolation control method | |
| US10382401B1 (en) | Cloud over IP for enterprise hybrid cloud network and security | |
| CN107852365B (en) | Method and apparatus for dynamic VPN policy model | |
| EP2995067B1 (en) | A direct connect virtual private interface for a one to many connection with multiple virtual private clouds | |
| US20130305344A1 (en) | Enterprise network services over distributed clouds | |
| US9838261B2 (en) | Method, apparatus, and system for providing network traversing service | |
| US8713628B2 (en) | Method and system for providing cloud based network security services | |
| EP2922246B1 (en) | Method and data center network for cross-service zone communication | |
| CN102882758A (en) | Method for accessing virtual private cloud to network, network-side equipment and data center equipment | |
| CN108810993A (en) | Network is sliced selection method, equipment, UE, control plane functional entity and medium | |
| US11595393B2 (en) | Role-based access control policy auto generation | |
| CN111371664B (en) | Virtual private network access method and equipment | |
| CN110971626A (en) | Enterprise branch office access request processing method, device and system | |
| CN110089078B (en) | Method and apparatus for providing a traffic forwarder via a dynamic overlay network | |
| CN113765874B (en) | Private network and dual-mode networking method based on 5G mobile communication technology | |
| CN112822037B (en) | Flow arrangement method and system for security resource pool | |
| US20170310581A1 (en) | Communication Network, Communication Network Management Method, and Management System | |
| Shanmugam et al. | DEIDtect: towards distributed elastic intrusion detection | |
| US7822872B2 (en) | Multi-location distributed workplace network | |
| CN111756565A (en) | Managing satellite devices within a branch network | |
| Paolino et al. | Compute and network virtualization at the edge for 5G smart cities neutral host infrastructures | |
| CN113965332B (en) | Enterprise cloud loading method, equipment, system and storage medium | |
| US20180198708A1 (en) | Data center linking system and method therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |