CN2645134Y - Line concentration network safety isolation switching device - Google Patents
Line concentration network safety isolation switching device Download PDFInfo
- Publication number
- CN2645134Y CN2645134Y CN 03273489 CN03273489U CN2645134Y CN 2645134 Y CN2645134 Y CN 2645134Y CN 03273489 CN03273489 CN 03273489 CN 03273489 U CN03273489 U CN 03273489U CN 2645134 Y CN2645134 Y CN 2645134Y
- Authority
- CN
- China
- Prior art keywords
- interface
- network
- switch
- switching device
- output
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The utility model discloses a centralizing line network safety isolator which enables physical isolation between internal local network and external internet and to switch user computer to local network or external internet under the control from users, and remote distance switching to a plurality of computers respectively in central processing mode, and also partition isolation and switching for the hard disk of the computer while in network switching. The utility model comprises a box casing, a set of RJ 45 net wire input interface, a set of RJ 45 internal network output interface and external network output interface and a matching control software. The box casing is also provided with a set of switch switching circuit, two embedding-type CUP system modules and a switching controller. The utility model has the advantages of no isolation card and double hard disks adding into computer of user and no double net wire wiring.
Description
Technical field
The utility model relates to the network security device of isolating and can switch at a distance mutually between a kind of network, specifically a kind of line concentration type network security isolation switching device.
Background technology
Along with the increasingly extensive application in internet, the problem of internet security has caused important departments such as people's great attention, particularly government bodies, army, finance, business finance, and it is particularly important that internet security seems.Although this class securing software of fire wall miscellaneous is arranged; can play certain network protection effect; but it all adopts the logic isolation technology; in case the hacker breaks through fire wall; can enter the LAN (Local Area Network) of protected by firewall; steal or destroy this and net inner significant data and resource, cause capsule information to lose or system crash, bring immeasurable consequence.How could guarantee the safety of network? at present, best also is that the most effective way is exactly that LAN (Local Area Network) and internet are separated, carry out physical isolation, allowing does not have physical path between internet and the LAN (Local Area Network), make the hacker can't enter this LAN (Local Area Network) from the internet at all, thereby guarantee the safety of network effectively.Finish such task and just need Network Isolation technology and network handoff technique, so-called Network Isolation technology, to guarantee the mutual physical isolation in LAN (Local Area Network) and internet exactly, and the network handoff technique will make user's computer switch easily between LAN (Local Area Network) and internet on the one hand, guarantees again that on the other hand the storage hard disk of subscriber computer does not have public storage space and is in mutual isolation when entering LAN (Local Area Network) and internet.Existing isolation technology is to install the isolation that isolation card and two hard disks are realized the switching of network and hard disk in subscriber computer additional, and isolation card is used for isolating and switches different networks, and selects different hard disks.But it is very inconvenient concerning the user to install isolation card additional, need take computing machine apart, and along with the use of notebook computer is also more and more universal, it is subjected to the restriction of volume, can't install isolation card and two hard disk additional, therefore, the limitation of this Network Isolation technical scheme also just comes out, and uses also just to be restricted.Adding this isolation card network handoff functionality generally finishes on card, therefore, it need adopt the line of two netting twine cloth bundle of lines LAN (Local Area Network) and internet all to be incorporated on the card, this just need transform original network layout, so not only increased user's cost, some building is fitted up, and rewiring will be a very thing of trouble.
Summary of the invention
The purpose of this utility model, providing a kind of can concentrating at a distance isolates and device for switching many computing machines, it need not install isolation card additional in computing machine, do not need two netting twines yet, it all is integrated in the switching of network and isolation in the isolation hub, and the user just can make computing machine switch easily between LAN (Local Area Network) and internet under the control of software, its only needs a netting twine, and hard disk just can reach the purpose of the isolation in the switching of network and hard-disc storage space.
The line concentration type network security isolation switching device that the utility model provides comprises a cabinet housing and one group of RJ45 input interface, one group of RJ45 Intranet output interface and one group of RJ45 outer net output interface.Also have one group of ON-OFF control circuit of being made up of triode and relay in the cabinet, the computing machine that inserts RJ45 network input interface on the cabinet in order to control is to be connected to corresponding RJ45 Intranet output interface, or the outer net output interface.Also have two embedded type CPU system modules and a switch controller circuit in the cabinet housing, every embedded type CPU system module has a RJ45 network interface to link to each other with a RJ45 network interface socket, another inserts the HUB or the switch of internet one of them access to LAN, respectively in order to carry out data communication with computing machine by isolator access to LAN internet.Switch controller is made up of a single-chip microcomputer and some buffers, it receives the instruction of an I/O output of two flush bonding modules by serial port, and according to control signal of instruction generation, give switch switching circuit, the control corresponding relays is carried out switch and is switched, and finishes the purpose of subscriber computer incision LAN (Local Area Network) or internet.
The Control Software of switching with the supporting network that is installed on user side in addition of line concentration type network security isolation switching device and single hard disk carried out two subregion isolation software that subregion safety is isolated.Network switching controls software will cooperate the switching of finishing network according to user's the steering order and the line concentration type network security isolator of far-end.Means such as two subregion safety isolation software employing encryptions are isolated two subregions on the single hard disk, make two subregions can only time-sharing operation, when activating and guiding a subregion, just shield another subregion, the subregion that activates can not conduct interviews to another subregion, all isolates mutually to guarantee network and hard-disc storage resource.
Description of drawings
Fig. 1 is an embedded type CPU system module theory of constitution block diagram;
Fig. 2 is the utility model line concentration type network security isolation switching device theory diagram;
Fig. 3 is the control switching circuit schematic diagram;
Fig. 4 is a switch switching circuit;
Fig. 5 is the concrete enforcement schematic diagram of using of the utility model
Embodiment
The utility model is described in further detail below in conjunction with accompanying drawing.
Referring to Fig. 1, a little process chip of embedded type CPU central authorities is arranged in the embedded type CPU modular system, be the heart of module, be used for operation and handling procedure.System storage is the RAM storer, is used to provide program run needed basic storage, and BIOS and operating system storer and file system memory are generally the Flash flash memory, are used for deposit operation system, user program and system file etc.CPU in the system module runs application by operating system, and communicates by Ethernet interface and the external network of RJ45 (10Base-T), also by RS232C Asynchronous communications port and parallel I/O port and outside parts swap data.Logic control element is used to coordinate the work between each parts.
Referring to Fig. 2, for the purpose of saying something conveniently, be that example is illustrated only among Fig. 2 with a computing machine in the LAN (Local Area Network).Intranet among the figure and outer net are the networks independently mutually by HUB or switch networking.Two embedded type CPU system modules are arranged in line concentration type network security isolation switching device, the network port that a RJ45 is all arranged on each module, one of them module is used to control the computing machine by the work of line concentration type network security isolation switching device access to LAN by network port access to LAN; The network port of another module inserts the internet, is used to control the computing machine that inserts internet work by line concentration type Network Isolation switch.Behind the input port of user's computer labour-intensive industry L2TP, through the control of the inner on-off circuit of forming by relay, access to LAN or access internet selectively.The assumed calculation machine is in LAN (Local Area Network), if the user wants to switch to the internet, then the network switching controls software by subscriber computer sends handoff request to line concentration type network security isolation switching device, after the embedded type CPU system module is handled this request and is judged in the isolation switching device, user's request control command is given the switch controller of Fig. 3 by output line, after the single-chip microcomputer of switch controller is analyzed according to the control command of receiving, then on the corresponding data line of parallel delivery outlet of single-chip microcomputer, export a control signal, this control signal is directly delivered to the base stage of the respective channel triode of Fig. 4 switch switching circuit, change through amplifying the rear drive relay, make subscriber computer switch to the internet from LAN (Local Area Network).On the other hand, after finishing the network switching, the user's computer hard disk also will be changed accordingly, withdraws from the LAN (Local Area Network) subregion, restarts guiding and enters the internet subregion.Equally, want to switch to LAN (Local Area Network) if be in the computing machine of internet, then send the request that will switch to LAN (Local Area Network) by computing machine, after embedded type CPU system mould responds this request in the isolation switching device, send control command to switch controller, change by switch controller pilot relay switch, make computing machine switch to LAN (Local Area Network) from the internet.The user's computer hard disk also is transformed into the LAN (Local Area Network) subregion from the internet subregion.
Referring to Fig. 3, switch controller mainly is made up of a single-chip microcomputer and multichannel buffer.The data of embedded type CPU system module output are through a 74HC157 alternative data selector, deliver to the serial input terminal R * D of single-chip microcomputer, single-chip microcomputer carries out analyzing and processing to data, and according to the requirement of control command, in corresponding parallel delivery outlet P1 and P2 output control signal, this control signal goes gauge tap drives relay to switch behind the 74LS244 buffer, and relay is one group of four-way switch, and it can make two pairs of input-output lines of computing machine switch simultaneously.The quantity of the parallel delivery outlet of single-chip microcomputer is identical with the switch ways number that needs control, and each root output line is all corresponding one by one with the control input of switch.MAX1232 among the figure is a watchdog circuit, crashes when being used for preventing the single-chip microcomputer working procedure.
Referring to circuit shown in Figure 4 is the circuit theory diagrams of a data path in one group of on-off circuit, and J1 is the RJ45 socket that computing machine inserts, and J2 is an Intranet output RJ45 socket, and J3 is that outer net output RJ45 inserts, and DL is a relay, and four groups of switches are arranged.When switch-over control signal is a high level, be added to the base stage of triode Q by the CH1 input end, the triode conducting, the relay adhesive, J1 and J3 connect; When otherwise control signal was low level, J1 and J2 connected.
Referring to Fig. 5, in the concrete embodiment schematic diagram of using of the utility model, identification number is respectively described below:
IBM: computing machine;
WT: line concentration type network security isolation switching device;
HUB: hub or switch;
Outer net: internet;
Intranet: LAN (Local Area Network);
Only provided the example of four computing machine access line concentration type network security isolation switching devices in this application drawing, they insert four RJ45 fan-in network interfaces respectively, correspondingly, four netting twines of network interface output are connected to LAN (Local Area Network) HUB in the RJ45 of correspondence, also have from the RJ45 of correspondence outside network interface to export four lines to internet HUB.Can be furnished with printer and server in the LAN (Local Area Network), in the internet server and fire wall etc. can be arranged, the user controls line concentration type network security isolation switching device by software and carry out the network switching in two network.
Claims (5)
1, line concentration type network security isolation switching device is an internal-external network isolation switching device that need not isolation card, comprises one group of RJ45 input interface, two 9 pin RS232 serial port sockets and open and shut valve on cabinet housing and the front panel; A RJ45 outer net port and a RJ45 Intranet port; One group of RJ45 Intranet output interface and one group of RJ45 outer net output interface on the rear panel also have a 220V to exchange input socket.
Be characterised in that: also be provided with in the cabinet housing
One group of on-off circuit that constitutes by relay and triode, the break-make of each relay is controlled by a triode;
Two embedded type CPU system modules are connected between RJ45 network interface and the switch controller;
A switch controller, it is connected between two embedded type CPU modules and the ON-OFF control circuit, and it is according to controlling the switching that corresponding relays is carried out switch respectively from the signal instruction of two embedded type CPU system modules.
2, line concentration type network security isolation switching device according to claim 1 is characterized in that:
Each relay has four groups of switches, and in order to two pairs of signal wires of transmitting-receiving of Control Network line, every group of switch controlled wherein single line, and the RJ45 input interface is connected to Intranet output interface or the outer net output interface of the RJ45 of rear panel on the panel by four groups of switches of relay.
3, line concentration type network security isolation switching device according to claim 1 and 2 is characterized in that:
On the described every embedded type CPU system module RJ45 network interface is arranged, link to each other with RJ45 Intranet on the front panel or outer net interface socket, wherein RJ45 Intranet interface socket access to LAN HUB or switch, another RJ45 outer net interface socket inserts internet HUB or switch;
Also have on the described every embedded type CPU system module RS232 serial communication port respectively with panel in the RS232 socket of COM or outer COM link to each other.
4, line concentration type network security isolation switching device according to claim 3 is characterized in that:
Described embedded type CPU system module is made up of central processor CPU, storer, RS232 interface, Ethernet interface, parallel I/O interface, logic control element, BIOS and operating system and file system memory.Wherein central processor CPU links to each other with system storage, BIOS and operating system storer, file system memory, RS232 interface, Ethernet interface, parallel I/O interface with data line by address wire, and logic control element links to each other with above-mentioned hardware cell by control line.
5, line concentration type network security isolation switching device according to claim 1 and 2 is characterized in that:
Described switch controller is made up of a slice single-chip microcomputer and some output states;
Two paths of data output line from two embedded type CPU modules links to each other through a serial data mouth of a MUX and single-chip microcomputer, one group of output data line of single-chip microcomputer is connected to the input of one group of output state, the output of output state links to each other with one group of corresponding transistor base input end in the switch switching circuit, to realize the control to this road relay.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03273489 CN2645134Y (en) | 2003-08-13 | 2003-08-13 | Line concentration network safety isolation switching device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03273489 CN2645134Y (en) | 2003-08-13 | 2003-08-13 | Line concentration network safety isolation switching device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2645134Y true CN2645134Y (en) | 2004-09-29 |
Family
ID=34301540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03273489 Expired - Fee Related CN2645134Y (en) | 2003-08-13 | 2003-08-13 | Line concentration network safety isolation switching device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2645134Y (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694848A (en) * | 2012-05-11 | 2012-09-26 | 东莞广州中医药大学中医药数理工程研究院 | Terminal management machine for hospital patrol |
| CN102904748A (en) * | 2012-09-18 | 2013-01-30 | 四川省电力公司绵阳电业局 | Internal/external network controller |
| CN103080857A (en) * | 2010-08-24 | 2013-05-01 | 特杰什·C·马卡纳瓦拉 | Smart AC panel |
| CN103885357A (en) * | 2013-12-26 | 2014-06-25 | 浙江工商大学 | Multiprotocol oil machine communication concentrator and communication method |
-
2003
- 2003-08-13 CN CN 03273489 patent/CN2645134Y/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103080857A (en) * | 2010-08-24 | 2013-05-01 | 特杰什·C·马卡纳瓦拉 | Smart AC panel |
| CN102694848A (en) * | 2012-05-11 | 2012-09-26 | 东莞广州中医药大学中医药数理工程研究院 | Terminal management machine for hospital patrol |
| CN102694848B (en) * | 2012-05-11 | 2014-11-26 | 东莞广州中医药大学中医药数理工程研究院 | Terminal management machine for hospital patrol |
| CN102904748A (en) * | 2012-09-18 | 2013-01-30 | 四川省电力公司绵阳电业局 | Internal/external network controller |
| CN103885357A (en) * | 2013-12-26 | 2014-06-25 | 浙江工商大学 | Multiprotocol oil machine communication concentrator and communication method |
| CN103885357B (en) * | 2013-12-26 | 2016-11-23 | 浙江工商大学 | Multi-protocols oil machine communication hub and communication means |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4547880A (en) | Communication control apparatus for digital devices | |
| US7519854B2 (en) | Internal failover path for SAS disk drive enclosure | |
| KR101035832B1 (en) | Simulation circuit of pci express endpoint and downstream port for a pci express switch | |
| CN101277214B (en) | Method and system for managing blade type server | |
| CN103181133A (en) | Pcie exchange-based server system and switching method thereof and device | |
| US20120005392A1 (en) | Information processing system | |
| CN102096652A (en) | Method and apparatus to couple a module to a management controller on an interconnect | |
| CN101431432A (en) | Blade server | |
| CN1092538A (en) | A kind of casing that is used for multicomputer system | |
| CN101889263B (en) | Control path I/O virtualisation | |
| CN101739287A (en) | Device, system and method for managing virtual machines | |
| CN104615401A (en) | FPGA (field programmable gate array) based KVM (kernel-based virtual machine) implementing method | |
| US20080155124A1 (en) | Apparatus, system, and method for remote multi-user kvm switching | |
| CN105487999B (en) | The extensive usb expansion device of tandem type and working method, system | |
| CN110290227A (en) | Dynamic allocation method, system and the storage medium of IC bus address | |
| CN100372253C (en) | Switching method and device for service port in double master control system | |
| CN2645134Y (en) | Line concentration network safety isolation switching device | |
| CN1220132C (en) | Intelligent type switcher for computers | |
| CN1148215A (en) | Decentralized system and multiprocessor system | |
| Moroz | Aggregation arrangement features of network interface channels in multiprocessor computing systems | |
| CN1270252C (en) | Signal set exchange between multi-component of digital signal processor with DMA controller | |
| CN101662428A (en) | Stacked structure-based real-time security management system of 10G high-performance wideband network behavior | |
| CN206323394U (en) | Intelligent bus switching controller | |
| CN2768328Y (en) | Network safety apparatus | |
| CN1959599A (en) | Online switching interfaces of peripheral devices in multitask mode computer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |