CN208424434U - A kind of net interval is from exchange system - Google Patents
A kind of net interval is from exchange system Download PDFInfo
- Publication number
- CN208424434U CN208424434U CN201820850083.7U CN201820850083U CN208424434U CN 208424434 U CN208424434 U CN 208424434U CN 201820850083 U CN201820850083 U CN 201820850083U CN 208424434 U CN208424434 U CN 208424434U
- Authority
- CN
- China
- Prior art keywords
- exchange
- grids
- agency
- gateway
- subelement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of net interval is from exchange system, including exchange between grids isolation gateway, exchange between grids managing and control system, exchange between grids agency;The exchange between grids isolation gateway is deployed in each domain edge to connect each domain, the exchange between grids isolation gateway is acted on behalf of by exchange between grids to be connect with service terminal, the exchange between grids isolation gateway is connect with the exchange between grids managing and control system, the exchange between grids agency, which is adapted for carrying out, to be acted on behalf of from service terminal to the exchange between grids and acts on behalf of from the exchange between grids to the information transmission of the service terminal both direction, and the exchange between grids managing and control system is suitable for being isolated by agreement with the exchange between grids gateway and exchange between grids agency's interaction.
Description
Technical field
The utility model relates to the communications fields more particularly to a kind of net interval from exchange system.
Background technique
Inter-network data exchange be between different networks (such as different dedicated networks, industry network etc.), and
Data exchange demand between different networks and different business domains designs unified data exchange management and security protection machine
System, the unified data exchange system of component is to meet the needs of data exchange between different business systems.
Utility model content
The utility model proposes a kind of net intervals to be isolated gateway, exchange between grids pipe from exchange system, including exchange between grids
Control system, exchange between grids agency;
The exchange between grids isolation gateway is deployed in each domain edge to connect each domain, and gateway is isolated in the exchange between grids
It is acted on behalf of by exchange between grids and is connect with service terminal, the exchange between grids isolation gateway and the exchange between grids managing and control system connect
It connects, exchange between grids agency, which is adapted for carrying out, to be acted on behalf of from service terminal to the exchange between grids and from the exchange between grids generation
It manages to the information of the service terminal both direction and transmits, the exchange between grids managing and control system is suitable for by between agreement and the net
Exchange isolation gateway and exchange between grids agency's interaction.
Preferably, the exchange between grids agency is serially arranged in the service terminal up path in a manner of bridge
On.
Preferably, the exchange between grids agency includes authentication subelement, the authentication of the exchange between grids agency
Subelement is suitable in exchange between grids agency before accessing exchange between grids system, sends identity to exchange between grids isolation gateway
Certification request and authentication information.
Preferably, exchange between grids isolation gateway includes authentication subelement and permission and format checking subelement,
The authentication subelement of the exchange between grids isolation gateway carries out authentication, the format inspection to exchange between grids managing and control system
Subelement is looked into exchange between grids isolation gateway exchange user information message, the service access right of user is examined
It looks into.
Preferably, the format checking subelement is suitable for generating statistical information relevant to switch-activity, the statistics letter
Breath includes source destination address, exchange type of message, exchange quantity, the one or more in swap time.
Preferably, the exchange between grids managing and control system includes management subelement, and it is following that the management subelement is suitable for monitoring
One or more in information: the access information of terminal user, the presence of terminal user, the exchange between grids agency and
Running state information, the switching traffic information, exchange gateway distributed intelligence of the exchange between grids isolation gateway.
Preferably, the exchange between grids managing and control system further includes control subelement, and the control subelement is suitable for described
Gateway is isolated in exchange between grids and exchange between grids agency carries out parameter configuration control.
Exchange system in the technical solution of the utility model can satisfy the need of data exchange between different business systems
It asks.
Detailed description of the invention
Fig. 1 the application embodiment net interval is from exchange system composition schematic diagram.
Wherein, 100 exchange between grids isolation gateway, 200 exchange between grids managing and control systems, 300 exchange between grids agency, 301 certifications
Server, 400 service terminals.
Specific embodiment
Below by drawings and examples, the technical solution of the utility model is described in further detail.
A kind of net that Fig. 1 illustrates present embodiment, which is spaced, is isolated gateway 100, net from exchange system, including exchange between grids
Between exchange managing and control system 200, exchange between grids agency 300.
The exchange between grids isolation gateway 100 is deployed in each domain edge to connect each domain, the exchange between grids isolation
Gateway 100 is connect by exchange between grids agency 300 with service terminal 400, between the exchange between grids isolation gateway 100 and the net
It exchanges managing and control system 200 to connect, the exchange between grids agency 300 is adapted for carrying out from service terminal 400 to the exchange between grids generation
300 and the information transmission from exchange between grids agency 300 to 400 both direction of service terminal are managed, is handed between the net
It changes managing and control system 200 and is suitable for being isolated by agreement with the exchange between grids 300 interaction of gateway 100 and exchange between grids agency.
In the embodiment not shown in one drawing, the exchange between grids agency 300 includes authentication subelement,
The authentication subelement of exchange between grids agency 300 be suitable for exchange between grids agency 300 access exchange between grids system it
Before, ID authentication request and authentication information are sent to exchange between grids isolation gateway 100.The exchange between grids separation net
Closing 100 includes authentication subelement and permission and format checking subelement, and the identity of the exchange between grids isolation gateway 100 is recognized
It demonstrate,proves subelement and carries out authentication to exchange between grids managing and control system, the format checking subelement is in the exchange between grids separation net
When closing exchange user information message, the service access right of user is checked.The format checking subelement is suitable for generating
Statistical information relevant to switch-activity, the statistical information include source destination address, exchange type of message, exchange quantity, hand over
Change the one or more in the time.The exchange between grids managing and control system 200 includes management subelement, and the management subelement is suitable
One or more in the following information of monitoring: between the access information of terminal user, the presence of terminal user, the net
The running state information of clearing agent 300 and exchange between grids isolation gateway 100, switching traffic information, exchange gateway distribution
Information.The exchange between grids managing and control system 200 further includes control subelement, and the control subelement is suitable for the exchange between grids
Gateway is isolated and exchange between grids agency carries out parameter configuration control.
Specifically, clearing agent's deployed with devices is serially deployed in business end on end system position with bridge mode
Hold up path.Exchange between grids agency 300 is the beginning and end of user network network utility information exchange, exchange between grids agency
300 function includes:
Authentication.Line is 1. shown as shown in figure 1, and exchange between grids agency 300 is before accessing exchange between grids system, first
ID authentication request and authentication information are sent to exchange between grids isolation gateway 100, and according to the process flow of authentication
Access identity certification is completed, could only be worked normally by the exchange between grids agency 300 of authentication.Exchange between grids agency
300 can act on behalf of single, multiple service terminals 400 or service terminal subnet, when exchange between grids act on behalf of 300 authentication, together
When carry proxied service terminal information (including IP, ID, name, unit, place network etc.).
Information transmission.Line is 3. shown as shown in figure 1, and 300 directions are acted on behalf of from service terminal 400 to exchange between grids: being handed between net
Regenerate reason 300 network interfaces intercept and capture user apply message, first according to user using message source IP judge the computer be by
The service terminal 400 of agency, if not then directly externally transmission.Then information is determined using the destination IP of message according to user
The target network where user is received, is directly externally sent if receiving party is located locally network, if be located at other
Network, then according to the connection relationship between network and the network site where receiving party, select corresponding exchange between grids every
Off-network close 100 be used as information outlets, and using special tunnel format by user using message be sent to corresponding exchange between grids every
Off-network closes 100.If transmitted using purpose ID, exchange between grids are acted on behalf of in encapsulation tunnel format, are needed original application message
Source IP replace with the ID of the service terminal 400.The tunnel packet that exchange between grids agency 300 externally sends, IP sources of outer layer
Address is service terminal IP address, and destination address is isolation gateway functional area IP address.
From exchange between grids agency 300 to 400 direction of service terminal: exchange between grids act on behalf of 300 network interfaces intercept and capture from every
Off-network closes 100 tunnel format message, the validity checkings such as is distorted, reset to message first, then removes tunnel head, most
Common IP packet is sent to service terminal 400 afterwards.
Management control.Line is 2. shown as shown in figure 1, and exchange between grids act on behalf of 300 after the authentication has been successful, to isolation gateway 100
Report self-operating state (such as CPU, memory service condition).Exchange between grids agency is in information transmission, in order to determine user
Using the target network where the destination IP of message, need to inquire switching path to the isolation gateway 100 of access authentication.Separation net
Close 100 response inquiry and to exchange between grids agency 300 feedback destination IPs where target network and information transmission via every
Off-network closes 100, if destination IP, in present networks or unverified online, isolation gateway 100 does not feed back switching path.
Gateway 100 is isolated by the way of routing isolation and controlled exchange in exchange between grids, integrated use access authentication, tunnel
The safety control measures such as transmission, exchange control, centralized management, realize the controlled intercommunication of information between different nets (domain).Exchange between grids
It is to be deployed in different network domains edge that gateway 100, which is isolated, is responsible for connection different network domains and believes by the control that managing and control system 200 provides
Breath carries out the hardware device of ferrying information and Content inspection service, is the key equipment for realizing striding network area information exchange.It is handed between net
It changes isolation gateway 100 and mainly realizes following functions:
Authentication.Line is 1. shown as shown in figure 1, and gateway 100 is isolated before carrying out vocational work, first to hand over between net
It changes managing and control system 200 and carries out authentication.
Isolation exchange.Gateway 100 is isolated by multiple access processing units, an isolation crosspoint and management in exchange between grids
Control unit composition.Figure line as above is 3. shown, and access processing is responsible for sending and receiving answers from the user of exchange between grids agency
With message, crosspoint is isolated and is responsible for infomational message of ferrying between different access processing units, management control unit is between net
Exchange isolation gateway is managed for configuration and condition monitoring.
Permission and format checking.Gateway 100 is isolated when exchanging user information message in exchange between grids, needs the clothes to user
Business access right is checked that the information exchange behavior for violating permission is prevented, and generates corresponding log recording.It is right
Between the net of permission information exchange behavior need header format and content for message make it is corresponding check, to other messages according to
Support is extended according to its protocol specification.While exchanging information, it is also necessary to which dynamic is generated about information exchange service behavior
Statistical information, specifically include that source destination address, exchange type of message, quantity and time etc..
Management control.Line is 2. shown as shown in figure 1, and the exchange between grids isolation needs response of gateway 100 carrys out Self management control and is
The network management information inquiry request of system 200 and Remote configuration management request, report traffic log to believe to exchange between grids managing and control system
Breath and exchange between grids agency and the status information of itself.Exchange between grids are isolated gateway 100 itself and timing are needed to pass through management control
Unit processed sends heartbeat message to management control system, to safeguard that access state is active.Gateway 100 is isolated and receives exchange between grids generation
The status information that reason 300 reports responds the switching path inquiry acted on behalf of from exchange between grids.
Management control system 200 is the management control core of exchange between grids system, is responsible for realizing the pipe of exchange between grids system
Control function is managed, management object includes clearing agent's equipment and exchange between grids isolation gateway.Managing and control system can be according to classification
Deployment mutually can also concentrate deployment using cluster for mode.Management control system 200 is deployed in private server on the inside of network
On, on the one hand receive the local management operation from system manager, on the other hand using control protocol and management agreement and net
Between clearing agent, exchange between grids isolation gateway, the whole network Centralized Authentication System interact.Management control system 200 is responsible for net
Between exchange system control, O&M and network management independent software system, be to guarantee that whole system is correct, key foundation of efficient operation
Facility.
The function of management control system 200 is divided into two aspect of control and management, on the one hand realizes the control of information exchange between net
Making mechanism, maintenance and transmitting control information, on the other hand carry out configuration to each building block of exchange between grids system and dynamic are managed
Reason, while necessary management data are provided for security system.Management control system 200 mainly implements function such as:
Operating status management.Line is 2. shown as shown in figure 1, and management control system 200 monitors entire exchange between grids system in real time
The operating status of system specifically includes that the access situation and presence of 400 user of terminal, hands between exchange between grids agency 300 and net
Change the operating status of isolation gateway 100, the switching traffic situation of change of exchange between grids isolation gateway 100, sorts of systems operation thing
A situation arises for part, distribution situation of gateway 100 etc. is isolated in exchange between grids agency 300 and exchange between grids.Management control system
200 while real-time collecting above- mentioned information, are also shown by visual graphical interfaces to above- mentioned information, to manage
The operating status of personnel's understanding system.
Networking user's management.Management control system 200 be responsible between institute it is in need using net information exchange service user
Terminal 400 carries out service examination & approval and behavior authorization.User terminal 400 is controlled before using information exchange service between net to management
System application is that it distributes unique user agent ID and licensing by management control system 200, the coding of user agent ID and
Distribution is responsible for by management control system 200, is used for identity user identity and permission.
Behavior auditing supervision.Management control system is collected to be produced from all exchange between grids agency and exchange between grids isolation gateway
Raw log information, log information reflect information exchange behavior between the access registration behavior of terminal, net, violation operation behavior with
And the situation of change of self-operating state.Management control system generates Intelligent statistical chart according to the various information being collected into, with
Just administrative staff analyze information exchange situation between net.
System configuration management.Management control system 200, which is provided, is isolated gateway 100 to exchange between grids agency 300, exchange between grids
The function being managed for configuration is responsible for needing to be used lack in the process of running to agency 300, exchange between grids isolation gateway 100
It saves running parameter and rule is managed for configuration.Management control system 200 uses running parameter allocation models by user agent 300
Necessary control parameter and behavioral strategy organize together in actual operation with exchange between grids isolation gateway 100, uniformly deposit
Storage.When user agent 300 and exchange between grids isolation gateway 100 execute access registration, by the specific of running parameter allocation models
The user agent 300 for being handed down to application access and exchange between grids isolation gateway 100 are set, to realize the unification to these components
Configuration.In system operation, network administrator can also modify certain user agent 300 or exchange between grids in control server
Running parameter and the configuration of gateway 100 is isolated, is then joined modified work by management agreement by management control system 200
Number table is handed down to corresponding user agent 300 and exchange between grids isolation gateway 100.
The exchange system that the utility model embodiment proposes can be on the basis for guaranteeing each operation system security isolation
On meet the needs of data exchange between different business systems.
Professional should further appreciate that, described in conjunction with the examples disclosed in the embodiments of the present disclosure
Unit and algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, hard in order to clearly demonstrate
The interchangeability of part and software generally describes each exemplary composition and step according to function in the above description.
These functions are implemented in hardware or software actually, the specific application and design constraint depending on technical solution.
Professional technician can use different methods to achieve the described function each specific application, but this realization
It is not considered that exceeding the scope of the utility model.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can be executed with hardware, processor
The combination of software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only memory
(ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field
In any other form of storage medium well known to interior.
Above-described specific embodiment, to the purpose of this utility model, technical scheme and beneficial effects carried out into
One step is described in detail, it should be understood that being not used to limit the foregoing is merely specific embodiment of the present utility model
Determine the protection scope of the utility model, within the spirit and principle of the utility model, any modification for being made equally is replaced
It changes, improve, should be included within the scope of protection of this utility model.
Claims (7)
1. a kind of net interval is from exchange system, which is characterized in that including exchange between grids isolation gateway, exchange between grids managing and control system,
Exchange between grids agency;
The exchange between grids isolation gateway is deployed in each domain edge to connect each domain, and the exchange between grids isolation gateway passes through
Exchange between grids agency connect with service terminal, and the exchange between grids isolation gateway is connect with the exchange between grids managing and control system, institute
Exchange between grids agency is stated to be adapted for carrying out and act on behalf of from service terminal to the exchange between grids and act on behalf of from the exchange between grids to institute
State the information transmission of service terminal both direction, the exchange between grids managing and control system be suitable for by agreement and the exchange between grids every
Off-network is closed and exchange between grids agency's interaction.
2. net interval according to claim 1 is from exchange system, which is characterized in that
The exchange between grids agency is serially arranged on the service terminal up path in a manner of bridge.
3. net interval according to claim 2 is from exchange system, which is characterized in that
The exchange between grids agency includes authentication subelement, and the authentication subelement of the exchange between grids agency is suitable for
Between exchange between grids proxy access network before exchange system, ID authentication request and identity are sent to exchange between grids isolation gateway
Authentication information.
4. net interval according to claim 1 is from exchange system, which is characterized in that
The exchange between grids isolation gateway includes authentication subelement and permission and format checking subelement, the exchange between grids
The authentication subelement that gateway is isolated carries out authentication to exchange between grids managing and control system, and the format checking subelement is in institute
When stating exchange between grids isolation gateway exchange user information message, the service access right of user is checked.
5. net interval according to claim 4 is from exchange system, which is characterized in that
The format checking subelement is suitable for generating statistical information relevant to switch-activity, and the statistical information includes source target
Address, exchange type of message, exchange quantity, the one or more in swap time.
6. net interval according to claim 1 is from exchange system, which is characterized in that
The exchange between grids managing and control system includes management subelement, and the management subelement is suitable for monitoring one in following information
It is or multinomial: the access information of terminal user, the presence of terminal user, exchange between grids agency and the exchange between grids
Running state information, the switching traffic information, exchange gateway distributed intelligence of gateway is isolated.
7. net interval according to claim 6 is from exchange system, which is characterized in that
The exchange between grids managing and control system further includes control subelement, and the control subelement is suitable for that the exchange between grids are isolated
Gateway and exchange between grids agency carry out parameter configuration control.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201820850083.7U CN208424434U (en) | 2018-06-01 | 2018-06-01 | A kind of net interval is from exchange system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201820850083.7U CN208424434U (en) | 2018-06-01 | 2018-06-01 | A kind of net interval is from exchange system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN208424434U true CN208424434U (en) | 2019-01-22 |
Family
ID=65112121
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201820850083.7U Active CN208424434U (en) | 2018-06-01 | 2018-06-01 | A kind of net interval is from exchange system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN208424434U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112437095A (en) * | 2020-12-05 | 2021-03-02 | 江苏秉信科技有限公司 | Client-server communication interaction method across security zones |
-
2018
- 2018-06-01 CN CN201820850083.7U patent/CN208424434U/en active Active
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112437095A (en) * | 2020-12-05 | 2021-03-02 | 江苏秉信科技有限公司 | Client-server communication interaction method across security zones |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105139139B (en) | Data processing method and device and system for O&M audit | |
| CN101252441B (en) | Acquired safety control method and system based on target capable of setting information safety | |
| CN110445827A (en) | The method for managing security and security system of Sensor Network based on distributed account book technology | |
| CN105917690A (en) | System, method, and computer program for preserving service continuity in network function virtualization (NFV) based communication network | |
| CN103227797A (en) | Distributive management system of information network security for power enterprises | |
| CN105207853A (en) | Local area network monitoring management method | |
| CN108040268A (en) | A kind of video surveillance network method of controlling security and system based on SDN | |
| CN108769289A (en) | A kind of network address resources Visualized management system | |
| CN107409069A (en) | Network, which is alleviated in DDOS, manages Service control | |
| CN108966216A (en) | A kind of method of mobile communication and device applied to power distribution network | |
| CN109951340A (en) | It is a kind of to carry out the system and method that service call deposits card with block chain | |
| CN110417739A (en) | It is a kind of based on block chain technology safety Netowrk tape in measurement method | |
| CN208424434U (en) | A kind of net interval is from exchange system | |
| KR100758796B1 (en) | Realtime service management system for enterprise and a method thereof | |
| CN110290153A (en) | A kind of automatic delivery method of Port Management strategy and device of firewall | |
| CN109600395A (en) | A kind of device and implementation method of terminal network access control system | |
| Killer et al. | Threat management dashboard for a blockchain collaborative defense | |
| Schaeffer-Filho et al. | Network resilience with reusable management patterns | |
| Ciancamerla et al. | An electrical grid and its SCADA under cyber attacks: Modelling versus a Hybrid Test Bed | |
| DE102014225418A1 (en) | Method and device for monitoring a certification authority | |
| Stanley et al. | Correlating network services with operational mission impact | |
| CN201557132U (en) | Cross-domain management device based on PKI/PMI technology | |
| CN114466038A (en) | Communication protection system of electric power thing networking | |
| Wang et al. | Blockchain based data sharing for user experience driven slice SLA guarantee | |
| CN103198376A (en) | Police information network border accessing platform service improvement system where inner network acts as agent of outer network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |