CN117354090A - Cloud computing-based high-availability VPN realization system and method - Google Patents
Cloud computing-based high-availability VPN realization system and method Download PDFInfo
- Publication number
- CN117354090A CN117354090A CN202311463271.6A CN202311463271A CN117354090A CN 117354090 A CN117354090 A CN 117354090A CN 202311463271 A CN202311463271 A CN 202311463271A CN 117354090 A CN117354090 A CN 117354090A
- Authority
- CN
- China
- Prior art keywords
- vpn
- service
- function
- cloud computing
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000012423 maintenance Methods 0.000 claims abstract description 9
- 238000005516 engineering process Methods 0.000 claims abstract description 8
- 238000012544 monitoring process Methods 0.000 claims description 8
- 238000011084 recovery Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- RZVAJINKPMORJF-UHFFFAOYSA-N Acetaminophen Chemical compound CC(=O)NC1=CC=C(O)C=C1 RZVAJINKPMORJF-UHFFFAOYSA-N 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The invention relates to the technical field of Internet, in particular to a cloud computing-based high-availability VPN realization system and a cloud computing-based high-availability VPN realization method. A user can create a virtual machine in the virtual private cloud and build a server required by the user; the EIP service module provides a public network access function of the cloud computing platform and helps clients create or bind an elastic public network IP for VPN servers or other cloud resources in the virtual private cloud; the VPN service module is responsible for providing simple, quick, easy-to-maintain, automatic and high-safety high-availability VPN service deployment and maintenance for users; the beneficial effects are as follows: according to the cloud computing-based high-availability VPN realization system and method, the VPN service is integrated into the cloud computing platform, so that the VPN service is more convenient and efficient to deploy, high in automation, high in safety and lower in cost. In addition, the high availability of VPN service is realized by the keepalive technology.
Description
Technical Field
The invention relates to the technical field of Internet, in particular to a cloud computing-based high-availability VPN realization system and method.
Background
After the cloud computing platform creates cloud resources (such as cloud server ECS, cloud hard disk EBS and the like), the user can access the cloud resources by configuring public network IP for the cloud resources.
In the prior art, the method for providing the service access of the cloud resources for the clients has the advantages of high cost, complex process and high cost, and public network IP needs to be configured for each cloud resource independently; secondly, the security is poor, and the public network IP is configured for the cloud resources, which is equivalent to directly exposing the cloud resources in the public network, so that the security of data transmission cannot be ensured. The user can also realize safe and reliable public network access by adopting a mode of independently deploying VPN on the cloud, but clients need to purchase VPN products, the cost is higher, the deployment is complex, the configuration is complex, and the maintenance is difficult.
Disclosure of Invention
The invention aims to provide a cloud computing-based high-availability VPN realization system and method, which are used for solving the problems of complex operation, complex configuration, poor safety, high cost and the like in the background technology.
In order to achieve the above purpose, the present invention provides the following technical solutions: the system consists of a VPC service module, an EIP service module and a VPN service module;
and the VPC service module is used for the virtual private cloud function of the cloud computing platform and helping a user to establish a cloud network private to the user. A user can create a virtual machine in the virtual private cloud and build a server required by the user;
the EIP service module provides a public network access function of the cloud computing platform and helps clients create or bind an elastic public network IP for VPN servers or other cloud resources in the virtual private cloud;
and the VPN service module is responsible for providing the user with simple, quick, easy-to-maintain, automatic and high-security high-availability VPN service deployment and maintenance.
Preferably, the VPN service module includes a service deployment function, a service configuration function, a service backup function, a service restoration function, a VPN service function, a service monitoring function, and a dual hot standby function.
Preferably, the service deployment function helps the user to automatically deploy the VPN server in the VPC requiring the VPN service according to the service specification required by the user, and combines an EIP service module to allocate the EIP for the VPN server. And is also responsible for resource reclamation work performed after VPN service shutdown.
Preferably, the service configuration function helps the user to issue the configuration to the VPN server according to the user configuration information, so that the VPN server can normally provide VPN services.
Preferably, the service backup function provides a backup function of the VPN server;
and the service recovery function provides a backup recovery function of the VPN server.
Preferably, the VPN service function provides the VPN function required by the customer service, and comprises an SSL VPN and an IPsec VPN;
SSL VPN function: SSL VPN works between a transmission layer and an application layer based on HTTPS technology to help users establish an encryption tunnel between VPC on a cloud computing platform and a data center or terminal outside the cloud;
IPsec VPN function: IPSec VPN adopts IPSec protocol to realize remote access, provides secure communication channel for two private networks on public network, ensures connection security through encryption channel, and provides private data packet service between two public gateways.
Preferably, the service monitoring function provides a monitoring function for the VPN server. And in the service period of the user, carrying out inspection on the service data of the VPN server, recording a log, and sending an alarm to the user if the service data of the VPN server is abnormal.
Preferably, the dual-machine hot standby function provides a high availability function of the VPN server, and the system binds VIP for the VPN server group and monitors the state of the VPN server by using the keep-alive technology.
A method for implementing a high availability VPN based on cloud computing, the method comprising the steps of:
the VPN service is combined with the cloud computing platform, the virtual private cloud function of the cloud computing platform is provided, a user is helped to establish a cloud network private to the user, the elastic public network IP function of the cloud computing platform is provided, the client is helped to bind the elastic public network IP for a VPN server or other cloud resources in the virtual private cloud, and the user is provided with simple, quick, easy-to-maintain, automatic and high-availability VPN service deployment and maintenance with high safety.
Compared with the prior art, the invention has the beneficial effects that:
according to the cloud computing-based high-availability VPN realization system and method, the VPN service is integrated into the cloud computing platform, so that the VPN service is more convenient and efficient to deploy, high in automation, high in safety and lower in cost. In addition, by adopting the keepalive technology, the high availability of VPN service is realized, and the risk resistance is stronger.
Drawings
FIG. 1 is a schematic view of a cloud platform structure according to the present invention;
FIG. 2 is a flow chart of VPN service according to the present invention;
FIG. 3 is a schematic diagram of an SSL VPN architecture according to the present invention;
fig. 4 is a diagram of an IPsec VPN architecture according to the present invention.
Detailed Description
In order to make the objects, technical solutions, and advantages of the present invention more apparent, the embodiments of the present invention will be further described in detail with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are some, but not all, embodiments of the present invention, are intended to be illustrative only and not limiting of the embodiments of the present invention, and that all other embodiments obtained by persons of ordinary skill in the art without making any inventive effort are within the scope of the present invention.
Example 1
Referring to fig. 1 to 4, the present invention provides a technical solution: a highly available VPN implementation system based on cloud computing, as shown in FIG. 1, enables efficient and easy deployment of VPN services.
When the user needs to use the VPN service, the VPN service module firstly performs the creation work of the VPN server. As shown in (1) of fig. 2, the VPN service module creates a VPN server according to a service specification required by a user. The server is deployed in a service network and a Virtual Private Cloud (VPC) of a user, the user operates a VPN service module through a control network, and the VPN service module operates the VPN server through the service network to realize the deployment, configuration and other operations of the VPN server, so that the isolation of the control network and a service network is realized, and the security of a cloud service platform is improved. After the VPN server is successfully created, the VPN service module notifies the EIP service module of an elastic public network IP (EIP) required for creating the VPN server, and binds the VPN server and the EIP, as shown in (2), (3), and (4) in fig. 2, to complete the deployment of the VPN server.
The scheme mainly comprises the following service modules:
and (one) a VPC service module: the module is a basic function module of the cloud computing platform, mainly provides a virtual private cloud function of the cloud computing platform, and helps a user establish a private cloud network of the user. The user can create a virtual machine in the virtual private cloud and build a server required by the user.
(II) EIP service module: the module is a basic functional module of the cloud computing platform, mainly provides a public network access function of the cloud computing platform, and helps clients create or bind an elastic public network IP for VPN servers or other cloud resources in the virtual private cloud.
And (III) a VPN service module: the module is a main functional module of the scheme and is responsible for providing high-availability VPN service deployment and maintenance with simplicity, rapidness, easiness in maintenance, automation and high safety for users. The module mainly comprises the following functions:
(1) Service deployment function: according to the service specification required by the user, the user is helped to automatically deploy the VPN server in the VPC which needs to use the VPN service, and the EIP service module is combined to allocate the EIP for the VPN server. And is also responsible for resource reclamation work performed after VPN service shutdown.
(2) Service configuration function: and according to the user configuration information, helping the user to issue the configuration to the VPN server, so that the VPN server can normally provide VPN services. The module provides a standardized configuration template, a client can directly use VPN service through simple configuration, and the client can also carry out custom modification on special configuration items. When the client uses the IPsec VPN function, the present module also provides a peer configuration download function. After the configuration of the home gateway is completed, the user can download the corresponding configuration of the opposite gateway generated according to the home configuration, and the user can simply and quickly complete the configuration work of the opposite gateway according to the configuration.
(3) Service backup function: providing a backup function of the VPN server. The user can select manual backup, or can automatically backup after the system detects the state change of the VPN server. After the backup operation, the system generates an encrypted backup file based on the user configuration, and the user can download the backup file to a local store.
(4) Service restoration function: and providing a backup recovery function of the VPN server. After the user successfully deploys the VPN server through the service deployment function, the user can upload the backup file obtained through the service backup function through the function, and the system can complete automatic configuration according to the backup file.
(5) VPN traffic function: the module provides VPN functions required by customer service, comprising SSL VPN and IPsec VPN:
a) SSL VPN function: SSL VPN works between a transmission layer and an application layer based on HTTPS technology, and helps users establish an encryption tunnel between VPC on a cloud computing platform and a data center or terminal outside the cloud, as shown in figure 3.
b) IPsec VPN function: IPSec VPN uses the IPSec protocol to implement remote access, provides a secure communication channel for two private networks on the public network, ensures the security of the connection by means of an encryption channel, and provides a private data packet service between two public gateways, as shown in fig. 4.
(6) Service monitoring function: providing a monitoring function for the VPN server. And in the use period of the user, carrying out inspection on the service data of the VPN server, and recording a log. And if the VPN server service data is abnormal, giving an alarm to the user.
(7) Dual hot standby function: providing highly available functionality of VPN servers. If the function is started, the service deployment function establishes two VPN servers for clients to serve as hosts and standby machines of VPN services when the VPN servers are deployed. By using the keepalive technique, the system binds VIPs for VPN server groups and monitors VPN server status. If the host is down, the operation can be automatically switched to the standby machine, the VPN tunnel is automatically reconnected, and the subsequent host automatically becomes a new standby machine after the host is recovered to be normal.
Example two
On the basis of the first embodiment, a method for realizing a high-availability VPN based on cloud computing comprises the following steps:
the VPN service is combined with the cloud computing platform, the virtual private cloud function of the cloud computing platform is provided, a user is helped to establish a cloud network private to the user, the elastic public network IP function of the cloud computing platform is provided, the client is helped to bind the elastic public network IP for a VPN server or other cloud resources in the virtual private cloud, and the user is provided with simple, quick, easy-to-maintain, automatic and high-availability VPN service deployment and maintenance with high safety.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (9)
1. A cloud computing-based high-availability VPN implementation system is characterized in that: the system consists of a VPC service module, an EIP service module and a VPN service module;
the VPC service module is used for the virtual private cloud function of the cloud computing platform to help a user establish a private cloud network of the user, and the user can establish a virtual machine in the virtual private cloud and establish a server required by the user;
the EIP service module provides a public network access function of the cloud computing platform and helps clients create or bind an elastic public network IP for VPN servers or other cloud resources in the virtual private cloud;
and the VPN service module is responsible for providing the user with simple, quick, easy-to-maintain, automatic and high-security high-availability VPN service deployment and maintenance.
2. The cloud computing based high availability VPN implementation system of claim 1, wherein: the VPN service module comprises a service deployment function, a service configuration function, a service backup function, a service recovery function, a VPN service function, a service monitoring function and a dual-machine hot standby function.
3. The cloud computing based high availability VPN implementation system of claim 2, wherein: and the service deployment function is used for helping the user to automatically deploy the VPN server in the VPC requiring the VPN service according to the service specification required by the user, distributing the EIP for the VPN server by combining with the EIP service module and also taking charge of resource recovery work after the VPN service is closed.
4. The cloud computing based high availability VPN implementation system of claim 2, wherein: and the service configuration function helps the user to issue configuration to the VPN server according to the user configuration information, so that the VPN server can normally provide VPN service.
5. The cloud computing based high availability VPN implementation system of claim 2, wherein: a service backup function for providing a backup function of the VPN server;
and the service recovery function provides a backup recovery function of the VPN server.
6. The cloud computing based high availability VPN implementation system of claim 2, wherein: VPN service function, providing VPN function needed by customer service, including SSL VPN and IPsec VPN;
SSL VPN function: SSL VPN works between a transmission layer and an application layer based on HTTPS technology to help users establish an encryption tunnel between VPC on a cloud computing platform and a data center or terminal outside the cloud;
IPsec VPN function: IPSec VPN adopts IPSec protocol to realize remote access, provides secure communication channel for two private networks on public network, ensures connection security through encryption channel, and provides private data packet service between two public gateways.
7. The cloud computing based high availability VPN implementation system of claim 2, wherein: and the service monitoring function provides a monitoring function for the VPN server, the service data of the VPN server is inspected in the service period of the user, a log is recorded, and if the service data of the VPN server is abnormal, an alarm is sent to the user.
8. The cloud computing based high availability VPN implementation system of claim 2, wherein: the dual-machine hot standby function provides a high availability function of the VPN server, and the system binds VIP for the VPN server group and monitors the state of the VPN server by using a keep alive technology.
9. A cloud computing-based high availability VPN implementation method according to any of claims 1-8, characterized in that: the method comprises the following steps:
the VPN service is combined with the cloud computing platform, the virtual private cloud function of the cloud computing platform is provided, a user is helped to establish a cloud network private to the user, the elastic public network IP function of the cloud computing platform is provided, the client is helped to bind the elastic public network IP for a VPN server or other cloud resources in the virtual private cloud, and the user is provided with simple, quick, easy-to-maintain, automatic and high-availability VPN service deployment and maintenance with high safety.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311463271.6A CN117354090A (en) | 2023-11-06 | 2023-11-06 | Cloud computing-based high-availability VPN realization system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311463271.6A CN117354090A (en) | 2023-11-06 | 2023-11-06 | Cloud computing-based high-availability VPN realization system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117354090A true CN117354090A (en) | 2024-01-05 |
Family
ID=89363059
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311463271.6A Pending CN117354090A (en) | 2023-11-06 | 2023-11-06 | Cloud computing-based high-availability VPN realization system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117354090A (en) |
-
2023
- 2023-11-06 CN CN202311463271.6A patent/CN117354090A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110971442B (en) | Migrating workloads in a multi-cloud computing environment | |
| US9985930B2 (en) | Reverse proxy for accessing local network over the internet | |
| US7743155B2 (en) | Active-active operation for a cluster of SSL virtual private network (VPN) devices with load distribution | |
| CN109150685B (en) | Intelligent interconnection method and system for heterogeneous network | |
| EP3044913B1 (en) | Method and system for establishing virtual private networks between local area networks | |
| EP2840743A1 (en) | Method and system for realizing virtual network | |
| KR101408037B1 (en) | Virtual Machine Integration Monitoring Apparatus and method for Cloud system | |
| CN104780069B (en) | A kind of key-course towards SDN and data Layer communication port self-configuration method and its system | |
| US10523657B2 (en) | Endpoint privacy preservation with cloud conferencing | |
| US10361970B2 (en) | Automated instantiation of wireless virtual private networks | |
| JP2010521761A (en) | Management layer method and apparatus for dynamic allocation of remote computer resources | |
| US11546303B2 (en) | Automatic establishment of network tunnels by an SDWAN controller based on group and role assignments of network devices | |
| CN108390937B (en) | Remote monitoring method, device and storage medium | |
| CN108390774A (en) | A kind of wide area network network-building method and system based on software definition | |
| CN103684958A (en) | Method and system for providing flexible VPN (virtual private network) service and VPN service center | |
| CN111404801A (en) | Data processing method, device and system for cross-cloud manufacturer | |
| US10637717B2 (en) | Fault resilient virtual broadband gateway | |
| CN117354090A (en) | Cloud computing-based high-availability VPN realization system and method | |
| KR101686995B1 (en) | IPSec VPN Apparatus and system for using software defined network and network function virtualization and method thereof broadcasting | |
| CN113839824A (en) | Flow auditing method and device, electronic equipment and storage medium | |
| CN115134141A (en) | Micro-service container cluster cross-network communication system and communication method thereof | |
| CN111490924A (en) | Portable remote network routing system and establishing method thereof | |
| CN114363164A (en) | Cloud network service arrangement control method and system, storage medium and electronic equipment | |
| CN114553574B (en) | High-availability IPsecVPN implementation system based on cloud service platform | |
| CN110768887A (en) | IPv 6-based power gateway system and power data uploading/issuing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |