CN117407903A - Data encryption backup method, device and server of target cluster - Google Patents

Data encryption backup method, device and server of target cluster Download PDF

Info

Publication number
CN117407903A
CN117407903A CN202311609660.5A CN202311609660A CN117407903A CN 117407903 A CN117407903 A CN 117407903A CN 202311609660 A CN202311609660 A CN 202311609660A CN 117407903 A CN117407903 A CN 117407903A
Authority
CN
China
Prior art keywords
backup
target
file
cluster
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311609660.5A
Other languages
Chinese (zh)
Inventor
任岗
吴晓晔
潘磊
周炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202311609660.5A priority Critical patent/CN117407903A/en
Publication of CN117407903A publication Critical patent/CN117407903A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Quality & Reliability (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The specification provides a data encryption backup method, device and server of a target cluster, which can be used in the technical field of data security. When the database data of the target cluster needs to be backed up by utilizing the target backup tool, splitting the database data of the target cluster into a plurality of backup subdirectories; generating a corresponding first backup strategy for each backup subdirectory, and creating a target backup list; invoking a target backup tool to perform first backup processing on the backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into corresponding backup image files and store the corresponding backup image files in an intermediate storage medium; generating a corresponding second backup strategy containing encryption rules for the backup image file; and calling the target backup tool to perform second backup processing on the backup image files according to a second backup strategy so as to encrypt a plurality of backup image files and store the encrypted backup image files in the target storage medium. Thus, the database data can be efficiently backed up to the target storage medium in the form of ciphertext.

Description

Data encryption backup method, device and server of target cluster
Technical Field
The specification belongs to the technical field of data security, and particularly relates to a data encryption backup method, device and server of a target cluster.
Background
In big data processing scenarios, database data of a distributed cluster is often relatively bulky, complex, and can mostly only be backed up into a specified storage medium by some specified backup tool software.
However, when the database data of the distributed cluster is backed up by using the existing backup tool based on the existing method, synchronous encryption backup cannot be realized, so that the backed up data has relatively high security risk.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The specification provides a data encryption backup method, device and server for a target cluster, which can efficiently backup related cluster database data into a target storage medium in a ciphertext mode, and improves the safety of backup data.
The specification provides a data encryption backup method of a target cluster, which comprises the following steps:
acquiring a target backup request; the target backup request at least carries a cluster identifier of a target cluster to which the target backup request is directed;
According to the target backup request, a target backup tool is called to acquire database data of the target cluster through a corresponding data interface, and the database data of the target cluster is split into a plurality of backup subdirectories;
generating corresponding first backup strategies for the plurality of backup subdirectories respectively; creating a corresponding target backup list; wherein, the target backup list at least comprises: cluster identification of the target cluster, a first backup strategy and backup catalog information;
calling a target backup tool, and respectively carrying out corresponding first backup processing on the plurality of backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the corresponding backup image files in an intermediate storage medium;
generating corresponding second backup strategies for the backup image files respectively; writing the second backup strategy into a target backup list; the second backup strategy is an encryption backup strategy containing encryption rules;
and calling a target backup tool, and respectively carrying out corresponding second backup processing on the plurality of backup image files according to a second backup strategy so as to encrypt the plurality of backup image files and store the encrypted plurality of backup image files into a target storage medium.
In one embodiment, the target cluster includes: hadoop clusters; correspondingly, the target backup tool comprises: the NBU centralizes backup software; the backup subdirectory comprises: a Hadoop backup subdirectory; the intermediate storage medium includes: an advanced disk pool; the target storage medium includes: magnetic tape.
In one embodiment, splitting database data of a target cluster into a plurality of backup subdirectories includes:
obtaining a target directory snapshot of a target cluster;
and splitting the database data of the target cluster into a plurality of backup subdirectories according to the target directory snapshot of the target cluster and a preset first splitting rule.
In one embodiment, converting the plurality of backup subdirectories into a corresponding plurality of backup image files and storing the files in an intermediate storage medium includes:
converting a current backup subdirectory in the plurality of backup subdirectories into a corresponding current backup image file and storing the corresponding current backup image file in an intermediate storage medium according to the following mode:
converting the current backup subdirectory into a corresponding current backup image file;
splitting the current backup image file into a plurality of current backup image subfiles according to a preset second splitting rule; determining and marking the file name of the current backup mirror image subfile according to a preset naming rule; wherein, the current plurality of backup image sub-files at least comprise two backup image header files and two backup image segment files;
And replacing the current backup image files with the plurality of current backup image subfiles to store the current backup image files in the intermediate storage medium.
In one embodiment, after the target backup tool is invoked, and corresponding first backup processing is performed on the plurality of backup subdirectories according to the first backup policy, so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the plurality of backup image files in the intermediate storage medium, the method further includes:
acquiring storage information of a backup image file based on an intermediate storage medium and a file identification of the backup image file;
writing the storage information and the file identification of the backup image file into an intermediate list of backup information of the backup image file of which the intermediate storage medium is identified in a target backup list;
obtaining backup thread numbers corresponding to the first backup processing of each backup subdirectory by the target backup tool;
and the backup thread numbers are written into a target backup list.
In one embodiment, determining the file name of the current backup image subfile according to a preset naming rule includes:
determining generation time information, file type identification, file content identification of the current backup image sub-file and file connection identification of the current backup image sub-file based on the current backup image file;
Acquiring a file identifier of a current backup image file;
and sequentially splicing the file identification of the current backup image file, the generation time information of the current backup image sub-file, the file type identification, the file content identification and the file connection identification to obtain the file name of the corresponding current backup image sub-file.
In one embodiment, generating corresponding second backup policies for the plurality of backup image files, respectively, includes:
generating a corresponding second backup policy for a current backup image file of the plurality of backup image files in the following manner:
inquiring a target backup list, and acquiring content keywords of the current backup image file according to the backup catalog information and the file name of the current backup image file;
determining the confidentiality level of the current backup image file according to the content keywords of the current backup image file;
screening out matched encryption rules according to the confidentiality level of the current backup image file; and generating a corresponding second backup strategy according to the encryption rule.
In one embodiment, when the target backup tool is invoked, and corresponding second backup processing is performed on the plurality of backup image files according to the second backup policy, the method further includes:
Collecting processing feedback prompt information in the second backup processing process;
monitoring whether the second backup processing process is abnormal or not according to the processing feedback prompt information;
under the condition that the second backup processing process is abnormal, an abnormal backup image file with the abnormality is determined; determining the abnormal type according to the processing feedback prompt information;
according to the anomaly type, determining a matched target anomaly processing rule from a preset anomaly processing rule set;
and calling a target backup tool, and performing exception handling related to the exception backup mirror image file according to the target exception handling rule.
In one embodiment, after the target backup tool is invoked, and corresponding second backup processing is performed on the plurality of backup image files according to a second backup policy, so that the plurality of backup image files are stored in the target storage medium after being encrypted, the method further includes:
generating a backup processing result about the backup image file; writing the backup processing result into a target backup list;
correspondingly, the method further comprises the steps of:
detecting whether an out-of-date file exists in a backup image file currently stored in an intermediate storage medium according to the backup time in a target backup list at intervals of a preset time period;
Under the condition that the existence of the over-period file is determined, detecting whether the over-period file meets the deletion requirement according to the backup processing result in the target backup list;
in the event that it is determined that the deletion requirement is satisfied, the over-run file is deleted from the intermediate storage medium.
In one embodiment, the method further comprises:
receiving a target recovery request; the target recovery request at least carries a cluster identifier of a target cluster to be subjected to data recovery;
inquiring and determining corresponding backup catalog information, a first backup strategy and a second backup strategy according to the cluster identification of the target cluster and the corresponding target backup list;
inquiring and determining a corresponding target encrypted backup file in a target storage medium according to a second backup strategy and a historical backup record of a target backup tool;
according to a second backup strategy, carrying out corresponding second backup inverse processing on the target encrypted backup file so as to store a plurality of backup image files obtained by decryption into an intermediate storage medium;
importing a plurality of backup image files in the intermediate storage medium; identifying the plurality of backup image files according to the importing results to obtain corresponding identification results;
And according to the target backup list and the identification result, calling a target backup tool to restore the corresponding database data to the target cluster according to the first backup strategy.
In one embodiment, after invoking the target backup tool to perform exception handling associated with the exception backup image file according to the target exception handling rules, the method further comprises:
collecting processing feedback prompt information about an abnormal backup mirror image file after abnormal processing;
detecting whether the abnormal backup image file is successfully processed according to the processing feedback prompt information;
generating an abnormal alarm prompt about the abnormal backup image file under the condition that the abnormal backup image file processing fails; and sending the abnormality alert prompt to the user terminal.
In one embodiment, after the target backup tool is invoked, and corresponding first backup processing is performed on the plurality of backup subdirectories according to the first backup policy, so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the plurality of backup image files in the intermediate storage medium, the method further includes:
inquiring a target backup list, and detecting whether the backup image file accords with a confidentiality condition according to backup catalog information and the file name of the current backup image file;
And under the condition that the backup image file meets the confidentiality condition, carrying out corresponding encryption processing on the backup image file stored in the intermediate storage medium.
The specification also provides a data encryption backup device of the target cluster, which comprises:
the acquisition module is used for acquiring the target backup request; the target backup request at least carries a cluster identifier of a target cluster to which the target backup request is directed;
the splitting module is used for calling the target backup tool to acquire the database data of the target cluster through the corresponding data interface according to the target backup request and splitting the database data of the target cluster into a plurality of backup subdirectories;
the first generation module is used for respectively generating corresponding first backup strategies for the plurality of backup subdirectories; creating a corresponding target backup list; wherein, the target backup list at least comprises: cluster identification of the target cluster, a first backup strategy and backup catalog information;
the first processing module is used for calling the target backup tool, and respectively carrying out corresponding first backup processing on the plurality of backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the corresponding backup image files in the intermediate storage medium;
The second generation module is used for respectively generating corresponding second backup strategies for the plurality of backup image files; writing the second backup strategy into a target backup list; the second backup strategy is an encryption backup strategy containing encryption rules;
and the second processing module is used for calling the target backup tool, and respectively carrying out corresponding second backup processing on the plurality of backup image files according to a second backup strategy so as to encrypt the plurality of backup image files and store the encrypted plurality of backup image files into the target storage medium.
The present specification also provides a server comprising a processor and a memory for storing processor-executable instructions that when executed by the processor implement the steps associated with a data encryption backup method for the target cluster.
The present specification also provides a computer readable storage medium having stored thereon computer instructions which when executed by a processor perform the steps of: acquiring a target backup request; the target backup request at least carries a cluster identifier of a target cluster to which the target backup request is directed; according to the target backup request, a target backup tool is called to acquire database data of the target cluster through a corresponding data interface, and the database data of the target cluster is split into a plurality of backup subdirectories; generating corresponding first backup strategies for the plurality of backup subdirectories respectively; creating a corresponding target backup list; wherein, the target backup list at least comprises: cluster identification of the target cluster, a first backup strategy and backup catalog information; calling a target backup tool, and respectively carrying out corresponding first backup processing on the plurality of backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the corresponding backup image files in an intermediate storage medium; generating corresponding second backup strategies for the backup image files respectively; writing the second backup strategy into a target backup list; the second backup strategy is an encryption backup strategy containing encryption rules; and calling a target backup tool, and respectively carrying out corresponding second backup processing on the plurality of backup image files according to a second backup strategy so as to encrypt the plurality of backup image files and store the encrypted plurality of backup image files into a target storage medium.
According to the data encryption backup method, device and server for the target cluster, when the target backup tool is utilized to backup the database data of the target cluster, the database data of the target cluster can be split into a plurality of backup subdirectories with relatively small data volume and relatively simple structure; generating a corresponding first backup strategy for each backup subdirectory, and creating a target backup list; invoking a target backup tool to perform first backup processing on the backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the corresponding backup image files in an intermediate storage medium; generating a corresponding second backup strategy containing encryption rules for the backup image file; and the characteristics of the image files and the existing functions of the target backup tool can be effectively utilized, and the target backup tool is called to perform a second backup process related to synchronous encryption on the backup image files according to a second backup strategy so as to encrypt a plurality of backup image files and store the encrypted backup image files in a target storage medium. Therefore, the cluster characteristics of the target clusters and the existing functions of the target backup tool can be effectively utilized, the database data of the target clusters with larger data quantity and more complex structure can be synchronously encrypted and backed up to the target storage medium in a ciphertext mode for storage under the premise of not additionally modifying the target backup tool, the backup data is prevented from being leaked, and the safety of the backup data is improved.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure, the drawings that are required for the embodiments will be briefly described below, and the drawings described below are only some embodiments described in the present disclosure, and other drawings may be obtained according to these drawings without inventive effort for a person of ordinary skill in the art.
FIG. 1 is a flowchart of a method for encrypting and backing up data of a target cluster according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of one embodiment of a data encryption backup method for a target cluster according to the embodiments of the present disclosure, in one example scenario;
FIG. 3 is a schematic diagram of one embodiment of a data encryption backup method for a target cluster according to the embodiments of the present disclosure, in one example scenario;
FIG. 4 is a schematic diagram of one embodiment of a data encryption backup method for a target cluster according to the embodiments of the present disclosure, in one example scenario;
FIG. 5 is a schematic diagram of one embodiment of a data encryption backup method for a target cluster according to the embodiments of the present disclosure, in one scenario example;
FIG. 6 is a schematic diagram of one embodiment of a data encryption backup method for a target cluster according to embodiments of the present disclosure, in one example scenario;
FIG. 7 is a schematic diagram of one embodiment of a data encryption backup method for a target cluster according to embodiments of the present disclosure, in one example scenario;
FIG. 8 is a schematic diagram of the structural composition of a server provided in one embodiment of the present disclosure;
FIG. 9 is a schematic structural diagram of a data encryption backup device for a target cluster according to an embodiment of the present disclosure;
fig. 10 is a schematic diagram of an embodiment of a data encryption backup method of a target cluster according to the embodiment of the present disclosure, in an example of a scenario.
Detailed Description
In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.
Referring to fig. 1, an embodiment of the present disclosure provides a data encryption backup method for a target cluster. The method can be applied to a server side. In particular implementations, the method may include the following:
S101: acquiring a target backup request; the target backup request at least carries a cluster identifier of a target cluster to which the target backup request is directed;
s102: according to the target backup request, a target backup tool is called to acquire database data of the target cluster through a corresponding data interface, and the database data of the target cluster is split into a plurality of backup subdirectories;
s103: generating corresponding first backup strategies for the plurality of backup subdirectories respectively; creating a corresponding target backup list; wherein, the target backup list at least comprises: cluster identification of the target cluster, a first backup strategy and backup catalog information;
s104: calling a target backup tool, and respectively carrying out corresponding first backup processing on the plurality of backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the corresponding backup image files in an intermediate storage medium;
s105: generating corresponding second backup strategies for the backup image files respectively; writing the second backup strategy into a target backup list; the second backup strategy is an encryption backup strategy containing encryption rules;
s106: and calling a target backup tool, and respectively carrying out corresponding second backup processing on the plurality of backup image files according to a second backup strategy so as to encrypt the plurality of backup image files and store the encrypted plurality of backup image files into a target storage medium.
The target backup list is specifically configured to store a cluster identifier of a target cluster, attribute parameters (such as backup time, backup directory information, backup thread number, backup image file identifier, etc.) related to the encryption backup, a rule policy (such as a first backup policy, a second backup policy, etc.) used in the encryption backup process, and the like.
Based on the embodiment, the server can respond to the target backup request, and can efficiently encrypt and backup the database data of the target cluster in a ciphertext mode to the target storage medium for storage on the premise of not additionally modifying the target backup tool by effectively utilizing the cluster characteristics of the target cluster and the existing functions of the target backup tool, so that the backup data is prevented from being leaked, and the safety of the backup data is improved.
In some embodiments, the target cluster may be a distributed cluster in a big data processing scenario. Specifically, the target cluster may be a transaction data processing system cluster of a financial transaction service platform based on a distributed architecture, for example, a Hadoop cluster responsible for background transaction data processing. Accordingly, the database of the target cluster may be a distributed database, for example, a Hadoop database.
The Hadoop cluster may specifically be a distributed system composed of a plurality of computer devices, where the plurality of computer devices cooperate to implement storage and processing of a large-scale data set.
Specifically, the Hadoop cluster is based on an Apache Hadoop software framework and comprises two core components: hadoop Distributed File System (HDFS) and Hadoop distributed computing framework (MapReduce). Among other things, hadoop Distributed File System (HDFS), which may refer to a reliable and highly scalable file system, is intended to store large data sets and to provide a method of data access and processing. Further, the HDFS may divide the data into blocks and store each block separately on different nodes in the cluster to achieve redundancy backup and fault tolerance of the data. HDFS may also provide a high degree of scalability because it may easily add new nodes to extend storage capacity. Hadoop distributed computing framework (MapReduce), which may refer specifically to a programming model and software framework for processing and analyzing large data sets. Further, mapReduce may enable parallel computation by dividing tasks into small blocks and assigning to different nodes in the cluster; and each node processes tasks on its local computer and finally merges the results into a complete result set. MapReduce may also provide an easy-to-use programming model that allows users to write parallel computing tasks using common programming languages (e.g., java) without having to know the complexity of the distributed system in depth. In summary, the advantages of the Hadoop clusters described above may include high reliability, high scalability, and cost effectiveness. Large-scale data sets can be better processed based on the Hadoop clusters described above, and a powerful distributed computing framework is provided for analyzing and processing these data sets.
The Hadoop database may be specifically understood as a distributed database corresponding to the Hadoop cluster.
Specifically, referring to fig. 2, the data encryption backup method of the target cluster may be specifically applied to a server side.
In implementation, when a user (e.g., a staff member of a financial transaction service platform) determines that a target cluster responsible for transaction data processing of a background of the platform meets a backup condition (e.g., a time interval from a current backup is detected to be greater than a preset duration threshold value, or a data volume of a database of the current target cluster is detected to be greater than a preset data volume threshold value), a target backup request carrying at least a cluster identifier of the target cluster can be generated and initiated to the server by using a held user terminal.
The server may specifically include a background server capable of implementing functions such as data transmission and data processing. Specifically, the server may be, for example, an electronic device having data operation, storage function and network interaction function. Alternatively, the server may be a software program running in the electronic device that provides support for data processing, storage, and network interactions. In the present embodiment, the number of servers is not particularly limited. The server may be one server, several servers, or a server cluster formed by several servers.
The user terminal specifically may include a front end applied to a user side and capable of implementing functions such as data acquisition and data transmission. Specifically, the user terminal may be, for example, an electronic device such as a desktop computer, a tablet computer, a notebook computer, a smart phone, and the like. Alternatively, the user terminal may be a software application capable of running in the electronic device. For example, it may be some backup client running on a desktop computer, etc.
When the method is implemented, after a server receives a target backup request, a cluster identifier of a target cluster can be obtained through analysis and extraction; and determining a database of the target cluster according to the cluster identification of the target cluster, and acquiring the total database data.
Considering that the data volume of the total database data is too huge, the server can split the database data into a plurality of backup subdirectories according to the storage structure and/or storage content of the database, so as to facilitate subsequent processing.
In addition, according to the Hadoop cluster, the matched NBU centralized backup software is used as a target backup tool for backup processing. The NBU (Veritas NetBackup) is specifically understood to be a backup software at the enterprise level.
However, the database data based on Hadoop cannot be directly encrypted by the concentrated backup software based on the NBU; in addition, there is often some variability in the data content, data structure, etc. of the different backup subdirectories.
Based on the above consideration, first, the server may generate corresponding first backup policies for each backup subdirectory that do not involve encryption, respectively; meanwhile, a target backup list corresponding to the target cluster is created based on the first backup list. Furthermore, the server may invoke the NBU centralized backup software to perform corresponding first backup processing on the plurality of backup subdirectories according to the first backup policy, where the first backup processing does not involve encryption. The method can effectively distinguish and utilize the difference characteristics of different backup subdirectories data to perform targeted backup processing so as to convert the backup subdirectories into backup image files which can be encrypted by the NBU centralized backup software while respectively backing up the backup subdirectories to an intermediate storage medium (such as an advanced disk pool).
Then, the server can respectively generate corresponding second backup strategies related to encryption for each backup image file according to the confidentiality grade of each backup image file in the intermediate storage medium; and simultaneously, writing the second backup strategy into the target backup list. Furthermore, the server may call the NBU centralized backup software, and perform corresponding second backup processing involving encryption on the plurality of backup subdirectories according to the second backup policy, respectively. Therefore, the data confidentiality requirements of different backup image files can be effectively distinguished and utilized, and targeted backup processing is performed, so that the backup image files are respectively backed up to a target storage medium (e.g. tape) and simultaneously matched with encryption processing, and the backup files which are finally backed up and stored in the target storage medium are encrypted backup files. Therefore, the leakage of the database data of the target cluster backed up to the target storage medium can be effectively avoided, and the safety of the backup data is improved.
In addition, when the database data of the target cluster needs to be restored later, the server can call the NBU centralized backup tool to sequentially perform corresponding processing according to the second backup strategy and the first backup strategy according to the target backup list, so that the corresponding database data is efficiently restored to the target cluster.
In some embodiments, the target cluster may specifically include: hadoop clusters; correspondingly, the target backup tool may specifically include: the NBU centralizes backup software; the backup subdirectory may specifically include: a Hadoop backup subdirectory; the intermediate storage medium may specifically include: an advanced disk pool; the target storage medium may specifically include: magnetic tape.
Based on the embodiment, the database data based on the Hadoop cluster can be processed in a targeted manner by adopting a corresponding target backup tool in a targeted manner, so that the database data is finally and efficiently encrypted and then backed up in a target storage medium.
The advanced disk pool has the advantage of high reading and writing efficiency. Magnetic tape has the advantage of being suitable for storing vast amounts of data.
In some embodiments, the target backup request may specifically be generated by the user terminal and sent to the server when it is determined that the target cluster meets the backup condition; the method can also be initiated automatically by the server under the condition that the target cluster is determined to meet the backup condition.
In some embodiments, the splitting the database data of the target cluster into the plurality of backup subdirectories may include the following when implemented:
s1: obtaining a target directory snapshot of a target cluster;
s2: and splitting the database data of the target cluster into a plurality of backup subdirectories according to the target directory snapshot of the target cluster and a preset first splitting rule.
Based on the above embodiment, the database data of the target cluster, which has larger original data size, more complex data structure and higher processing difficulty, can be split into a plurality of backup subdirectories with smaller data size and simpler data structure according to the target catalog snapshot and the preset first splitting rule, so as to reduce the subsequent processing difficulty, and further complete the related encryption backup processing relatively more efficiently and smoothly.
In the implementation process, the server can determine the storage structure and/or the storage content of the data in the target cluster database according to the target directory snapshot of the target cluster; splitting data with storage structures and/or storage content similarity greater than a preset similarity threshold value in a database into a backup subdirectory according to a preset first splitting rule; meanwhile, the storage position information of the data in the backup subdirectory based on the original database is also recorded in the backup subdirectory. The data contained in the backup subdirectory may then be restored to the original database based on the storage location information of the original database based on the data in the backup subdirectory. The storage structure may specifically include: chain storage structure, sequential storage structure, etc. The storage content may specifically include: transaction amount, transaction medium, transaction description, transaction account, etc.
Further, the server may generate a first backup policy for the data structure and/or data content of the data contained in the respective backup sub-directory that matches the data in the backup sub-directory.
Meanwhile, the server can firstly create a target backup list which at least contains the cluster identification of the target cluster aiming at the target cluster; then, the target directory snapshot and a first splitting result of splitting the backup subdirectory based on a preset first splitting rule are arranged into backup directory information, and the backup directory information is written into a target backup list; and writing the generated first backup strategy and the corresponding relation between the first backup strategy and the split backup subdirectory into the target backup list.
In some embodiments, during implementation, the server may call the target backup tool, determine and sequentially perform corresponding first backup processing on the plurality of backup subdirectories according to the corresponding first backup policy by querying the target backup list, so as to convert the plurality of backup subdirectories into corresponding backup image files, and store the corresponding backup image files in the intermediate storage medium.
In some embodiments, referring to fig. 3, the converting the plurality of backup subdirectories into the corresponding plurality of backup image files and storing the corresponding plurality of backup image files in the intermediate storage medium may include: converting a current backup subdirectory in the plurality of backup subdirectories into a corresponding current backup image file and storing the corresponding current backup image file in an intermediate storage medium according to the following mode:
S1: converting the current backup subdirectory into a corresponding current backup image file;
s2: splitting the current backup image file into a plurality of current backup image subfiles according to a preset second splitting rule; determining and marking the file name of the current backup mirror image subfile according to a preset naming rule; wherein, the current plurality of backup image sub-files at least comprise two backup image header files and two backup image segment files;
s3: and replacing the current backup image files with the plurality of current backup image subfiles to store the current backup image files in the intermediate storage medium.
Based on the embodiment, the server can further split the backup image file with relatively larger data volume into a plurality of backup image subfiles with relatively smaller data volume, so that the specific read-write operation can be performed on the file more efficiently and conveniently later, and the overall processing efficiency is improved.
In specific implementation, the intermediate storage medium may specifically include a storage medium with relatively high read-write efficiency and a certain security. In particular, the intermediate storage medium may be an advanced disk pool based on a secure environment.
In the implementation, the server can combine the file structure of the current backup image file according to a preset second splitting rule, and firstly determine and split a total of two backup image header files positioned at two ends in the current backup image file; then the rest image files are segmented and split in sequence to obtain at least two backup image segmented files; and then storing the combination of the plurality of current backup image sub-files comprising at least two backup image header files and two backup image segment files into an intermediate storage medium instead of the current backup image files. When the backup image file needs to be used later, the server can read the backup image sub-files respectively and then restore the original complete backup image file through combination.
In some embodiments, referring to fig. 4, after the target backup tool is invoked and the corresponding first backup processing is performed on the plurality of backup subdirectories according to the first backup policy, so as to convert the plurality of backup subdirectories into the corresponding plurality of backup image files and store the plurality of backup image files in the intermediate storage medium, when the method is implemented, the method may further include:
s1: acquiring storage information of a backup image file based on an intermediate storage medium and a file identification of the backup image file;
S2: writing the storage information and the file identification of the backup image file into an intermediate list of backup information of the backup image file of which the intermediate storage medium is identified in a target backup list;
s3: obtaining backup thread numbers corresponding to the first backup processing of each backup subdirectory by the target backup tool;
s4: and the backup thread numbers are written into a target backup list.
Based on the above embodiment, the storage information of the backup image file based on the intermediate storage medium, the file identification of the backup image file, and the backup thread number can be further obtained, and the data is written into the target backup list, so that the target backup list with relatively more detailed and complete reference value and relatively higher reference value can be obtained.
Specifically, for each backup subdirectory, the target backup tool performs corresponding first backup processing through a backup thread to obtain a corresponding backup image file. Correspondingly, each backup image file corresponds to one backup thread; that is, the file identifier of each backup image file has a corresponding relationship with the backup thread number of one backup thread. In the implementation, the server may also write the corresponding relationship into the target backup list together.
In some embodiments, referring to fig. 5, the determining the file name of the current backup image sub-file according to the preset naming rule may include the following when implemented:
s1: determining generation time information, file type identification, file content identification of the current backup image sub-file and file connection identification of the current backup image sub-file based on the current backup image file;
s2: acquiring a file identifier of a current backup image file;
s3: and sequentially splicing the file identification of the current backup image file, the generation time information of the current backup image sub-file, the file type identification, the file content identification and the file connection identification to obtain the file name of the corresponding current backup image sub-file.
Based on the embodiment, the current backup mirror image sub-files can be accurately named and marked according to the preset naming rule, so that the sub-files belonging to the same backup mirror image file and the combined connection relationship among different sub-files belonging to the same backup mirror image file can be timely and accurately searched and determined according to the file names of the backup mirror image sub-files later; meanwhile, the method can obtain the relevant information such as the file type, the file content and the like of each sub-file relatively conveniently and efficiently, and improves the processing efficiency in the process of processing the follow-up relevant data.
In implementation, for a backup image header file in the current backup image subfile, the backup image header file may be named as follows: file identification of current backup image file + file connection identification of current backup image file (e.g., characterizing header at head end: c1_hdr 1) +generation time + file type (e.g., doc or pdf) +file content. Similarly, for one backup image segment file in the current backup image subfile, the following may be named: file identification of current backup image file + file connection identification of current backup image file (e.g., characterizing the second sorted segmented file of segmented files: c1.f2) +generation time + file type (e.g., doc or pdf) +file content.
In some embodiments, referring to fig. 6, the generating the corresponding second backup policy for each of the plurality of backup image files may specifically include: generating a corresponding second backup policy for a current backup image file of the plurality of backup image files in the following manner:
s1: inquiring a target backup list, and acquiring content keywords of the current backup image file according to the backup catalog information and the file name of the current backup image file;
S2: determining the confidentiality level of the current backup image file according to the content keywords of the current backup image file;
s3: screening out matched encryption rules according to the confidentiality level of the current backup image file; and generating a corresponding second backup strategy according to the encryption rule.
Based on the above embodiment, the second backup policy related to encryption can be determined according to the security level of the current backup image file, so that the backup image files in different situations can be effectively distinguished according to the corresponding second backup policy, and the second backup processing related to encryption can be performed in a relatively suitable manner.
When the method is implemented, under the condition that a plurality of current backup image sub-files are stored in the intermediate storage medium to replace the current backup image files, the sub-files of a plurality of backup image files belonging to the same backup image file can be obtained and screened according to the file identifications of the backup image files in the file names of the sub-files; sequentially combining and connecting a plurality of subfiles according to file connection identifiers in file names of the subfiles to obtain a complete backup image file; and then carrying out similar item sum on the file names of the plurality of sub-files to obtain the file name aiming at the backup image file.
In the implementation, the server can search the backup target information and the file name of the current backup image file through the target backup list, and extract and obtain the file content information about the current backup image; and carrying out semantic recognition on the file content information to obtain corresponding content keywords.
In the specific implementation, a preset security level list can be queried according to the content keywords; and determining the corresponding security level according to the query result. For example, based on the query results, a higher security level may be determined when it is determined that the file content relates to relatively sensitive privacy information, such as a user's transaction account, transaction credentials, and the like. In contrast, according to the query result, when it is determined that the file content relates only to relatively more conventional information such as transaction medium, transaction time of the user, etc., it can be determined to have a lower security level.
And then matching is carried out in a preset encryption rule set according to the security level so as to determine the matched encryption rule. The preset encryption rule set may include a plurality of preset encryption rules (or called preset encryption algorithms). Different preset encryption rules adopt different encryption mechanisms, and the implementation complexity and the security can be different when the application is implemented. The higher the complexity is, the more complicated the processing procedure is, the higher the security is. In contrast, the lower the implementation complexity, the simpler the processing procedure, the lower the security of the preset encryption rule.
In specific implementation, a hierarchical ordering list based on security related to the preset encryption rule is also stored in the preset encryption rule set; wherein each level in the hierarchical ordered list corresponds to a security level. In particular, the encryption rule matching the security level may be determined by querying the hierarchical ordered list.
In specific implementation, a second backup strategy which has relatively stronger pertinence and relates to encryption can be generated according to the matched encryption rule and simultaneously combining the data format and/or the data content of the current backup image file.
In some embodiments, during implementation, the server may call the target backup tool, determine and sequentially perform corresponding second backup processing on the plurality of backup image files according to the corresponding second backup policy by querying the target backup list, so as to encrypt the plurality of backup image files into corresponding encrypted backup files, and store the encrypted backup files in the target storage medium, thereby completing backup.
In some embodiments, when the target backup tool is invoked and the corresponding second backup processing process is performed on the plurality of backup image files according to the second backup policy, the method may further include the following steps when implemented:
S1: collecting processing feedback prompt information in the second backup processing process;
s2: monitoring whether the second backup processing process is abnormal or not according to the processing feedback prompt information;
s3: under the condition that the second backup processing process is abnormal, an abnormal backup image file with the abnormality is determined; determining the abnormal type according to the processing feedback prompt information;
s4: according to the anomaly type, determining a matched target anomaly processing rule from a preset anomaly processing rule set;
s5: and calling a target backup tool, and performing exception handling related to the exception backup mirror image file according to the target exception handling rule.
Based on the above embodiment, the server may further monitor the processing procedure of the second backup processing in real time, and when an abnormality is monitored, determine and adopt a matched target abnormality processing rule in a targeted manner, perform a corresponding abnormality processing, and eliminate the abnormality in time, and successfully utilize the target backup tool to encrypt and backup the backup image file into the target storage medium.
Before the implementation, a large number of historical backup processing records can be collected first, and historical backup exception processing records can be screened out from the historical backup processing records; the history backup exception handling record at least carries corresponding history handling feedback prompt information; dividing the historical backup exception handling record into a plurality of data sets according to the historical feedback prompt information; wherein each data set corresponds to an exception type; the abnormal type is determined according to the historical feedback prompt information; and clustering the plurality of data groups to obtain preset exception handling rules corresponding to the corresponding exception types, so as to establish and obtain the preset exception handling rule set.
In the implementation, for example, according to the processing feedback prompt information, in the case that the abnormality type is determined to be that the target storage medium is disconnected, according to the target abnormality processing rule, the server may first determine the standby storage medium as the updated target storage medium; establishing data connection with the updated target storage medium through the related data interface of the target backup tool; and calling the target backup tool, and carrying out corresponding second backup processing on the abnormal backup image file again based on the data connection according to the second backup strategy.
In some embodiments, after the target backup tool is invoked and the corresponding second backup processing is performed on the plurality of backup image files according to the second backup policy, so that the plurality of backup image files are encrypted and stored in the target storage medium, when the method is implemented, the method may further include the following steps:
generating a backup processing result about the backup image file; writing the backup processing result into a target backup list;
correspondingly, when the method is implemented, the method can further comprise the following steps:
s1: detecting whether an out-of-date file exists in a backup image file currently stored in an intermediate storage medium according to the backup time in a target backup list at intervals of a preset time period;
S2: under the condition that the existence of the over-period file is determined, detecting whether the over-period file meets the deletion requirement according to the backup processing result in the target backup list;
s3: in the event that it is determined that the deletion requirement is satisfied, the over-run file is deleted from the intermediate storage medium.
Based on the above embodiment, the server may detect and delete the out-of-date file meeting the deletion requirement in the intermediate storage medium at regular intervals for a preset period of time, so as to reduce the occupation and consumption of storage resources of the intermediate storage medium.
It should be noted that, the backup image files stored in the intermediate storage medium are often not deleted directly in a short time, so as to ensure that the second backup process can be performed again by using the backup image files in the intermediate storage medium or detect and verify the target backup files backed up into the target storage medium in time when the second backup process is performed and after the second backup process is completed.
When the method is implemented, after the second backup processing is performed, the server can generate a backup processing result about whether the second backup processing is successful or not; writing the backup processing result into a target backup list, and marking a backup subdirectory corresponding to the backup processing result in the target backup list. In addition, the backup processing result may be sent to the user terminal.
In the implementation, the server may detect whether the second backup process of the out-of-date file is successful according to the backup process result, and determine that the deletion requirement is satisfied if the second backup process is determined to be successful.
Further, if the server determines that the file is successful, the server can also detect whether the file content of the over-period file relates to the key service data according to the file name of the over-period file and the backup directory information corresponding to the over-period file; in the case of determining that critical service data is involved, the server may transmit a deletion request to the user terminal regarding whether to confirm deletion of the out-of-date file; and under the condition that a deletion confirmation instruction of the user terminal for the deletion request is received, determining that the deletion requirement is met.
In some embodiments, after invoking the target backup tool and performing exception handling related to the exception backup image file according to the target exception handling rule, the method may further include, when implemented, the following:
s1: collecting processing feedback prompt information about an abnormal backup mirror image file after abnormal processing;
s2: detecting whether the abnormal backup image file is successfully processed according to the processing feedback prompt information;
S3: generating an abnormal alarm prompt about the abnormal backup image file under the condition that the abnormal backup image file processing fails; and sending the abnormality alert prompt to the user terminal.
Based on the above embodiment, when the server finds that the second backup processing of the abnormal backup image file cannot be normally implemented after attempting to perform the abnormal processing on the abnormal backup image file, the server may generate and initiate a corresponding abnormal alarm prompt to the user terminal in time, so as to request the user to manually intervene, so as to eliminate the abnormality as soon as possible.
In some embodiments, after the target backup tool is invoked and corresponding first backup processing is performed on the plurality of backup subdirectories according to the first backup policy, so that the plurality of backup subdirectories are converted into corresponding plurality of backup image files and then stored in the intermediate storage medium, when the method is implemented, the method may further include the following:
s1: inquiring a target backup list, and detecting whether the backup image file accords with a confidentiality condition according to backup catalog information and the file name of the current backup image file;
s2: and under the condition that the backup image file meets the confidentiality condition, carrying out corresponding encryption processing on the backup image file stored in the intermediate storage medium.
Based on the embodiment, the server can distinguish the importance degree of different backup image files in the intermediate storage medium, and encrypt the backup image files which are important and have higher security level and meet the security condition, so as to avoid the backup image files in the intermediate storage medium from being leaked, and further improve the security of the backup data.
In the implementation, the server can determine the confidentiality level of the backup image file according to the backup catalog information and the file name of the current backup image file; detecting whether the confidentiality level of the backup image file is greater than a preset threshold level; and under the condition that the confidentiality level of the backup image file is higher than a preset threshold level, determining that the confidentiality condition is met.
In some embodiments, referring to fig. 7, when the method is implemented, the following may further be included:
s1: receiving a target recovery request; the target recovery request at least carries a cluster identifier of a target cluster to be subjected to data recovery;
s2: inquiring and determining corresponding backup catalog information, a first backup strategy and a second backup strategy according to the cluster identification of the target cluster and the corresponding target backup list;
S3: inquiring and determining a corresponding target encrypted backup file in a target storage medium according to a second backup strategy and a historical backup record of a target backup tool;
s4: according to a second backup strategy, carrying out corresponding second backup inverse processing on the target encrypted backup file so as to store a plurality of backup image files obtained by decryption into an intermediate storage medium;
s5: importing a plurality of backup image files in the intermediate storage medium; identifying the plurality of backup image files according to the importing results to obtain corresponding identification results;
s6: and according to the target backup list and the identification result, calling a target backup tool to restore the corresponding database data to the target cluster according to the first backup strategy.
Based on the above embodiment, the server may respond to the target restoration request, and accurately and efficiently restore the corresponding database data to the target cluster according to the second backup policy and the first backup policy by querying and using the corresponding target backup list.
When the method is implemented, the user terminal can generate a corresponding target recovery request under the condition that the database data of the target cluster is lost due to the fact that the target cluster is detected to be faulty; and sends the target recovery request to the server.
From the above, according to the data encryption backup method of the target cluster provided by the embodiment of the present disclosure, when the database data of the target cluster is backed up by using the target backup tool, the database data of the target cluster may be split into a plurality of backup subdirectories; generating a corresponding first backup strategy for each backup subdirectory, and creating a target backup list; invoking a target backup tool to perform first backup processing on the backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the corresponding backup image files in an intermediate storage medium; generating a corresponding second backup strategy containing encryption rules for the backup image file; and calling a target backup tool to perform second backup processing on the backup image files according to a second backup strategy by utilizing the characteristics of the image files so as to encrypt a plurality of backup image files and store the encrypted backup image files in a target storage medium. Therefore, the cluster characteristics of the target cluster and the existing functions of the target backup tool can be effectively utilized, the database data of the target cluster can be efficiently backed up to the target storage medium for storage in the form of ciphertext without additionally modifying the target backup tool, the backup data is prevented from being leaked, and the safety of the backup data is improved.
The embodiment of the present disclosure further provides a server, and is shown in fig. 8. The server includes a network communication port 801, a processor 802, and a memory 803, which are connected by an internal cable, so that each structure may perform specific data interaction.
The network communication port 801 may be specifically configured to obtain a target backup request; the target backup request at least carries a cluster identifier of the target cluster.
The processor 802 may be specifically configured to call a target backup tool to obtain database data of a target cluster through a corresponding data interface according to a target backup request, and split the database data of the target cluster into a plurality of backup subdirectories; generating corresponding first backup strategies for the plurality of backup subdirectories respectively; creating a corresponding target backup list; wherein, the target backup list at least comprises: cluster identification of the target cluster, a first backup strategy and backup catalog information; calling a target backup tool, and respectively carrying out corresponding first backup processing on the plurality of backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the corresponding backup image files in an intermediate storage medium; generating corresponding second backup strategies for the backup image files respectively; writing the second backup strategy into a target backup list; the second backup strategy is an encryption backup strategy containing encryption rules; and calling a target backup tool, and respectively carrying out corresponding second backup processing on the plurality of backup image files according to a second backup strategy so as to encrypt the plurality of backup image files and store the encrypted plurality of backup image files into a target storage medium.
The memory 803 may be used for storing a corresponding program of instructions.
In this embodiment, the network communication port 801 may be a virtual port that binds with different communication protocols, so that different data may be sent or received. For example, the network communication port may be a port responsible for performing web data communication, a port responsible for performing FTP data communication, or a port responsible for performing mail data communication. The network communication port may also be an entity's communication interface or a communication chip. For example, it may be a wireless mobile network communication chip, such as GSM, CDMA, etc.; it may also be a Wifi chip; it may also be a bluetooth chip.
In this embodiment, the processor 802 may be implemented in any suitable manner. For example, the processor may take the form of, for example, a microprocessor or processor, and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a programmable logic controller, and an embedded microcontroller, among others. The description is not intended to be limiting.
In this embodiment, the memory 803 may include a plurality of layers, and in a digital system, the memory may be any memory as long as it can hold binary data; in an integrated circuit, a circuit with a memory function without a physical form is also called a memory, such as a RAM, a FIFO, etc.; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card, and the like.
The embodiments of the present specification also provide a computer readable storage medium based on the above-mentioned data encryption backup method of a target cluster, where the computer readable storage medium stores computer program instructions that when executed implement: acquiring a target backup request; the target backup request at least carries a cluster identifier of a target cluster to which the target backup request is directed; according to the target backup request, a target backup tool is called to acquire database data of the target cluster through a corresponding data interface, and the database data of the target cluster is split into a plurality of backup subdirectories; generating corresponding first backup strategies for the plurality of backup subdirectories respectively; creating a corresponding target backup list; wherein, the target backup list at least comprises: cluster identification of the target cluster, a first backup strategy and backup catalog information; calling a target backup tool, and respectively carrying out corresponding first backup processing on the plurality of backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the corresponding backup image files in an intermediate storage medium; generating corresponding second backup strategies for the backup image files respectively; writing the second backup strategy into a target backup list; the second backup strategy is an encryption backup strategy containing encryption rules; and calling a target backup tool, and respectively carrying out corresponding second backup processing on the plurality of backup image files according to a second backup strategy so as to encrypt the plurality of backup image files and store the encrypted plurality of backup image files into a target storage medium.
In the present embodiment, the storage medium includes, but is not limited to, a random access Memory (Random Access Memory, RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk (HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.
In this embodiment, the functions and effects of the program instructions stored in the computer readable storage medium may be explained in comparison with other embodiments, and are not described herein.
Referring to fig. 9, on a software level, the embodiment of the present disclosure further provides a data encryption backup device for a target cluster, where the device may specifically include the following structural modules:
the acquiring module 901 may be specifically configured to acquire a target backup request; the target backup request at least carries a cluster identifier of a target cluster to which the target backup request is directed;
the splitting module 902 may be specifically configured to invoke the target backup tool to obtain database data of the target cluster through a corresponding data interface according to the target backup request, and split the database data of the target cluster into a plurality of backup subdirectories;
The first generating module 903 may be specifically configured to generate corresponding first backup policies for the plurality of backup subdirectories respectively; creating a corresponding target backup list; wherein, the target backup list at least comprises: cluster identification of the target cluster, a first backup strategy and backup catalog information;
the first processing module 904 may be specifically configured to invoke the target backup tool, and perform corresponding first backup processing on the plurality of backup subdirectories according to a first backup policy, so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files, and store the plurality of backup image files in the intermediate storage medium;
the second generating module 905 may be specifically configured to generate corresponding second backup policies for the plurality of backup image files respectively; writing the second backup strategy into a target backup list; the second backup strategy is an encryption backup strategy containing encryption rules;
the second processing module 906 may be specifically configured to invoke the target backup tool, and perform corresponding second backup processing on the plurality of backup image files according to a second backup policy, so as to encrypt the plurality of backup image files and store the encrypted plurality of backup image files in the target storage medium.
In some embodiments, the target cluster may include: hadoop clusters; accordingly, the target backup tool may include: the NBU centralizes backup software; the backup subdirectory may include: a Hadoop backup subdirectory; the intermediate storage medium may include: an advanced disk pool; the target storage medium may include: magnetic tape.
In some embodiments, the splitting module 902 may be implemented to split the database data of the target cluster into a plurality of backup subdirectories in the following manner: obtaining a target directory snapshot of a target cluster; and splitting the database data of the target cluster into a plurality of backup subdirectories according to the target directory snapshot of the target cluster and a preset first splitting rule.
In some embodiments, when the above first processing module 904 is specifically implemented, the current backup subdirectory in the plurality of backup subdirectories may be converted into the corresponding current backup image file and stored in the intermediate storage medium in the following manner: converting the current backup subdirectory into a corresponding current backup image file; splitting the current backup image file into a plurality of current backup image subfiles according to a preset second splitting rule; determining and marking the file name of the current backup mirror image subfile according to a preset naming rule; wherein, the current plurality of backup image sub-files at least comprise two backup image header files and two backup image segment files; and replacing the current backup image files with the plurality of current backup image subfiles to store the current backup image files in the intermediate storage medium.
In some embodiments, after the target backup tool is invoked, and corresponding first backup processing is performed on the plurality of backup subdirectories according to the first backup policy, so that the plurality of backup subdirectories are converted into a plurality of corresponding backup image files and then stored in the intermediate storage medium, when the apparatus is implemented, the apparatus may be further configured to: acquiring storage information of a backup image file based on an intermediate storage medium and a file identification of the backup image file; writing the storage information and the file identification of the backup image file into an intermediate list of backup information of the backup image file of which the intermediate storage medium is identified in a target backup list; obtaining backup thread numbers corresponding to the first backup processing of each backup subdirectory by the target backup tool; and the backup thread numbers are written into a target backup list.
In some embodiments, when the apparatus is specifically implemented, the file name of the current backup image sub-file may be determined according to a preset naming rule in the following manner: determining generation time information, file type identification, file content identification of the current backup image sub-file and file connection identification of the current backup image sub-file based on the current backup image file; acquiring a file identifier of a current backup image file; and sequentially splicing the file identification of the current backup image file, the generation time information of the current backup image sub-file, the file type identification, the file content identification and the file connection identification to obtain the file name of the corresponding current backup image sub-file.
In some embodiments, when the second generating module 905 is specifically configured, the generating the corresponding second backup policy for the current backup image file of the plurality of backup image files may be as follows: inquiring a target backup list, and acquiring content keywords of the current backup image file according to the backup catalog information and the file name of the current backup image file; determining the confidentiality level of the current backup image file according to the content keywords of the current backup image file; screening out matched encryption rules according to the confidentiality level of the current backup image file; and generating a corresponding second backup strategy according to the encryption rule.
In some embodiments, when the target backup tool is invoked and the corresponding second backup processes are performed on the plurality of backup image files according to the second backup policy, the apparatus may be further configured to: collecting processing feedback prompt information in the second backup processing process; monitoring whether the second backup processing process is abnormal or not according to the processing feedback prompt information; under the condition that the second backup processing process is abnormal, an abnormal backup image file with the abnormality is determined; determining the abnormal type according to the processing feedback prompt information; according to the anomaly type, determining a matched target anomaly processing rule from a preset anomaly processing rule set; and calling a target backup tool, and performing exception handling related to the exception backup mirror image file according to the target exception handling rule.
In some embodiments, after the target backup tool is invoked and the corresponding second backup processing is performed on the plurality of backup image files according to the second backup policy, so that the plurality of backup image files are encrypted and stored in the target storage medium, the apparatus may be further configured, when implemented, to: generating a backup processing result about the backup image file; writing the backup processing result into a target backup list; accordingly, the device may also be used to: detecting whether an out-of-date file exists in a backup image file currently stored in an intermediate storage medium according to the backup time in a target backup list at intervals of a preset time period; under the condition that the existence of the over-period file is determined, detecting whether the over-period file meets the deletion requirement according to the backup processing result in the target backup list; in the event that it is determined that the deletion requirement is satisfied, the over-run file is deleted from the intermediate storage medium.
In some embodiments, the apparatus, when embodied, may also be used to: receiving a target recovery request; the target recovery request at least carries a cluster identifier of a target cluster to be subjected to data recovery; inquiring and determining corresponding backup catalog information, a first backup strategy and a second backup strategy according to the cluster identification of the target cluster and the corresponding target backup list; inquiring and determining a corresponding target encrypted backup file in a target storage medium according to a second backup strategy and a historical backup record of a target backup tool; according to a second backup strategy, carrying out corresponding second backup inverse processing on the target encrypted backup file so as to store a plurality of backup image files obtained by decryption into an intermediate storage medium; importing a plurality of backup image files in the intermediate storage medium; identifying the plurality of backup image files according to the importing results to obtain corresponding identification results; and according to the target backup list and the identification result, calling a target backup tool to restore the corresponding database data to the target cluster according to the first backup strategy.
In some embodiments, after invoking the target backup tool and performing exception handling related to the exception backup image file according to the target exception handling rule, the apparatus may be further configured, when embodied, to: collecting processing feedback prompt information about an abnormal backup mirror image file after abnormal processing; detecting whether the abnormal backup image file is successfully processed according to the processing feedback prompt information; generating an abnormal alarm prompt about the abnormal backup image file under the condition that the abnormal backup image file processing fails; and sending the abnormality alert prompt to the user terminal.
In some embodiments, after the target backup tool is invoked, and corresponding first backup processing is performed on the plurality of backup subdirectories according to the first backup policy, so that the plurality of backup subdirectories are converted into a plurality of corresponding backup image files and then stored in the intermediate storage medium, when the apparatus is implemented, the apparatus may be further configured to: inquiring a target backup list, and detecting whether the backup image file accords with a confidentiality condition according to backup catalog information and the file name of the current backup image file; and under the condition that the backup image file meets the confidentiality condition, carrying out corresponding encryption processing on the backup image file stored in the intermediate storage medium.
It should be noted that, the units, devices, or modules described in the above embodiments may be implemented by a computer chip or entity, or may be implemented by a product having a certain function. For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, when the present description is implemented, the functions of each module may be implemented in the same piece or pieces of software and/or hardware, or a module that implements the same function may be implemented by a plurality of sub-modules or a combination of sub-units, or the like. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
From the above, based on the data encryption backup device of the target cluster provided by the embodiment of the present disclosure, the cluster characteristics of the target cluster and the existing functions of the target backup tool can be effectively utilized, and the database data of the target cluster is efficiently backed up in the form of ciphertext to the target storage medium for storage without additional modification of the target backup tool, so that the backup data is prevented from being leaked, and the security of the backup data is improved.
In a specific scenario example, the Hadoop backup encryption based on the Hadoop database and NBU backup software can be implemented by applying the data encryption backup method of the target cluster provided by the specification. In particular, referring to fig. 10, the following may be implemented.
In this scenario example, considering the file encryption function of the NBU centralized backup software (e.g., the target backup tool) itself, in conjunction with the HADOOP backup plug-in based on the NBU centralized backup software, the HADOOP database (e.g., the database data of the target cluster) is backed up to the advanced disk pool (e.g., the intermediate storage medium) of the disk environment according to the mirror directory, so that the format of the HADOOP database is converted from the HADOOP file format to the backup mirror format (i.e., the backup mirror file); the backup image is then cryptographically backed up to tape (e.g., target storage medium) in the form of a standard file. Thereby realizing the final encryption backup of the HADOOP data. Meanwhile, during recovery, data can be decrypted and recovered to an advanced disk pool, and then imported and recovered, so that the capacity of recovering the HADOOP to the HADOOP database cluster is realized.
In this scenario example, the implementation mainly relies on the NBU centralized backup software, and the automation tool performs flow control through the command line interface of the NBU centralized backup software. Meanwhile, in order to satisfy the backup intermediation, a NBU Advanced Disk Pool advanced storage pool needs to be set at each NBU backup media server. In addition, a "backup list" (e.g., a target backup list) needs to be created, which contains the following relevant fields: HADOOP cluster, backup date, backup status, backup directory, first backup policy, advanced storage pool image file list, encrypted backup policy, etc. The list is mainly used for counting backup conditions and helping subsequent recovery use.
In particular, the method may include the following steps.
S1: and fully preparing the HADOOP batches.
Specifically, according to the setting condition of the HADOOP directory snapshot (for example, target directory snapshot), the HADOOP directory (for example, backup subdirectory) capable of being backed up in a split way is obtained through the NBU centralized backup software and the HADOOP client interface, and the backup strategy is automatically generated through the NBU interface, and the backup is started in sequence until all the directories available for backup are backed up. And monitoring the execution condition of the related backup strategy, inputting a backup list after the backup is finished, and initializing writing in: HADOOP cluster, backup date, backup directory, first backup policy. If the backup fails, stopping, notifying the manager of manual intervention, and restarting breakpoint execution after the error failure is removed. After the backup step is executed, the backup state is as follows: successful for the first time.
S2: backup to the advanced disk pool (first backup process).
Specifically, according to the advanced disk pool set in advance, the backup automatic production backup strategy (for example, the first backup strategy) of the single catalog in the previous step of the HADOOP batch full backup is used as the backup target parameter for writing. After the backup is completed, the unique serial numbers of the executed backup operation and the unique serial numbers of the backup mirror images are obtained through the NBU centralized backup software interface. When the method is implemented, related programs automatically find backup images which are backed up and packaged by the NBU centralized backup software in the advanced disk pool through the unique number prefix of the backup operation. Typically more than four files, including 2 backup image header files, and multiple backup segment files. The shape is as follows: backup image unique number_c1_hdr. Time. Info/img (backup image header file), backup image unique number_c1. F segment number. Time. Info/img (backup segment file). And writes the file list into the "advanced storage pool image file list" field of the "backup list" (the intermediate list identifying backup information of backup image files of intermediate storage media).
S3: encryption backup (second backup processing).
Specifically, according to the backup image file of the "advanced storage pool image file list" in the "backup list", as a target to be backed up, a backup policy with a backup mode being a standard file backup is automatically generated through an NBU centralized backup software interface, and the backup policy is set to be in an encrypted state, and the backup target is generally set to be a tape. And initiates the backup strategy. And simultaneously writing the backup strategy into an encryption backup strategy field of the related record of the backup list. And meanwhile, the execution condition of the backup strategy is monitored through a program. If the error is reported, an administrator is notified, and manual intervention is performed. If successful, the backup state in the backup list is set as the encryption backup completion. After the encryption backup is finished, the unique number of the mirror image Guan Beifen is subjected to expiration processing through an NBU centralized backup software interface, and the NBU system automatically cleans related files of the mirror image, so that the file occupation of the advanced disk pool is short-term occupation. The advanced disk pool only retains data to be encrypted for a short period of time. And re-executing the backup of the remaining directories in the second step. Until all available directories in the cluster are backed up. The encrypted backup of the entire cluster is completed.
S4: the recovery starts.
Specifically, since the HADOOP related backup files are generated in a form of backup conversion, if files in the cluster need to be restored, restoration needs to be performed according to backup information marked in the backup list.
S5: decryption is restored to the advanced disk pool.
Specifically, according to the directory of the cluster to be restored, an encryption backup strategy is found through the backup list, and the decryption mode is restored to the advanced disk pool.
S6: the backup image is imported.
Specifically, when the backup image is restored to the advanced disk pool by the decryption method, the NBU centralized backup software cannot be identified, because the related metadata information and the actual backup image are deleted after the pre-encryption backup is completed. Therefore, mirror image import needs to be implemented on the related backup mirror image, so that the NBU can identify backup, and after the import is completed, the NBU can confirm that the detailed backup information in the cluster catalog of the related backup list and implement the next step of recovering to HADOOP.
S7: and recovering to the HADOOP.
Specifically, according to the first backup strategy in the backup list, the HADOOP directory or file can be restored to the designated HADOOP cluster according to the conventional HADOOP file restoration mode.
Based on the scene example, the problem that the HADOOP database cannot be encrypted in the NBU backup software environment can be solved by verifying the data encryption backup method of the target cluster provided by the specification, so that the high security of data backup is ensured, and after the tape data is separated from a data center, encryption characteristics still exist, and data loss is prevented; meanwhile, in specific implementation, the HADOOP cluster backup plug-in or NBU backup software does not need to be compiled or poured again, so that the complexity of implementation is reduced, the implementation is fast, and the overall processing efficiency is improved.
Although the present description provides method operational steps as described in the examples or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. When implemented by an apparatus or client product in practice, the methods illustrated in the embodiments or figures may be performed sequentially or in parallel (e.g., in a parallel processor or multi-threaded processing environment, or even in a distributed data processing environment). The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, it is not excluded that additional identical or equivalent elements may be present in a process, method, article, or apparatus that comprises a described element. The terms first, second, etc. are used to denote a name, but not any particular order.
Various embodiments in this specification are described in a progressive manner, and identical or similar parts are all provided for each embodiment, each embodiment focusing on differences from other embodiments. The specification is operational with numerous general purpose or special purpose computer system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
Although the present specification has been described by way of example, it will be appreciated by those skilled in the art that there are many variations and modifications to the specification without departing from the spirit of the specification, and it is intended that the appended claims encompass such variations and modifications as do not depart from the spirit of the specification.

Claims (15)

1. The data encryption backup method of the target cluster is characterized by comprising the following steps of:
acquiring a target backup request; the target backup request at least carries a cluster identifier of a target cluster to which the target backup request is directed;
According to the target backup request, a target backup tool is called to acquire database data of the target cluster through a corresponding data interface, and the database data of the target cluster is split into a plurality of backup subdirectories;
generating corresponding first backup strategies for the plurality of backup subdirectories respectively; creating a corresponding target backup list; wherein, the target backup list at least comprises: cluster identification of the target cluster, a first backup strategy and backup catalog information;
calling a target backup tool, and respectively carrying out corresponding first backup processing on the plurality of backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the corresponding backup image files in an intermediate storage medium;
generating corresponding second backup strategies for the backup image files respectively; writing the second backup strategy into a target backup list; the second backup strategy is an encryption backup strategy containing encryption rules;
and calling a target backup tool, and respectively carrying out corresponding second backup processing on the plurality of backup image files according to a second backup strategy so as to encrypt the plurality of backup image files and store the encrypted plurality of backup image files into a target storage medium.
2. The method of claim 1, wherein the target cluster comprises: hadoop clusters; correspondingly, the target backup tool comprises: the NBU centralizes backup software; the backup subdirectory comprises: a Hadoop backup subdirectory; the intermediate storage medium includes: an advanced disk pool; the target storage medium includes: magnetic tape.
3. The method of claim 2, wherein splitting database data of the target cluster into a plurality of backup subdirectories, comprises:
obtaining a target directory snapshot of a target cluster;
and splitting the database data of the target cluster into a plurality of backup subdirectories according to the target directory snapshot of the target cluster and a preset first splitting rule.
4. The method of claim 2, wherein converting the plurality of backup subdirectories into a corresponding plurality of backup image files for storage in the intermediate storage medium, comprises:
converting a current backup subdirectory in the plurality of backup subdirectories into a corresponding current backup image file and storing the corresponding current backup image file in an intermediate storage medium according to the following mode:
converting the current backup subdirectory into a corresponding current backup image file;
splitting the current backup image file into a plurality of current backup image subfiles according to a preset second splitting rule; determining and marking the file name of the current backup mirror image subfile according to a preset naming rule; wherein, the current plurality of backup image sub-files at least comprise two backup image header files and two backup image segment files;
And replacing the current backup image files with the plurality of current backup image subfiles to store the current backup image files in the intermediate storage medium.
5. The method of claim 4, wherein after the target backup tool is invoked to perform corresponding first backup processing on the plurality of backup subdirectories according to the first backup policy, respectively, to convert the plurality of backup subdirectories into corresponding plurality of backup image files and store the plurality of backup image files in the intermediate storage medium, the method further comprises:
acquiring storage information of a backup image file based on an intermediate storage medium and a file identification of the backup image file;
writing the storage information and the file identification of the backup image file into an intermediate list of backup information of the backup image file of which the intermediate storage medium is identified in a target backup list;
obtaining backup thread numbers corresponding to the first backup processing of each backup subdirectory by the target backup tool;
and the backup thread numbers are written into a target backup list.
6. The method of claim 5, wherein determining the file name of the current backup image subfile according to a preset naming convention comprises:
determining generation time information, file type identification, file content identification of the current backup image sub-file and file connection identification of the current backup image sub-file based on the current backup image file;
Acquiring a file identifier of a current backup image file;
and sequentially splicing the file identification of the current backup image file, the generation time information of the current backup image sub-file, the file type identification, the file content identification and the file connection identification to obtain the file name of the corresponding current backup image sub-file.
7. The method of claim 6, wherein generating corresponding second backup policies for the plurality of backup image files, respectively, comprises:
generating a corresponding second backup policy for a current backup image file of the plurality of backup image files in the following manner:
inquiring a target backup list, and acquiring content keywords of the current backup image file according to the backup catalog information and the file name of the current backup image file;
determining the confidentiality level of the current backup image file according to the content keywords of the current backup image file;
screening out matched encryption rules according to the confidentiality level of the current backup image file; and generating a corresponding second backup strategy according to the encryption rule.
8. The method of claim 2, wherein in invoking the target backup tool to perform a corresponding second backup process on the plurality of backup image files according to the second backup policy, the method further comprises:
Collecting processing feedback prompt information in the second backup processing process;
monitoring whether the second backup processing process is abnormal or not according to the processing feedback prompt information;
under the condition that the second backup processing process is abnormal, an abnormal backup image file with the abnormality is determined; determining the abnormal type according to the processing feedback prompt information;
according to the anomaly type, determining a matched target anomaly processing rule from a preset anomaly processing rule set;
and calling a target backup tool, and performing exception handling related to the exception backup mirror image file according to the target exception handling rule.
9. The method of claim 2, wherein after the target backup tool is invoked to perform corresponding second backup processing on the plurality of backup image files according to the second backup policy, so as to encrypt the plurality of backup image files and store the encrypted plurality of backup image files in the target storage medium, the method further comprises:
generating a backup processing result about the backup image file; writing the backup processing result into a target backup list;
correspondingly, the method further comprises the steps of:
detecting whether an out-of-date file exists in a backup image file currently stored in an intermediate storage medium according to the backup time in a target backup list at intervals of a preset time period;
Under the condition that the existence of the over-period file is determined, detecting whether the over-period file meets the deletion requirement according to the backup processing result in the target backup list;
in the event that it is determined that the deletion requirement is satisfied, the over-run file is deleted from the intermediate storage medium.
10. The method according to claim 2, wherein the method further comprises:
receiving a target recovery request; the target recovery request at least carries a cluster identifier of a target cluster to be subjected to data recovery;
inquiring and determining corresponding backup catalog information, a first backup strategy and a second backup strategy according to the cluster identification of the target cluster and the corresponding target backup list;
inquiring and determining a corresponding target encrypted backup file in a target storage medium according to a second backup strategy and a historical backup record of a target backup tool;
according to a second backup strategy, carrying out corresponding second backup inverse processing on the target encrypted backup file so as to store a plurality of backup image files obtained by decryption into an intermediate storage medium;
importing a plurality of backup image files in the intermediate storage medium; identifying the plurality of backup image files according to the importing results to obtain corresponding identification results;
And according to the target backup list and the identification result, calling a target backup tool to restore the corresponding database data to the target cluster according to the first backup strategy.
11. The method of claim 8, wherein after invoking the target backup tool to perform exception handling associated with the exception backup image file according to the target exception handling rules, the method further comprises:
collecting processing feedback prompt information about an abnormal backup mirror image file after abnormal processing;
detecting whether the abnormal backup image file is successfully processed according to the processing feedback prompt information;
generating an abnormal alarm prompt about the abnormal backup image file under the condition that the abnormal backup image file processing fails; and sending the abnormality alert prompt to the user terminal.
12. The method of claim 7, wherein after the target backup tool is invoked to perform corresponding first backup processing on the plurality of backup subdirectories according to the first backup policy, respectively, to convert the plurality of backup subdirectories into corresponding plurality of backup image files and store the plurality of backup image files in the intermediate storage medium, the method further comprises:
inquiring a target backup list, and detecting whether the backup image file accords with a confidentiality condition according to backup catalog information and the file name of the current backup image file;
And under the condition that the backup image file meets the confidentiality condition, carrying out corresponding encryption processing on the backup image file stored in the intermediate storage medium.
13. A data encryption backup device for a target cluster, comprising:
the acquisition module is used for acquiring the target backup request; the target backup request at least carries a cluster identifier of a target cluster to which the target backup request is directed;
the splitting module is used for calling the target backup tool to acquire the database data of the target cluster through the corresponding data interface according to the target backup request and splitting the database data of the target cluster into a plurality of backup subdirectories;
the first generation module is used for respectively generating corresponding first backup strategies for the plurality of backup subdirectories; creating a corresponding target backup list; wherein, the target backup list at least comprises: cluster identification of the target cluster, a first backup strategy and backup catalog information;
the first processing module is used for calling the target backup tool, and respectively carrying out corresponding first backup processing on the plurality of backup subdirectories according to a first backup strategy so as to convert the plurality of backup subdirectories into a plurality of corresponding backup image files and store the corresponding backup image files in the intermediate storage medium;
The second generation module is used for respectively generating corresponding second backup strategies for the plurality of backup image files; writing the second backup strategy into a target backup list; the second backup strategy is an encryption backup strategy containing encryption rules;
and the second processing module is used for calling the target backup tool, and respectively carrying out corresponding second backup processing on the plurality of backup image files according to a second backup strategy so as to encrypt the plurality of backup image files and store the encrypted plurality of backup image files into the target storage medium.
14. A server comprising a processor and a memory for storing processor-executable instructions, which when executed by the processor implement the steps of the method of any one of claims 1 to 12.
15. A computer readable storage medium, having stored thereon computer instructions which, when executed by a processor, implement the steps of the method of any of claims 1 to 12.
CN202311609660.5A 2023-11-29 2023-11-29 Data encryption backup method, device and server of target cluster Pending CN117407903A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311609660.5A CN117407903A (en) 2023-11-29 2023-11-29 Data encryption backup method, device and server of target cluster

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311609660.5A CN117407903A (en) 2023-11-29 2023-11-29 Data encryption backup method, device and server of target cluster

Publications (1)

Publication Number Publication Date
CN117407903A true CN117407903A (en) 2024-01-16

Family

ID=89487271

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311609660.5A Pending CN117407903A (en) 2023-11-29 2023-11-29 Data encryption backup method, device and server of target cluster

Country Status (1)

Country Link
CN (1) CN117407903A (en)

Similar Documents

Publication Publication Date Title
CN107220142B (en) Method and device for executing data recovery operation
CN109034993B (en) Account checking method, account checking equipment, account checking system and computer readable storage medium
WO2019154394A1 (en) Distributed database cluster system, data synchronization method and storage medium
CN105550073A (en) Database backup method and system thereof
US9471610B1 (en) Scale-out of data that supports roll back
CN105824846B (en) Data migration method and device
US11194669B2 (en) Adaptable multi-layered storage for generating search indexes
CN111708794B (en) Data comparison method and device based on big data platform and computer equipment
US11392460B2 (en) Adaptable multi-layer storage with controlled restoration of protected data
CN113886143B (en) Virtual machine continuous data protection method and device and data recovery method and device
US20200409796A1 (en) Data management system with limited control of external compute and storage resources
CN112380057A (en) Data recovery method, device, equipment and storage medium
CN113806301B (en) Data synchronization method, device, server and storage medium
CN103716384A (en) Method and device for realizing cloud storage data synchronization in cross-data-center manner
CN114138549A (en) Data backup and recovery method based on kubernets system
CN112380067A (en) Metadata-based big data backup system and method under Hadoop environment
US11079960B2 (en) Object storage system with priority meta object replication
CN114328029A (en) Backup method and device of application resources, electronic equipment and storage medium
US11093465B2 (en) Object storage system with versioned meta objects
US11074002B2 (en) Object storage system with meta object replication
CN117407903A (en) Data encryption backup method, device and server of target cluster
CN115454717A (en) Database real-time backup method and device, computer equipment and storage medium
CN113806309B (en) Metadata deleting method, system, terminal and storage medium based on distributed lock
CN113342579A (en) Data restoration method and device
CN115221125A (en) File processing method and device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination