CN114710502A - Virtualization-based data security exchange method and system - Google Patents

Virtualization-based data security exchange method and system Download PDF

Info

Publication number
CN114710502A
CN114710502A CN202111621683.9A CN202111621683A CN114710502A CN 114710502 A CN114710502 A CN 114710502A CN 202111621683 A CN202111621683 A CN 202111621683A CN 114710502 A CN114710502 A CN 114710502A
Authority
CN
China
Prior art keywords
resources
virtualization
exchange
tenant
load balancing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111621683.9A
Other languages
Chinese (zh)
Inventor
孙强
郑传义
殷博
曲志峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD
Nanjing Zhongfu Information Technology Co Ltd
Zhongfu Information Co Ltd
Zhongfu Safety Technology Co Ltd
Original Assignee
BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD
Nanjing Zhongfu Information Technology Co Ltd
Zhongfu Information Co Ltd
Zhongfu Safety Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD, Nanjing Zhongfu Information Technology Co Ltd, Zhongfu Information Co Ltd, Zhongfu Safety Technology Co Ltd filed Critical BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD
Priority to CN202111621683.9A priority Critical patent/CN114710502A/en
Publication of CN114710502A publication Critical patent/CN114710502A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1012Server selection for load balancing based on compliance of requirements or conditions with available server resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms

Abstract

The invention discloses a data security exchange method and a system based on virtualization, belonging to the technical field of data sharing and security exchange, and comprising the following steps of carrying out virtualization management on equipment resources of a data security exchange system and isolation exchange equipment resources; the multi-tenant concept is used for managing users and resources, and when the tenants apply for the resources, exchange services can be used; dynamically scheduling user resources, monitoring the utilization rate of server resources in a cluster, and carrying out load balancing on data exchange services; the invention ensures the confidentiality, integrity and reliability of the data exchange service; and forming a resource pool, defining users by using a multi-tenant concept, and ensuring the independence and the safety of each user resource.

Description

Virtualization-based data security exchange method and system
Technical Field
The invention relates to the technical field of data sharing and secure exchange, in particular to a data secure exchange method and system based on virtualization.
Background
As the revenue of enterprises for data applications increases, more and more attention is paid to data assets. Each unit is also in a data center of the unit, and the demands of cloud application based on cloud computing technology, such as cloud office, government affair cloud and the like, are greatly increased.
Currently, data exchange is deployed in a machine room of an organization or an enterprise in a point application manner, and the data exchange completes configuration and application of the data exchange by allocating accounts. As the amount of data increases, the single-point mode can be extended to the cluster mode. In the existing cluster mode, the data exchange service and the isolation exchange equipment are in a 1:1 relationship, the expansibility is poor, resources are not well utilized, and the requirement of data fusion is not well supported. With the wide demand of data application, the current data exchange scheme is difficult to meet the demand of each unit, and the existing data exchange mode is limited by the conditions of physical form, region and the like of the existing resources, so that users can not better apply the data resources.
Based on this, the invention designs a virtualization-based data security exchange method to solve the above problems.
Disclosure of Invention
The present invention aims to provide a virtualization-based data security exchange method, so as to solve the problem that the current data exchange scheme proposed in the above background art is difficult to meet the requirements of each unit, and the existing data exchange mode is limited by the conditions of the physical form, the region, etc. of the existing resources, so that users cannot better apply the data resources.
In order to achieve the purpose, the invention provides the following technical scheme:
a virtualization-based data security exchange method comprises the following steps:
s1: performing virtualization management on equipment resources of the data security exchange system and isolation exchange equipment resources;
s2: the multi-tenant concept is used for managing users and resources, and when tenants apply for the resources, exchange services can be used;
s3: and dynamically scheduling user resources, monitoring the utilization rate of server resources in the cluster, and performing load balancing on the data exchange service.
Preferably, in S1, the virtualization management is to virtualize resources such as computation, storage, bandwidth, transmission channel, transmission speed, and the like of the switching platform to form a uniform resource pool, and perform resource security isolation, authority management, dynamic allocation, and scheduling according to a multi-tenant form.
Preferably, in S2, each user is assigned a separate domain name for distinguishing different tenants.
Preferably, the domain name is used for counting the currently used bandwidth according to the domain name by the data security exchange system when the user belonging to the tenant logs in the system to send data; if the bandwidth allocated by the current tenant is exceeded, the scheduling request fails; and if the bandwidth is less than the bandwidth allocated by the current tenant, returning the appropriate node IP address.
Preferably, in S3, the load balancing is specifically computation load balancing, storage load balancing, and isolation transmission load balancing, and the computation load balancing and the storage load balancing distribute loads to each node by monitoring the utilization rate of server resources in the cluster, so as to improve the utilization rate.
Preferably, the storage load balancing determines the load according to the available capacity in the storage and the I/O latency of accessing the file.
A data security exchange system based on virtualization comprises hardware equipment and a software system, wherein the hardware equipment comprises a CPU, a memory, a disk and an isolation transmission device, the software system comprises a data exchange multi-tenant management system and a resource virtualization management system, the data exchange multi-tenant management system is used for managing users and resources by using a multi-tenant concept, and the resource virtualization management system is used for abstracting and virtualizing system equipment resources.
Preferably, the management of the data exchange multi-tenant management system specifically includes:
b1, each user is assigned with a separate domain name as the unique identification of the user;
b2, logging in the system and configuring system information;
b3, applying for hardware and software resources.
Preferably, the virtualization of the resource virtualization management system is specifically virtualization
C1: unified management and allocation of physical resources;
c2: forming a virtualized resource pool after the resources are virtualized;
c3: the allocated resources correspond to the tenants, and the resources of the tenants are independent.
Compared with the prior art, the invention has the beneficial effects that:
the invention ensures the confidentiality, the integrity and the reliability of the data exchange service. The method comprises the steps that a virtualization technology is used for carrying out abstract conversion on CPU resources, memory resources, disk resources, network card resources and isolation transmission resources of hardware equipment to form a resource pool; defining users by using a multi-tenant concept, and ensuring the independence and the safety of each user resource; the user does not need to care about the distribution condition of each resource, and the inside can dynamically and timely balance and adjust the load of each resource, and can increase or decrease each resource at any time.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic view of tenant management according to the present invention;
FIG. 2 is a diagram illustrating resource virtualization according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without any inventive step, are within the scope of the present invention.
Referring to fig. 1-2, the present invention provides a technical solution:
a virtualization-based data security exchange method comprises the following steps:
s1: performing virtualization management on equipment resources of the data security exchange system and isolation exchange equipment resources;
s2: the multi-tenant concept is used for managing users and resources, and when tenants apply for the resources, exchange services can be used;
s3: and dynamically scheduling user resources, monitoring the utilization rate of server resources in the cluster, and performing load balancing on the data exchange service.
A data security exchange system based on virtualization comprises hardware equipment and a software system, wherein the hardware equipment comprises a CPU, a memory, a disk and an isolation transmission device, the software system comprises a data exchange multi-tenant management system and a resource virtualization management system, the data exchange multi-tenant management system is used for managing users and resources by using a multi-tenant concept, and the resource virtualization management system is used for abstracting and virtualizing system equipment resources.
The method comprises the following steps: abstracting and virtualizing system equipment resources;
step two: managing users and resources using a multi-tenant concept;
step three: dynamically scheduling user resources and performing load balancing on data exchange services.
In the first step, the device resources of the data security exchange system and the isolation exchange device resources are subjected to virtualization management. Resources such as calculation, storage, bandwidth, transmission channel, transmission speed and the like of the exchange platform are virtualized to form a uniform resource pool, and resource safety isolation, authority management, dynamic allocation and scheduling are performed according to a multi-tenant mode, so that the resource utilization rate and the operation efficiency of the system are greatly improved, and the mass data exchange requirements of various application systems are met.
In the second step, in the multi-tenant scenario, the tenant applies for system resources. When the tenant applies for the resource, the exchange service can be used. In order to distinguish different tenants, each user is assigned a separate domain name as the unique identification of the user. The angelica belongs to the user of the tenant, and when the data is sent by logging in the system, the data exchange system can count the currently used bandwidth according to the domain name. If the bandwidth allocated by the current tenant is exceeded, the scheduling request fails; and if the current bandwidth is less than the bandwidth allocated by the current tenant, returning the appropriate node IP address.
In step three, computational load balancing monitors the utilization of server resources in the cluster to evaluate where a switching task should be assigned. This allows better utilization of the current resources and distribution of load to the nodes. Computational load balancing evaluates where to perform the exchange task to improve utilization of computational resources, and storage load balancing also improves storage utilization in this manner. Storage load balancing evaluates in which available storage space to save temporary files and cached files. Storage load balancing is determined by the amount of available capacity in storage, and the I/O latency of accessing files. This ensures that the file is not kept on the already overloaded storage without other storage being underutilized, and significant I/O latency is also experienced to access this file.
The invention presents the server, the computing resource, the network resource, the storage resource and the like after abstract conversion, realizes that the data exchange service and the isolation exchange equipment can be expanded as required, fully utilizes the existing resources to finish the sharing and exchange of data, and meets the requirement of large data volume of a client.
The user does not need to care about the distribution condition of each resource, and the inside can dynamically and timely balance and adjust each resource load. Can increase or decrease each resource at any time. Such as the physical addition or subtraction of a server, the entire data exchange system automatically adjusts resources. The data exchange system can dynamically and uniformly transmit the data files with different sizes to the isolation exchange equipment in priority level by level when the data files are to be transmitted.
As shown in fig. 1, data exchange multi-tenant management includes:
b1, each user is assigned with a separate domain name as the unique identification of the user;
b2, logging in the system, and configuring system information;
b3, application hardware and software resources.
As shown in fig. 2, the resource virtualization management includes:
c1, unified management and allocation of physical resources;
c2, forming a virtualized resource pool after resource virtualization;
c3, the allocated resources correspond to the tenants, and the resources of the tenants are independent.
According to the technical scheme, the invention has the following advantages:
the invention breaks through the limitation of the physical form, the region and other conditions of the existing resources and completely meets the requirement of the cloud application on the data exchange service.
In the process, resource virtualization processing is carried out from hardware equipment (CPU, memory, disk and isolated transmission equipment) to resources of a software system (transmission channel and transmission speed). For each user, the system is an independent set of data security exchange system.
The invention ensures the confidentiality, the integrity and the reliability of the data exchange service. The method comprises the steps that a virtualization technology is used for carrying out abstract conversion on CPU resources, memory resources, disk resources, network card resources and isolation transmission resources of hardware equipment to form a resource pool; defining users by using a multi-tenant concept, and ensuring the independence and the safety of each user resource; the user does not need to care about the distribution condition of each resource, and the inside can dynamically and timely balance and adjust the load of each resource, and can increase or decrease each resource at any time.
In the description herein, references to the description of "one embodiment," "an example," "a specific example," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise embodiments disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims (9)

1. A virtualization-based data security exchange method is characterized by comprising the following steps:
s1: performing virtualization management on equipment resources of the data security exchange system and isolation exchange equipment resources;
s2: the multi-tenant concept is used for managing users and resources, and when the tenants apply for the resources, exchange services can be used;
s3: and dynamically scheduling user resources, monitoring the utilization rate of server resources in the cluster, and performing load balancing on the data exchange service.
2. The virtualization-based data secure exchange method according to claim 1, wherein: in S1, the virtualization management is to virtualize resources such as computation, storage, bandwidth, transmission channel, transmission speed, etc. of the switching platform to form a uniform resource pool, and perform resource security isolation, authority management, dynamic allocation, and scheduling in a multi-tenant manner.
3. The virtualization-based data secure exchange method according to claim 1, wherein: in S2, the users are all assigned a separate domain name for distinguishing different tenants.
4. A virtualization-based data security exchange method according to claim 3, wherein: when the domain name is used for the angelica to log in the system to send data, the data security exchange system counts the currently used bandwidth according to the domain name; if the bandwidth allocated by the current tenant is exceeded, the scheduling request fails; and if the current bandwidth is less than the bandwidth allocated by the current tenant, returning the appropriate node IP address.
5. The virtualization-based data secure exchange method according to claim 1, wherein: in S3, the load balancing includes computation load balancing, storage load balancing, and isolation transmission load balancing, where the computation load balancing and the storage load balancing both distribute loads to each node by monitoring the utilization rate of server resources in the cluster, and improve the utilization rate.
6. The virtualization-based data secure exchange method according to claim 5, wherein: the storage load balancing determines load based on available capacity in storage and I/O latency to access files.
7. A virtualization-based data security exchange system, which is applied to any one of the virtualization-based data security exchange methods of claims 1 to 6, and is characterized in that: the hardware device comprises a CPU, a memory, a disk and an isolation transmission device, the software system comprises a data exchange multi-tenant management system and a resource virtualization management system, the data exchange multi-tenant management system is used for managing users and resources by using a multi-tenant concept, and the resource virtualization management system is used for abstracting and virtualizing system device resources.
8. The virtualization-based data security exchange system according to claim 7, wherein: the management of the data exchange multi-tenant management system specifically comprises the following steps:
b1, each user is assigned with a separate domain name as the unique identification of the user;
b2, logging in the system and configuring system information;
b3 application for hardware and software resources.
9. The virtualization-based data security exchange system according to claim 7, wherein: the virtualization of the resource virtualization management system is specifically
C1: unified management and allocation of physical resources;
c2: forming a virtualized resource pool after the resources are virtualized;
c3: the allocated resources correspond to the tenants, and the resources between the tenants are independent.
CN202111621683.9A 2021-12-28 2021-12-28 Virtualization-based data security exchange method and system Pending CN114710502A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111621683.9A CN114710502A (en) 2021-12-28 2021-12-28 Virtualization-based data security exchange method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111621683.9A CN114710502A (en) 2021-12-28 2021-12-28 Virtualization-based data security exchange method and system

Publications (1)

Publication Number Publication Date
CN114710502A true CN114710502A (en) 2022-07-05

Family

ID=82166823

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111621683.9A Pending CN114710502A (en) 2021-12-28 2021-12-28 Virtualization-based data security exchange method and system

Country Status (1)

Country Link
CN (1) CN114710502A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104142864A (en) * 2014-08-07 2014-11-12 浪潮电子信息产业股份有限公司 Multi-tenant performance isolation framework based on virtualization technology
CN104580505A (en) * 2015-01-26 2015-04-29 中国联合网络通信集团有限公司 Tenant isolating method and system
CN107071045A (en) * 2017-05-08 2017-08-18 深信服科技股份有限公司 A kind of resource scheduling system based on multi-tenant
CN108566412A (en) * 2018-02-13 2018-09-21 深圳太极云软技术股份有限公司 A kind of data service method and data service device
CN112231053A (en) * 2020-09-29 2021-01-15 新华三信息安全技术有限公司 Load balancing service distribution method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104142864A (en) * 2014-08-07 2014-11-12 浪潮电子信息产业股份有限公司 Multi-tenant performance isolation framework based on virtualization technology
CN104580505A (en) * 2015-01-26 2015-04-29 中国联合网络通信集团有限公司 Tenant isolating method and system
CN107071045A (en) * 2017-05-08 2017-08-18 深信服科技股份有限公司 A kind of resource scheduling system based on multi-tenant
CN108566412A (en) * 2018-02-13 2018-09-21 深圳太极云软技术股份有限公司 A kind of data service method and data service device
CN112231053A (en) * 2020-09-29 2021-01-15 新华三信息安全技术有限公司 Load balancing service distribution method and device

Similar Documents

Publication Publication Date Title
US9497139B2 (en) Client-allocatable bandwidth pools
US8462632B1 (en) Network traffic control
CN106375395B (en) The load-balancing method and system of node server
JP3879471B2 (en) Computer resource allocation method
US8832063B1 (en) Dynamic request throttling
US9154589B1 (en) Bandwidth-optimized cloud resource placement service
US10042772B2 (en) Dynamic structural management of a distributed caching infrastructure
CN103067293B (en) Method and system for multiplex and connection management of a load balancer
US9306870B1 (en) Emulating circuit switching in cloud networking environments
US20070180453A1 (en) On demand application scheduling in a heterogeneous workload environment
JP2002024192A (en) Device and method for dividing computer resources
JP2017514243A (en) Coordinated admission control for network accessible block storage
Mishra et al. Time efficient dynamic threshold-based load balancing technique for Cloud Computing
US10846788B1 (en) Resource group traffic rate service
CN108028850B (en) Private cloud management platform
WO2024016596A1 (en) Container cluster scheduling method and apparatus, device, and storage medium
US9292466B1 (en) Traffic control for prioritized virtual machines
WO2021120633A1 (en) Load balancing method and related device
CN110661865A (en) Network communication method and network communication architecture
Saravanakumar et al. An Efficient On-Demand Virtual Machine Migration in Cloud Using Common Deployment Model.
Saeed et al. Load balancing on cloud analyst using first come first serve scheduling algorithm
US20210157652A1 (en) Customized partitioning of compute instances
Xing et al. Geographic-based service request scheduling model for mobile cloud computing
CN114710502A (en) Virtualization-based data security exchange method and system
CN114675972A (en) Method and system for flexibly scheduling cloud network resources based on integral algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination