CN208656807U - A kind of system for branch access general headquarters - Google Patents
A kind of system for branch access general headquarters Download PDFInfo
- Publication number
- CN208656807U CN208656807U CN201821595471.1U CN201821595471U CN208656807U CN 208656807 U CN208656807 U CN 208656807U CN 201821595471 U CN201821595471 U CN 201821595471U CN 208656807 U CN208656807 U CN 208656807U
- Authority
- CN
- China
- Prior art keywords
- network
- access
- branch
- headquarters
- access point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000001133 acceleration Effects 0.000 claims abstract description 34
- 230000004044 response Effects 0.000 claims description 20
- 238000000034 method Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model discloses a kind of systems for branch access general headquarters, comprising: sequentially connected branch Intranet system accelerates network system and main office network system;The branch Intranet system includes egress router;The acceleration network system includes multiple network access points;The network access point includes the network access point for access, the network access point for routing, the network access point for Hui Yuan;The main office network system includes customer terminal equipment.The utility model can make simultaneously branch intranet security quickly access main office network, and lower deployment cost is greatly lowered than special line, and operation complexity is also greatly lowered.
Description
Technical Field
The utility model relates to the field of internet technology, especially, relate to a system of branch shop visit headquarters.
Background
Retail establishments typically have a large number of chain stores, which refers to numerous small, distributed branch stores that operate like goods and services. Under the leadership of the headquarter, common business policy and consistent marketing action are adopted, the organic combination of centralized purchasing and decentralized selling is realized, and the combination of scale economic benefit is realized through standardized operation. Such businesses include branded apparel businesses, agencies, logistics businesses, etc., again hereinafter exemplified by retail stores.
The store has two modes of direct operation and franchise, the scale is not too large, the number of staff in the store is not more than 20, even only 1, the network environment is managed and operated by a headquarter IT department, and core services such as a trading system and a warehousing management system required by store operation are deployed in a headquarter or a central machine room. The store has a need to access a headquarters, but the headquarters typically does not need to access services or systems within the store.
Because the retail enterprises are very frequently expanded and changed in the internet cloud era, the addresses of the stores are frequently changed, the network capabilities of the store owners and the staff are relatively weak, and the network deployment capability is basically unavailable, the network operation deployment brings great workload. In addition, general stores are distributed in various regions throughout the country, cities of different scales and the like, and the existing access mode influences the network quality of a branch store access headquarters, real-time store transaction and normal business of the stores.
There are generally two types of network schemes that retail enterprises currently branch on:
when a special line of an operator, such as an MPLS special line, is purchased, a headquarters and each branch shop are interconnected through a special line intranet, and the problems of service safety and unsmooth network in remote areas can be effectively solved. However, the price is high, the deployment and operation are very complex, each branch network segment needs to be managed and allocated, the conflict is prevented, the implementation period is long, and the implementation period is recorded in months. And the retail business requires frequent changes of stores, such as rapid expansion and market preemption.
The operator broadband is directly used, and each branch store dials into the headquarters by using the SSL VPN to access the intranet service of the headquarters. The scheme can effectively solve the problem of rapid deployment, facilitates service expansion, and ensures the safety of service data. But the service experience is unstable, the networks of stores in various places throughout the country are different, the computer using environment of each store manager is different, and a large number of daily operation problems need to be maintained and processed.
Because the transaction, the warehouse and the like belong to the core data of the enterprise, in order to prevent the safety problem and the leakage risk, the enterprise usually can not directly make the store directly access the core service of the data center through the public network. It is therefore necessary to use an access method capable of preventing data leakage.
In conclusion, in the internet cloud era, retail enterprises face the problems that a large number of branches are complex to manage and maintain, the service availability of branch stores is not guaranteed well, and the security of enterprise core data needs to be guaranteed.
SUMMERY OF THE UTILITY MODEL
In order to solve the technical problem, the utility model provides a system of branch shop visit headquarters.
The utility model provides a system for be used for branch shop to visit headquarters, include: the system comprises a branch shop intranet system, an acceleration network system and a headquarter network system which are connected in sequence;
the branch-shop intranet system comprises an exit router;
the acceleration network system includes a plurality of network access points; the network access points comprise a network access point for accessing, a network access point for routing and a network access point for returning to a source;
the headquarters network system includes client terminal equipment.
The system for visiting headquarters in the branch shop also has the following characteristics:
the egress router is connected with the network access point for access.
The system for visiting headquarters in the branch shop also has the following characteristics:
the client terminal equipment is connected with the network access point for returning to the source.
The system for visiting headquarters in the branch shop also has the following characteristics:
the acceleration network system is an SD-WAN network system.
The system for visiting headquarters in the branch shop also has the following characteristics:
the exit router comprises a first receiving module, a judging module and a first sending module;
the first receiving module is used for receiving an access request initiated by a client;
the judging module is used for judging whether the access request is an access request for accessing a headquarters;
a first sending module, configured to send the access request to an acceleration network when the access request is an access request for accessing a headquarters.
The system for visiting headquarters in the branch shop also has the following characteristics:
the client terminal equipment comprises a second receiving module, a source station determining module, an obtaining module and a second sending module;
the second receiving module is configured to receive the access request for accessing the headquarters, which is forwarded by the acceleration network;
the source station determining module is used for determining a source station of the access request;
the acquisition module is used for carrying out source returning processing to acquire response data;
and the second sending module is used for sending the response data to the acceleration network.
The utility model provides a system for be used for branch shop to visit headquarters, include: the system comprises a branch shop intranet system, an acceleration network system and a headquarter network system which are connected in sequence;
the branch-shop intranet system comprises an exit router;
the acceleration network system includes a plurality of network access points; the network access points comprise a network access point for accessing, a network access point for routing and a network access point for returning to a source;
the headquarter network system comprises client terminal equipment and a site server which are connected in sequence.
The system for visiting headquarters in the branch shop also has the following characteristics:
the egress router is connected with the network access point for access.
The system for visiting headquarters in the branch shop also has the following characteristics:
the client terminal equipment is connected with the network access point for returning to the source.
The system for visiting headquarters in the branch shop also has the following characteristics:
the acceleration network system is an SD-WAN network system.
The utility model discloses can make the safe quick access headquarters network of branch shop intranet simultaneously to the deployment cost reduces by a wide margin than the special line, and the operation complexity also reduces by a wide margin.
Drawings
The accompanying drawings, which form a part hereof, are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention without undue limitation. In the drawings:
FIG. 1 is a schematic structural diagram of a system for branch-shop visit headquarters according to an embodiment;
FIG. 2 is a schematic diagram of an embodiment of an egress router;
fig. 3 is a schematic structural diagram of a client terminal device in the embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. Based on the embodiments in the present invention, all other embodiments obtained by a person skilled in the art without creative work belong to the protection scope of the present invention. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
As shown in fig. 1, the system for branch-store access to the headquarters includes a branch-store intranet system, an acceleration network system, and a headquarters network system, which are connected in sequence.
The branch-shop intranet system includes an egress router.
The acceleration network system is an SD-WAN network system. The SD-WAN network system comprises a plurality of network access points; the network access points comprise a network access point for accessing, a network access point for routing and a network access point for returning to a source;
the headquarters network system includes client terminal equipment.
In another implementation, the headquarters network system includes a client terminal device and a site server connected in sequence.
The SD-WAN network system comprises a plurality of network access points, namely Point-of-Presence (PoP), and the SD-WAN network is a private network which is formed by mass resources and extends all over the world, is accessed through the POP and selects an optimal source returning path through internal dynamic routing. In a typical application scenario, an access PoP point with a nearest address (e.g., same city) in an intranet of a branch store can be found through the SD-WAN, and a return PoP point with a nearest address (e.g., same city) to a source station can be found, so that extranet data required by a user can be acquired very quickly.
Wherein the egress router is connected with a network access point for access. The client terminal device is connected to a network access point for back-to-source. The headquarters network system also includes site servers, to which the client terminal devices are connected.
As shown in fig. 2, the egress router includes a first receiving module, a determining module, and a first sending module;
the first receiving module is used for receiving an access request initiated by a client;
the judging module is used for judging whether the access request is an access request for accessing the headquarters;
the first sending module is used for sending the access request to the acceleration network when the access request is the access request for accessing the headquarters.
As shown in fig. 3, the client terminal device includes a second receiving module, a source station determining module, an obtaining module, and a second sending module;
the second receiving module is used for receiving an access request which is forwarded by the acceleration network and is used for accessing the headquarters;
a source station determining module, configured to determine a source station of the access request;
the acquisition module is used for carrying out source returning processing to acquire response data;
and the second sending module is used for sending the response data to the acceleration network.
Wherein,
and the first sending module is used for sending the access request to the external network when the access request is not used for accessing the headquarters.
When the headquarter access request processing is carried out when the system is used, the method comprises the following steps:
step 1, an exit router of an intranet of a branch store receives an access request initiated by a client;
step 2, judging whether the access request is an access request for accessing a headquarters;
step 3, when the access request is used for accessing the headquarters, the access request is sent to the acceleration network;
and 4, the accelerating network sends the access request to the client terminal equipment of the headquarter intranet, the client terminal equipment determines a site server of the access request, the site server carries out source returning processing to obtain response data, the response data are sent to the accelerating network, and the accelerating network sends the response data to the branch intranet.
Wherein,
the step 2 further comprises the following steps: when the access request is not an access request for accessing the headquarters, the access request is transmitted to the external network. Specifically, the access request is sent to the external Network by way of Network Address Translation (NAT).
The exit router in the method can provide dial-up networking function, can be a common intelligent router, and loads the access program capable of executing the steps 1, 2 and 3; or it may be a router already loaded with an access procedure that can perform steps 1, 2 and 3. The client terminal device may be a normal host or a virtual machine on which a software program for executing step 4 is loaded, or may be a device that has been loaded with a software program for executing step 4.
The access request includes information such as request content, site server, port information, and the like.
The step 3 of sending the access request to the acceleration network includes: and determining a network access point closest to the home location of the branch intranet in the acceleration network, and sending the access request to the network access point closest to the home location of the branch intranet in the acceleration network.
In order to make the access process more secure and prevent data leakage, encryption and decryption processing needs to be performed on the access request. Specifically, when the access request is encrypted by using the preset encryption rule, the exit router encrypts the access request by using the preset encryption rule and then sends the encrypted access request to the acceleration network.
When the access request is decrypted by using the preset encryption rule, the client terminal equipment of the headquarters intranet decrypts the received access request by using the preset encryption rule.
After the client terminal device of the headquarter intranet determines the site server of the access request in step 4, the source returning processing is performed to obtain the response data, and the method comprises the following steps: the client terminal device of the headquarters intranet transmits an access request to the specified site server, and receives response data from this site server.
The step 4 of sending the response data to the branch intranet by the acceleration network comprises the following steps: the client terminal equipment of the headquarter intranet determines a network access point which is closest to the home location of the headquarter intranet in the acceleration network, transmits the response data to the network access point which is closest to the home location of the headquarter intranet in the acceleration network, and transmits the response data to the branch intranet through the acceleration network.
In order to make the access process safer and prevent data leakage, encryption and decryption processing needs to be carried out on response data. Specifically, when the response data is encrypted, the client terminal device in the headquarters intranet encrypts the response data using a preset encryption rule and transmits the encrypted response data to the network access point closest to the home location of the headquarters intranet. When the response data is decrypted by using the preset encryption rule, the outlet router of the branch shop intranet receives the encrypted response data from the acceleration network and then decrypts by using the preset encryption rule.
The system can enable the branch store intranet to safely and quickly access the headquarters network, the deployment cost is greatly reduced compared with a special line, and the operation complexity is also greatly reduced.
The above-described embodiments can be implemented individually or in various combinations, and such variations are within the scope of the present invention.
It is to be noted that, in this document, the terms "comprises", "comprising" or any other variation thereof are intended to cover a non-exclusive inclusion, so that an article or apparatus including a series of elements includes not only those elements but also other elements not explicitly listed or inherent to such article or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of additional like elements in the article or device comprising the element.
The above embodiments are merely for illustrating the technical solutions of the present invention and are not to be construed as limiting, and the present invention is described in detail with reference to the preferred embodiments. It should be understood by those skilled in the art that various modifications and equivalent substitutions may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention, and all the modifications and equivalents should be covered by the scope of the claims of the present invention.
Claims (10)
1. A system for branch access headquarters, comprising: the system comprises a branch shop intranet system, an acceleration network system and a headquarter network system which are connected in sequence;
the branch-shop intranet system comprises an exit router;
the acceleration network system includes a plurality of network access points; the network access points comprise a network access point for accessing, a network access point for routing and a network access point for returning to a source;
the headquarters network system includes client terminal equipment.
2. The system for branch access headquarters according to claim 1,
the egress router is connected with the network access point for access.
3. The system for branch access headquarters according to claim 1,
the client terminal equipment is connected with the network access point for returning to the source.
4. The system for branch access headquarters according to claim 1,
the acceleration network system is an SD-WAN network system.
5. The system for branch access headquarters according to claim 1,
the exit router comprises a first receiving module, a judging module and a first sending module;
the first receiving module is used for receiving an access request initiated by a client;
the judging module is used for judging whether the access request is an access request for accessing a headquarters;
a first sending module, configured to send the access request to an acceleration network when the access request is an access request for accessing a headquarters.
6. The system for branch access headquarters according to claim 1,
the client terminal equipment comprises a second receiving module, a source station determining module, an obtaining module and a second sending module;
the second receiving module is configured to receive the access request for accessing the headquarters, which is forwarded by the acceleration network;
the source station determining module is used for determining a source station of the access request;
the acquisition module is used for carrying out source returning processing to acquire response data;
and the second sending module is used for sending the response data to the acceleration network.
7. A system for branch access headquarters, comprising: the system comprises a branch shop intranet system, an acceleration network system and a headquarter network system which are connected in sequence;
the branch-shop intranet system comprises an exit router;
the acceleration network system includes a plurality of network access points; the network access points comprise a network access point for accessing, a network access point for routing and a network access point for returning to a source;
the headquarter network system comprises client terminal equipment and a site server which are connected in sequence.
8. The system for branch access headquarters according to claim 7,
the egress router is connected with the network access point for access.
9. The system for branch access headquarters according to claim 7,
the client terminal equipment is connected with the network access point for returning to the source.
10. The system for branch access headquarters according to claim 7,
the acceleration network system is an SD-WAN network system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201821595471.1U CN208656807U (en) | 2018-09-28 | 2018-09-28 | A kind of system for branch access general headquarters |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201821595471.1U CN208656807U (en) | 2018-09-28 | 2018-09-28 | A kind of system for branch access general headquarters |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN208656807U true CN208656807U (en) | 2019-03-26 |
Family
ID=65774682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201821595471.1U Active CN208656807U (en) | 2018-09-28 | 2018-09-28 | A kind of system for branch access general headquarters |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN208656807U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020063829A1 (en) * | 2018-09-28 | 2020-04-02 | 贵州白山云科技股份有限公司 | Enterpise egress access request processing method, apparatus, system, device and medium |
| WO2020063830A1 (en) * | 2018-09-28 | 2020-04-02 | 贵州白山云科技股份有限公司 | Mobile office realization method, apparatus, device, and medium |
-
2018
- 2018-09-28 CN CN201821595471.1U patent/CN208656807U/en active Active
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020063829A1 (en) * | 2018-09-28 | 2020-04-02 | 贵州白山云科技股份有限公司 | Enterpise egress access request processing method, apparatus, system, device and medium |
| WO2020063830A1 (en) * | 2018-09-28 | 2020-04-02 | 贵州白山云科技股份有限公司 | Mobile office realization method, apparatus, device, and medium |
| US11838216B2 (en) | 2018-09-28 | 2023-12-05 | Guizhou Baishancloud Technology Co., Ltd. | Enterprise egress access request processing method, apparatus, system, device and medium |
| US11937169B2 (en) | 2018-09-28 | 2024-03-19 | Guizhou Baishancloud Technology Co., Ltd. | Mobile office realization method, apparatus, device, and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110535831B (en) | Kubernetes and network domain-based cluster security management method and device and storage medium | |
| US11368376B2 (en) | Provisioning dedicated network resources with API services | |
| CN110971626B (en) | Enterprise branch office access request processing method, device and system | |
| CN208656813U (en) | A kind of enterprise branch office's access request processing system | |
| JP5998248B2 (en) | How to provide local secure network access to remote services | |
| US11799960B2 (en) | Distributed network security system providing isolation of customer data | |
| US20180019969A1 (en) | Network Containers | |
| CN107005582A (en) | Public point is accessed using the voucher being stored in different directories | |
| CN111861140A (en) | Service processing method, device, storage medium and electronic device | |
| CN104283744A (en) | Systems and methods for secured global LAN | |
| US20100242101A1 (en) | Method and system for securely managing access and encryption credentials in a shared virtualization environment | |
| US20110162074A1 (en) | Apparatus and method for remote processing while securing classified data | |
| CN105939267B (en) | Outband management method and device | |
| CN208656807U (en) | A kind of system for branch access general headquarters | |
| CN108093015A (en) | Document transmission system | |
| CN112819675A (en) | Banking affair flow control method and device | |
| CN109474713A (en) | Message forwarding method and device | |
| US11102231B2 (en) | Distributed scanning | |
| CN113067824A (en) | Data scheduling method, system, virtual host and computer readable storage medium | |
| CN113206866A (en) | Service providing method, device and storage medium in multi-region scene | |
| CN110611591B (en) | Network topology establishing method and device | |
| CN110971715A (en) | Headquarter access request method, device and system | |
| CN107517162B (en) | CDN cache server determination method and device | |
| CN106559271B (en) | A kind of resource access method and system | |
| Singh et al. | Cloud computing security issues, challenges and solutions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |