CN116582541A - Proxy method, domain name resolution server and gateway for zero-trust SDP system - Google Patents
Proxy method, domain name resolution server and gateway for zero-trust SDP system Download PDFInfo
- Publication number
- CN116582541A CN116582541A CN202310537776.6A CN202310537776A CN116582541A CN 116582541 A CN116582541 A CN 116582541A CN 202310537776 A CN202310537776 A CN 202310537776A CN 116582541 A CN116582541 A CN 116582541A
- Authority
- CN
- China
- Prior art keywords
- domain name
- proxy
- sdp
- trust
- zero
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000004044 response Effects 0.000 claims abstract description 4
- 238000004590 computer program Methods 0.000 claims description 14
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000002955 isolation Methods 0.000 description 2
- 230000008447 perception Effects 0.000 description 2
- 241000412611 Consul Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/10015—Access to distributed or replicated servers, e.g. using brokers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/566—Grouping or aggregating service requests, e.g. for unified processing
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application discloses a proxy method, a domain name resolution server and a gateway for a zero-trust SDP system. The method comprises the following steps: receiving an HTTP request sent by a user terminal; when the proxy gateway fails in the zero-trust SDP system and the working mode is switched to the escape mode in response to the configuration of a user, a request is sent to the proxy gateway; the proxy gateway is used for searching a corresponding target source station address in a pre-established application domain name database according to the application domain name contained in the request, and forwarding the request to a corresponding target server of the target source station address; and receiving a feedback result from the target server forwarded by the proxy gateway, and sending the feedback result to the user terminal. When the zero trust platform fails, the proxy gateway can be switched to the escape mode by one key, so that the request of the proxy user through the proxy gateway is realized, the service system can be accessed through the proxy gateway even if the zero trust SDP system fails, and the service can work normally.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a proxy method, a domain name resolution server, and a gateway for a zero trust SDP system.
Background
The zero trust platform is composed of three parts of a center, a component and a service, the advantages of a technical scheme including a software definition boundary (SDP), identity and Access Management (IAM) and micro isolation (MSG) are fully integrated in a platform form, optimal trusted access control and safety isolation are achieved through innovation of key technologies, the safety effect of 'never trust and always verification' is achieved for access of users in a service layer, a data layer and a terminal layer, the overall safety level is improved, and meanwhile, the safety complexity and the operation cost are reduced.
The escape passage is used for enabling the service to be separated from the unavailable zero-trust SDP system, and the original service system continues to operate in a safe standby system. The escape channel is only started when the zero-trust SDP system has serious faults, and is automatically closed after the faults are removed. It can be said that escape routes are a special form of system that is highly available.
The inventor has realized that zero trust architecture aims at enhancing security to protect enterprise assets' systems and operational design guidelines, and that the current zero trust architecture platform itself does not have the ability to escape quickly (escape mechanism) to guarantee service availability in priority, which may lead to a decrease in stability. While reliability is still of prime concern to the user for the service itself.
Disclosure of Invention
Based on the above, aiming at the technical problems, a proxy method, a domain name resolution server and a gateway aiming at a zero-trust SDP system are provided to solve the technical problem that the existing zero-trust architecture system does not have escape capability.
In order to achieve the above object, the present application provides the following technical solutions:
in a first aspect, a proxy method for a zero-trust SDP system, applied to a domain name resolution server, includes:
receiving an HTTP request sent by a user terminal;
when the proxy gateway fails in the zero-trust SDP system and the working mode is switched to the escape mode in response to the configuration of a user, the HTTP request is sent to the proxy gateway; the proxy gateway is used for searching a corresponding target source station address in a pre-established application domain name database according to the application domain name contained in the HTTP request, and forwarding the HTTP request to a corresponding target server of the target source station address;
and receiving a feedback result forwarded by the proxy gateway from the target server, and sending the feedback result to the user terminal.
Optionally, the method further comprises:
when the proxy gateway responds to the configuration of a user to switch the working mode into an SDP client downloading mode, the HTTP request is sent to the proxy gateway; the proxy gateway is used for acquiring a preset SDP client downloading page;
and receiving a preset SDP client downloading page sent by the proxy gateway, and sending the preset SDP client downloading page to a user terminal.
Optionally, the method further comprises:
when the proxy gateway works normally in the zero-trust SDP system and responds to the configuration setting of the user to be closed, and the user logs in the zero-trust SDP system, the HTTP request is forwarded to a corresponding target server through the tunnel gateway;
and receiving a feedback result forwarded by the tunnel gateway from the target server, and sending the feedback result to the user terminal.
Optionally, the application domain name database includes a plurality of application domain names, a target source address corresponding to each application domain name, whether each application domain name designates SSL digital certificates, a certificate file of each application domain name, and a certificate key of each application domain name.
In a second aspect, a proxy method for a zero-trust SDP system is applied to a proxy gateway, and the method includes:
receiving an application domain name and a corresponding source station address input by an administrator, and establishing an application domain name database;
when the zero trust SDP system fails, responding to the configuration of an administrator, and switching the working mode into an escape mode;
when an HTTP request from a user terminal sent by a domain name resolution server is received, searching a corresponding target source station address in an application domain name database according to an application domain name contained in the HTTP request;
forwarding the HTTP request to a corresponding target server of the target source station address;
and receiving a feedback result sent by the target server, and forwarding the feedback result to a user terminal through the domain name resolution server.
Optionally, the method further comprises:
responding to the configuration of an administrator, and switching the working mode into an SDP client downloading mode;
when an HTTP request from a user terminal sent by a domain name resolution server is received, acquiring a preset SDP client downloading page;
and forwarding the preset SDP client downloading page to a user terminal through the domain name resolution server.
In a third aspect, a domain name resolution server comprises a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of the first aspects when executing the computer program.
A fourth aspect, a proxy gateway comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of the second aspects when executing the computer program.
The application has at least the following beneficial effects:
according to the proxy method for the zero-trust SDP system, when the zero-trust platform fails, the proxy gateway can be switched to the escape mode by one key, and the application domain name database is pre-established in the proxy gateway, so that the HTTP request of a proxy user through the proxy gateway is realized, then the request is forwarded to a server on an internal network, and a result obtained from the server is returned to the user, so that even if the zero-trust SDP system fails and cannot be repaired quickly in a short time, a service system can be accessed through the proxy gateway, the service can work normally in the escape mode, and the stability and reliability are improved.
Drawings
Fig. 1 is a schematic diagram of an application environment of a proxy method for a zero-trust SDP system according to an embodiment of the present application;
fig. 2 is a flowchart of a proxy method for a zero-trust SDP system according to an embodiment of the present application;
fig. 3 is a flowchart of another proxy method for a zero-trust SDP system according to an embodiment of the present application;
FIG. 4 is a schematic view of an escape mode according to an embodiment of the present application;
fig. 5 is a block diagram of a module architecture of a proxy device for a zero-trust SDP system according to an embodiment of the present application;
fig. 6 is an internal structure diagram of a domain name resolution server according to an embodiment of the present application.
Reference numerals illustrate:
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The proxy method for the zero-trust SDP system provided by the application can be applied to an application environment shown in figure 1. The domain name resolution server 102 communicates with the user terminal 101, the proxy gateway 103 and the tunnel gateway 104 through a network; the user terminal 101 may be, but not limited to, various personal computers, notebook computers, smart phones, and tablet computers, and the domain name resolution server 102 may be implemented as a stand-alone server or a server cluster composed of a plurality of servers.
Example 1
In this embodiment, as shown in fig. 2, a proxy method for a zero-trust SDP system is provided, and the method is applied to the domain name resolution server 102 in fig. 1 for illustration, and includes the following steps:
s201, receiving an HTTP request sent by a user terminal.
S202, when the proxy gateway fails in the zero-trust SDP system and responds to the configuration of a user to switch the working mode into the escape mode, an HTTP request is sent to the proxy gateway; the proxy gateway is used for searching a corresponding target source station address in a pre-established application domain name database according to the application domain name contained in the HTTP request, and forwarding the HTTP request to a corresponding target server of the target source station address.
The pre-established application domain name database comprises a plurality of application domain names, a target source station address corresponding to each application domain name, whether each application domain name designates an SSL digital certificate, a certificate file of each application domain name, a certificate key of each application domain name and other information.
S203, receiving the feedback result from the target server forwarded by the proxy gateway, and sending the feedback result to the user terminal.
Further, the method further comprises:
when the proxy gateway responds to the configuration of a user to switch the working mode into an SDP client downloading mode, an HTTP request is sent to the proxy gateway; the proxy gateway is used for acquiring a preset SDP client downloading page;
and receiving a preset SDP client downloading page sent by the proxy gateway, and sending the preset SDP client downloading page to the user terminal.
Further, the method further comprises:
when the proxy gateway works normally in the zero-trust SDP system and responds to the configuration setting of the user to be closed, and the user logs in the zero-trust SDP system, the HTTP request is forwarded to the corresponding target server through the tunnel gateway;
and receiving a feedback result forwarded by the tunnel gateway from the target server, and sending the feedback result to the user terminal.
Through the agent method for the zero-trust SDP system, when the zero-trust platform fails, the agent gateway can be switched to the escape mode by one key, an application domain name database is pre-established in the agent gateway, and the application domain name database contains the service system domain name and the corresponding target source station address, so that the HTTP request of the agent gateway agent user is realized, the request is forwarded to the server on the internal network, and the result obtained from the server is returned to the user, so that even if the zero-trust SDP system fails and cannot be quickly repaired in a short time, the service system can be accessed through the agent gateway, the service can normally work in the escape mode, and the stability and reliability are improved.
In summary, by the agent method for the zero-trust SDP system, when the gateway fault occurs in the SDP mode of the zero-trust platform, the quick escape of service access can be realized through transparent mode deployment; the self-signed certificate marks the certificate as a trusted certificate in the computer system when installed by the dp client.
Example two
In this embodiment, as shown in fig. 3, another proxy method for the zero-trust SDP system is provided, and the application of the method to the proxy gateway 103 in fig. 1 is taken as an example and illustrated, and the method includes the following steps:
s301, receiving an application domain name and a corresponding source station address input by an administrator, and establishing an application domain name database;
s302, when a zero trust SDP system fails, responding to the configuration of an administrator, and switching the working mode into an escape mode;
s303, when an HTTP request from a user terminal sent by a domain name resolution server is received, searching a corresponding target source station address in an application domain name database according to an application domain name contained in the HTTP request;
s304, the HTTP request is forwarded to a corresponding target server of the target source station address;
s305, receiving a feedback result sent by the target server, and forwarding the feedback result to the user terminal through the domain name resolution server.
Further, the method further comprises:
responding to the configuration of an administrator, and switching the working mode into an SDP client downloading mode;
when an HTTP request from a user terminal sent by a domain name resolution server is received, acquiring a preset SDP client downloading page;
and forwarding the preset SDP client downloading page to the user terminal through the domain name resolution server.
In other words, the method provided by the embodiment of the present application is an escape gateway technology based on a proxy mode under a zero trust platform, and can be seen from fig. 4, which includes the following steps:
1. the manager logs in the escape gateway management platform and can configure the operation mode of the escape gateway: escape mode or sdp client download mode;
2. the manager logs in the escape gateway management platform and can configure the domain name of service application, the ip port of a source station of service, whether an SSL digital certificate is appointed or not and other information;
3. when the escape mode is configured, the user can be proxied to access the service through the escape gateway;
4. when configuring an SDP client downloading mode, the escape gateway can proxy an application accessed by a user to an SDP client downloading page; the address of the SDP client downloading page needs to be appointed, so that when a user accesses the service system, the service system can be normally opened if the user logs in the SDP and opens the zero trust security protection, otherwise, the SDP client downloading page is always displayed when the service system is opened; that is, in the non-escape mode, only the SDP is logged in to open the service system;
5. the domain name of the service system is normally resolved to the escape gateway IP by default, and when a user logs in the SDP, the DNS is resolved to the application IP in the zero trust mode;
6. when the zero trust platform SDP has serious faults, an administrator switches the escape mode by one key. When a user accesses a service system, the user accesses the service application through the escape gateway mode reverse proxy, and the influence surface caused by faults is contracted.
In general, escape is a way specifically designed to provide a simple way of directly accessing business applications in the event of a failure of the business system through the original security control system.
The escape gateway is a reverse proxy gateway and can dynamically read the proxy server of the configuration file according to different applications/services of the configuration proxy of an administrator.
Reverse proxy refers to receiving a request from a client with a proxy server, forwarding the request to a server on an internal network, and returning the result from the server to the client, where the proxy server appears as a reverse proxy server to the outside. The escape gateway utilized in the embodiment is novel HTTP reverse proxy and load balancing software of cloud native, and micro services can be easily deployed. The system supports various back ends (Docker, redis, consul, etcd, zookeeper, restAPI, file) and can automatically and dynamically manage the configuration.
The escape gateway is an agent controller for realizing an escape mechanism, is in a closed state or is set to an SDP downloading mode by default at ordinary times, can be started or is switched by one key in emergency, and can transfer the access of a user to the service system through the agent controller when in the escape state mode, so that the normal operation of the service system can be quickly recovered when a zero trust platform has serious faults, and the defect of the stability of an SDP network is overcome.
The control plane can be switched to the traditional network control plane in a one-key fast and non-perception manner when the zero trust platform fails, and can be switched to the SDP zero trust mode or the escape mode in a one-key fast and non-perception manner.
It should be understood that, although the steps in the flowcharts of fig. 2-3 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 2-3 may include multiple steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the steps or stages in other steps or other steps.
Example III
In this embodiment, as shown in fig. 5, there is provided a proxy device for a zero-trust SDP system, including the following program modules:
a request receiving module 501, configured to receive an HTTP request sent by a user terminal;
a proxy module 502, configured to send an HTTP request to the proxy gateway when the proxy gateway fails in the zero-trust SDP system and switches the working mode to the escape mode in response to the configuration of the user; the proxy gateway is used for searching a corresponding target source station address in a pre-established application domain name database according to the application domain name contained in the HTTP request, and forwarding the HTTP request to a corresponding target server of the target source station address;
and the feedback result forwarding module 503 is configured to receive the feedback result from the target server forwarded by the proxy gateway, and send the feedback result to the user terminal.
For a specific limitation of a proxy device for the zero-trust SDP system, reference may be made to the limitation of a proxy method for the zero-trust SDP system in the first embodiment, which is not described herein. The various modules in a proxy device for a zero trust SDP system described above may be implemented in whole or in part in software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
Example IV
In this embodiment, a domain name resolution server is provided, and the internal structure thereof may be as shown in fig. 6. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a proxy method for a zero trust SDP system as provided in the first embodiment.
It will be appreciated by those skilled in the art that the structure shown in FIG. 6 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a proxy gateway is provided, including a memory and a processor, where the memory stores a computer program that, when executed by the processor, implements a proxy method for a zero-trust SDP system provided by the second embodiment.
In one embodiment, a computer readable storage medium having a computer program stored thereon is provided, involving all or part of the flow of the methods of the embodiments described above.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile memory may include Read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, or the like. Volatile memory can include Random access memory (Random AccessMemory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can take many forms, such as static random access memory (StaticRandomAccessMemory, SRAM) or dynamic random access memory (DynamicRandomAccessMemory, DRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (8)
1. A proxy method for a zero trust SDP system, applied to a domain name resolution server, the method comprising:
receiving an HTTP request sent by a user terminal;
when the proxy gateway fails in the zero-trust SDP system and the working mode is switched to the escape mode in response to the configuration of a user, the HTTP request is sent to the proxy gateway; the proxy gateway is used for searching a corresponding target source station address in a pre-established application domain name database according to the application domain name contained in the HTTP request, and forwarding the HTTP request to a corresponding target server of the target source station address;
and receiving a feedback result forwarded by the proxy gateway from the target server, and sending the feedback result to the user terminal.
2. A proxy method for a zero trust SDP system in accordance with claim 1, the method further comprising:
when the proxy gateway responds to the configuration of a user to switch the working mode into an SDP client downloading mode, the HTTP request is sent to the proxy gateway; the proxy gateway is used for acquiring a preset SDP client downloading page;
and receiving a preset SDP client downloading page sent by the proxy gateway, and sending the preset SDP client downloading page to a user terminal.
3. A proxy method for a zero trust SDP system in accordance with claim 1, the method further comprising:
when the proxy gateway works normally in the zero-trust SDP system and responds to the configuration setting of the user to be closed, and the user logs in the zero-trust SDP system, the HTTP request is forwarded to a corresponding target server through the tunnel gateway;
and receiving a feedback result forwarded by the tunnel gateway from the target server, and sending the feedback result to the user terminal.
4. The proxy method for zero-trust SDP system of claim 1, wherein the application domain name database comprises a plurality of application domain names, a destination source address corresponding to each application domain name, whether each application domain name specifies an SSL digital certificate, a certificate file for each application domain name, and a certificate key for each application domain name.
5. A proxy method for a zero-trust SDP system, applied to a proxy gateway, the method comprising:
receiving an application domain name and a corresponding source station address input by an administrator, and establishing an application domain name database;
when the zero trust SDP system fails, responding to the configuration of an administrator, and switching the working mode into an escape mode;
when an HTTP request from a user terminal sent by a domain name resolution server is received, searching a corresponding target source station address in an application domain name database according to an application domain name contained in the HTTP request;
forwarding the HTTP request to a corresponding target server of the target source station address;
and receiving a feedback result sent by the target server, and forwarding the feedback result to a user terminal through the domain name resolution server.
6. A proxy method for a zero trust SDP system in accordance with claim 5, further comprising:
responding to the configuration of an administrator, and switching the working mode into an SDP client downloading mode;
when an HTTP request from a user terminal sent by a domain name resolution server is received, acquiring a preset SDP client downloading page;
and forwarding the preset SDP client downloading page to a user terminal through the domain name resolution server.
7. A domain name resolution server comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 4 when the computer program is executed.
8. A proxy gateway comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 5 to 6 when the computer program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310537776.6A CN116582541A (en) | 2023-05-12 | 2023-05-12 | Proxy method, domain name resolution server and gateway for zero-trust SDP system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310537776.6A CN116582541A (en) | 2023-05-12 | 2023-05-12 | Proxy method, domain name resolution server and gateway for zero-trust SDP system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116582541A true CN116582541A (en) | 2023-08-11 |
Family
ID=87540762
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310537776.6A Pending CN116582541A (en) | 2023-05-12 | 2023-05-12 | Proxy method, domain name resolution server and gateway for zero-trust SDP system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116582541A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117201112A (en) * | 2023-09-06 | 2023-12-08 | 江南信安(北京)科技有限公司 | Data access processing method and system based on all-node zero-trust gateway |
-
2023
- 2023-05-12 CN CN202310537776.6A patent/CN116582541A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117201112A (en) * | 2023-09-06 | 2023-12-08 | 江南信安(北京)科技有限公司 | Data access processing method and system based on all-node zero-trust gateway |
| CN117201112B (en) * | 2023-09-06 | 2024-06-04 | 江南信安(北京)科技有限公司 | Data access processing method and system based on all-node zero-trust gateway |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3337097B1 (en) | Network element upgrading method and device | |
| US11082303B2 (en) | Remotely hosted management of network virtualization | |
| CN107707410B (en) | Method for configuring system audit service, information processing device and readable storage medium | |
| US9306949B1 (en) | Configure interconnections between networks hosted in datacenters | |
| US11489873B2 (en) | Security policy deployment method and apparatus | |
| US10447498B2 (en) | Facilitating communications between virtual private clouds hosted by different cloud providers | |
| US11895081B2 (en) | Distributed network address translation over network environments | |
| US20130283335A1 (en) | Systems and methods for applying policy wrappers to computer applications | |
| US11507439B1 (en) | Application programming interface as a service | |
| US9398121B1 (en) | Selecting among virtual networking protocols | |
| US20040010583A1 (en) | Method and apparatus for defining failover events in a network device | |
| US12074918B2 (en) | Network-based Media Processing (NBMP) workflow management through 5G Framework for Live Uplink Streaming (FLUS) control | |
| CN112350918A (en) | Service traffic scheduling method, device, equipment and storage medium | |
| CN114731291A (en) | Security service | |
| CN109445988B (en) | Heterogeneous disaster recovery method, device, system, server and disaster recovery platform | |
| CN112202853A (en) | Data synchronization method, system, computer device and storage medium | |
| CN116582541A (en) | Proxy method, domain name resolution server and gateway for zero-trust SDP system | |
| CN116319927A (en) | Service calling method, electronic equipment and system in hybrid cloud environment | |
| CN110635928A (en) | Control method, control device and computer storage medium | |
| US8417832B2 (en) | Routing a session initiation protocol (SIP) message in a communication system | |
| US10534795B2 (en) | Maintaining consistent subscriber data on geo-redundant subscriber databases | |
| CN108366087B (en) | ISCSI service realization method and device based on distributed file system | |
| US8982902B1 (en) | Backup server architecture in a VoIP system | |
| US20180248791A1 (en) | Customer premises equipment virtualization | |
| CN112003794B (en) | Floating IP current limiting method, system, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |