TW201243617A - Cloud computing-based service management system - Google Patents

Abstract

The invention provides a cloud computing-based service management system, which comprises a security object entity device, a database management device and a server entity device. The security object entity device comprises security units and security object entities, wherein security management rights are set in the security units; and each security object entity belongs to corresponding security units. The database management device stores the information of the security units and the information of the security object entities. The server entity device comprises a control center and an updating server cluster, wherein the control center finds the security object entity required to be served and the corresponding security unit from the security object entity device according to the information of the security units and the information of the security object entities from the database management device, and when a manager of the service management system meets the security management rights of the corresponding security unit, calls an updating server from the updating server cluster to provide a service for the security object entity required to be served. The cloud computing-based service management system can schedule security resources in the whole network to provide network security protection for all terminals.

Description

.201243617 VI. Description of the Invention: [Technical Field] The present invention relates to electronic information security technology, and more particularly to a cloud computing-based service management system. [Prior Art] As people's informationization level continues to increase, The dependence of the Internet has deepened, and network information security has increasingly become an important issue to be considered for the healthy development of information technology. Therefore, technologies such as information security and network security have become the hotspots of current research and development. The current security technology is mainly for regional networks. The regional network is a small-scale computer network covering one or several buildings, a campus or a geographical area such as a factory. It has great limitations. Each regional network is assigned an upgraded feeder, so all customers in the local area network can only upgrade to this server. And the traditional product sales model not only has to pay for the purchase of secure software, but the end user also needs to purchase the word processor hardware again. Other IT investments other than personal computers and Internet connections cannot obtain the required software through the Internet. service. And now application performance management (AppUcatj〇n

The Performance Management system or Business Service Management system can monitor customer applications and services, but does not take into account security factors. The development of the security management platform has also undergone a process from decentralization to concentration. The traditional security management platform has placed more emphasis on the security risks of customer assets, especially implicit security risk management. A set of emergency response processes has been established through the analysis and processing of security incidents. However, there are a lot of management defects in the traditional security management, which seriously affects the application effect of the security management platform in 201243617: 1. The traditional security management information source list—the security analysis is not comprehensive; 2 _Traditional security management one-sided Emphasis on the solution of hidden security issues, lack of effectiveness. Based on this background, the communications industry has proposed a theory that can achieve a compatible network security operation and management platform with a network structure, which is also known as the female full-time official. s, as the core of the industry, the telecommunications network is developing towards multi-network convergence, terminal equipment intelligence, network structure, business orientation, etc. The faster the speed is intensified, the security threat gradually spreads from the user and the terminal side to the core of the network. It is believed that the secure network core management system is gradually facing enormous security pressure. Therefore, there is an urgent need for an information security management platform that can integrate the secure operation and management of network security resources, so that group organizations such as enterprises or telecommunications can use existing security devices to enhance network security protection and early warning capabilities based on the platform. SUMMARY OF THE INVENTION The main objective of the present invention is to provide an information security management platform capable of integrating security operations and management of network security resources, so that enterprises or groups can use existing security devices to upgrade the network based on the platform. Road safety protection and early warning capabilities. The main technical means for achieving the foregoing objective is that the foregoing service management system based on the end-end operation includes: a security object entity device, including a security unit and a security object entity, 4.201243617 security unit is provided with security management permission, wherein Each security object entity is subordinate to the corresponding security unit; the database management device stores the information of the security unit and the information of the security object entity; the server entity device includes the control center and the upgrade server cluster, and the control center is managed according to the database. The information of the security unit of the device, the information of the security object entity, the security object entity of the demand service and its subordinate security unit are found in the security object entity device, and the security management permission of the subordinate security unit is satisfied by the official of the service management system At the time of the right, the upgrade server is called from the upgrade server cluster to provide services for the security object entity of the demand service. In the technical solution, the provided service includes but is not limited to a security service, and the security object entity includes but is not limited to a terminal such as a personal computer. According to the technical solution, the security resources in the entire network can be scheduled to provide network security for all terminals. Protection. In the above technical solution, preferably, the method further includes: balancing the server, obtaining entity information of the upgrade server cluster, for determining the load condition of the upgrade server cluster; and the database management device further storing the entity information of the upgrade server cluster The control center invokes the upgraded feeding device according to the entity information of the upgrade server cluster, and the load of the upgraded word server is within a predetermined range. In the above technical solution, preferably, the balancing server also obtains the upgrade server cluster. The status information is used to judge whether the upgrade server cluster is abnormal. The f library management device also stores the status information of the upgraded word server cluster, and the control center calls the upgraded 201243617 level server according to the status information of the upgrade server cluster. 'To ensure that the upgrade server does not have an exception. In the above technical solution, preferably, the balance server also obtains dynamic configuration information of the upgraded feeder cluster, and the administrator also modifies the dynamic configuration information of any upgrade server in the upgrade server cluster through the control center. In the above technical solution, preferably, the information of the security unit includes the identification information of the security unit, and the control center searches for the dependent security unit according to the identification information of the security unit. In the above technical solution, preferably, the information of the security unit includes the resource of the server specified for the security unit, and the control center selects the designated upgrade word server according to the information of the upgraded feeder designated by the slave security unit. As an upgrade server that provides services. In the above technical solution, preferably, the information of the security object entity includes computer information of the security object entity for determining the security object entity: the status of the running service; and the control center searches for the demand service according to the computer information of the security object entity. Security object entity. In the above technical solution, 'preferably, the security object entity includes the poisoning information of the security object entity for judging the poisoning situation of the security object entity; and the control center according to the poisoning information of the security object entity, the security object of the demand service entity. In the above technical solution, preferably: the security assist server, and the poisoning information of the security object to the security object entity, the server entity device further comprises a communication channel for the entity to collect and store the device to the security object. In the solution, preferably, the control center collects information of the security object entity under each security unit through the security server. Assist 201243617 According to the technical solution of the present invention, a cloud computing-based service management system can be provided, which can integrate network security resources, so that an enterprise or a group of organizations can use the existing security devices to upgrade the network based on the platform. Road safety protection and early warning capabilities. The present invention will be further described in detail below with reference to the drawings and specific embodiments. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, the invention may be practiced otherwise than as described herein. limit. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a block diagram showing an embodiment of a cloud computing based service management system of the present invention. As shown in FIG. 1 , the present invention provides a cloud computing-based service management system 100, including: a security object entity device 1-2, including a security unit and a security object entity, where security management permissions are set on the security unit, where each The security object entity belongs to the corresponding security unit; the database management device 1G4' stores the information of the security unit, the information of the security object entity 'word server entity f 1G6' includes the control center, and the upgrade server cluster, the control center According to the information from the security unit of the database management device 1.4, the information of the female entity entity, the security object entity and its dependent security unit of the demand service are found in the security bar image entity I 1〇2, and the service is When the administrator of the management system satisfies the security management license 201243617 of the subordinate security unit, the upgrade server is called from the upgrade server cluster to provide services for the security object entity of the demand service. In the technical solution A, the services provided include, but are not limited to, security services. The security object entity includes but is not limited to a terminal such as a personal computer. According to the technical solution, the security resources in the entire network can be scheduled to provide network security for all terminals. Protection. In the above technical solution, the method further includes: balancing the server, obtaining entity information of the upgrade server cluster, and determining the load of the upgrade server cluster. The database management device ii Q4 also stores the entity of the upgrade server cluster. The information 'control center calls the upgraded feeder according to the entity information of the upgraded feeder bundle to ensure that the load of the upgrade server is within the predetermined range. In the above technical solution, the balance feeding device also obtains the status information of the upgraded word server cluster for judging whether the upgrade server cluster is abnormal or not. The database also stores the status of the upgraded feeder cluster. In the information control, the upgrade server is called according to the status information of the upgraded feeder cluster to ensure that there is no abnormality in the upgraded feeder. In the above technical solution, the balanced word server also obtains the dynamic configuration of the upgraded server cluster. Information, the administrator also modifies the dynamic configuration information of any upgrade server in the upgrade server cluster through the control center. In the above technical solution, the information of the security unit includes the identification information of the security unit, and the control center root volume ^^ g , It is very early to identify the subordinate security unit. The information about the server specified in the above technical solution, the information of the upgrade server, the server for upgrading the service. The security unit control center is based on the upgrade server specified for the priority selection of the slave security unit.

S 8 201243617 In the above technical solution, the information of the security object entity is like the computer information of the entity for judging the state of the service running on the female entity against the μ energy object, (4) the center, according to the security (four) body (four) The security object entity of the demand service. A & information includes a poisoning situation of the security object to find out the demand in the above technical solution, the poisoning information of the image entity of the security object entity is used to determine the security object; the control center according to the poisoning information of the security object entity, Security object entity. ... (4) In the middle of the tens of thousands of cases, the feeding device physical device 1〇6 full auxiliary server establishes a communication channel with the security object entity to collect the poisoning information of the security object entity, and saves to the security object entity attack/, in the above technology In the solution, the control center collects information on the security object entities under each security unit through a security assisted feeder. 2 is a schematic diagram of a cloud computing-based service management system according to an embodiment of the present invention. FIG. 2 is a schematic diagram of a cloud computing-based service management system. First, the following concepts are explained: 1. Security Unit: 最小 refers to the minimum unit of security management abstraction and conception, which can be combined into one larger security unit by one or more female singular units, which can belong to multiple security units at the same time; see security unit as a node According to such a affiliation relationship, all the lang points finally form a hierarchical relationship. The higher the number of sub-security units included in the upper node, the fewer the lower-level nodes, and the affiliation between the security units can be as shown in Fig. 3. 201243617 2. Security management permission: Refers to the definition of one or more security units to the management unit - a name /, a management unit, and the user who asks for the password is ruling: ask the password 'has The name and visit management unit = the administrator also has the ability to manage this point can be defined - a license, :::: ability, any - section And the management of the node and the administrator who belongs to it, the right to access 3, the security object entity: ; b疋 * full protection abstraction and conceptualized minimum unit protection particles, is the specific protection ^ ', the policy%, 匕There is a specific feature of a certain security body that is basic hardware, ... a wide-area instance of the service management system or a security management license installed with this = Shi, the pc computer can be right A Pc computer towers ... - X ^ 霄 now the section of the network communication. It is the actual object of security & and women (4), and exists as a single individual. The service management system 200 of this embodiment includes: Please manage the domain 2Q2: the domain is used to store all security information, security information, security information, and a certain number: two entities "and other extra ^ s ^ 疋 The number of women's full storage devices and safe storage entities ping ping;: tablets, storage software, etc., which are necessary for the storage of information materials. Continued to be cautious. Data information provides basic back-end support for security. It is based on the logical relationship between the lexical entity domain and the meta-objects, security, and the upgrade services and entity objects that the entire security platform must provide. 201243617 Server Entity Domain 204: This domain is a service provider for security and security management of all security objects and security entities. All servers in this domain are exposed to the Internet accessible by any security object entity. In the road environment, any security object entity obtains the corresponding service from the domain; security object entity domain 206: the domain is secure The basic unit of management and security protection, all the security unit 2062 and the security object entity 2064 constitute the domain. The database management domain 202 includes: a security unit management database 2022: information of the storage security unit 2062, the security unit 2062 has a affiliation, including creation and change time information, security unit 2062 has a unique identifier, and includes a name describing it: security unit 2062 is the smallest unit of security management, which manages and contains a specific security object entity 2064 for security. The unit 2062 serves as a protection unit, that is, protects all the security object entities 2064 it contains, so that the security protection is integrated and the security protection is individualized. The security unit management database 2022 stores these establishments related to the security unit 2062. Required security management and security protection information such as update time, affiliation, identification, and descriptive name. Security Server Entity Management Database 2024: Stores information about the security upgrade server cluster, where the security upgrade server clusters are hierarchical Divided into security controls The heart server 2042, the security upgrade server 2044 and the security assistant server 2046 are three levels. Among them, the control center 2042 is the top management manager of all the security upgrade server centers 2044, the security assistant server 2046, and is responsible for the security 11 201243617 The legitimacy of the full unit 2062 verifies and schedules the load balancing of the security upgrade server 2〇44 and the security assistant server 2046; the security upgrade server 2〇44 provides protection for the security ticket το 2062, but has the largest based on the specific service entity The information of the upper limit, the existing protection status and the number of protections, and the location of the service entity in space, the security server entity management database 2〇24 stores such information; the security control center server 2〇42 and the security assistant server 2046 implements control and provides ancillary service functions from the data information stored in the secure server entity management database 2〇24 and the security unit management database 2022. The service entity domain 204 includes: wherein the security control center server 2042 is only responsible for controlling the normal operation and load balancing of the cloud security service, and is responsible for verifying the protection legality of the protection unit 2062. All services are based on it. center. Among them, the security upgrade server clusters: they are mainly provided to the protection unit 2〇62 security information update service, we provide one or more upgrade servers to solve the performance limitations caused by hardware and software. Performance problems such as inefficiency of the upgrade service, wherein the security assistance server 2046: the specific object targeted by the security management is the security object entity 2〇64, the security object entity 2064 finally managed by the security administrator, and the security assistance server 2046 can The secondary security administrator management protection unit 2062 and the actual security object entity 2064' can help the security administrator to view the security status of the security unit 2062 and the security object entity 2064 that he can control and help solve the problem.

S 12 201243617 Protection against accidents. Security Assistance Server 2046: Security Object Entity 2064 is subordinate to a particular security unit 2〇62' and the security object entity 2064 cannot belong to two or more security units 2062 at the same time, it is the smallest particle of security protection' A specific security protection object, which is only visible to the security unit to which it belongs or the parent security unit of the security unit 2062; the protection and management of the security object entity 2064 is an object that the security unit 2〇62 fundamentally considers, and the security object entity 2064 The current protection status, the security level of the current protection, the security level of the current protection, and the information of the security entity 2064 itself (including the hardware type of the security object entity 2064, the system type and version of the security object entity 2064, and the security object entity 2〇64 belong to The security unit 2〇62, the spatial location of the female full object entity 2064, etc., recording this information will provide an immediate basis for the security unit 2062 and the security administrator to view and analyze the security object entity 2064. 4 is a schematic diagram of a cloud computing based service management system in accordance with one embodiment of the present invention. As shown in FIG. 4, the following describes the functional technical features of each domain module: 1. The data management domain 402 technical features are composed of two types of databases, namely, the balanced load information database 4022 and the upgrade service information database. twenty four. The balanced load information database 4022 operates on a balanced feeding device, which mainly stores secure server entity information and security unit information (a secure server entity is a server that provides upgrade functions such as specific viruses and software), and a secure server entity. Information for the balance server to provide priority to upgrade the address of the main 13 201243617 To be based on, the balance server also needs to monitor the server status and dynamic configuration resources on each upgrade address to meet the immediacy requirements of the server function response For example: 1 · The maximum number of users allowed to log in on each upgrade server and the number of users who have logged in at this moment have been stored in the secure server entity database table, and the balance server will be based on these two The information is compared one by one to select the upgrade server with the smallest number of users at the current moment for use by the security unit 4064. This will reduce the upgrade pressure of the upgrade server and add or remove the number of upgrade servers as needed; 2. We take Dynamically configured technical solution to solve all servers The configuration method of the configuration information that needs to be changed is stored in a file such as 丨N丨 by storing all dynamically configurable information (such as the communication nickname with the server, the table name accessed by the database, and the database name). The feeder will scan the file in real time and respond to these changes in real time; this way we can achieve the purpose of management through the webpage, that is, we do not need to restart the program on the specified machine to achieve the goal of reconfiguring the server information. As long as we directly operate the server information to be configured on our client, we can achieve the goal. Especially when our server is located far away from our company, such as the United States, such a server management mode will be Very efficient, the female unit information store is related to the security unit 4064, for example: 1. The basic security unit identification ID number (丨D number is the only non-repeatable identifier in the world, we use 25-bit The length of the letter to indicate it); 2. Each security unit 4064 is fixed to give an available upgrade 20124 3617 祠 Benefits 'The information about the e-sense and poisoning of all members of this security unit 4 () 64 and the network address, machine model, and version of the PC are stored on the upgrade server. And we will use the 丨D number of this security unit 4064 to name this information for a member of the account; the repository stores the PC information of all the security object entities 4062 belonging to another large class database (upgrade service information database 4024). , security entity poisoning: News and our security client software security protection for security entities: information, so that we or the security unit manager can instantly view and divide the security status of the two security object entities 4〇62, each Class information plays a role as follows: 叩Computer information mainly includes our information collection, these clients

1_ Security object entity 4062 PC security client software service state of the female full service is the main means of protecting PC computers, monitoring the status of these service actions can help administrators understand the security of each PC: hidden dangers; In particular, we must collect the NIC number of the PC, because the online number is the only one in the world. Through it, our 3 ge admins can find this customer through the software function we provide to reach the remote power furnace. To help the client solve difficult problems and provide corresponding services; we especially emphasize that the security unit 4064 that we describe means that all its members can be managed across networks and regions, that is, these Ms can be different. The network and different geographical areas, the management functions we provide for the security unit 4064 are Internet-based, decentralized management; 2. The physical poisoning information is our software client-side after the virus 15 201243617 pc computer Collected, this information includes the name of the virus file and the location on the PC and the time of poisoning, etc. Provides an analysis of the cause of the poisoning; for example, because the security protection software is not enabled, because the virus is the latest type of virus', we will be able to add the virus type to our virus database for immediate protection. Second, the server entity domain 404 technical feature word server entity domain 404 includes a security control center server 4042, a security upgrade server 4044 and a security assistant server 4046, wherein the security control center server 4042 technical features are as follows: 1 - There is only one security control center server 4042, which is the transmission center of the communication center and the communication information; 2. The security control center server 4042 is the medium for communication between the user terminal and the management control webpage and the upgrade server, and the load of the server Balance and the legitimacy of the client (that is, whether it is granted the right to use) are pre-judged by it. The trick is that the responsibility is light and fast, and it can meet the simultaneous access of a large number of clients, for example, when there is a client application. When upgrading, the Security Control Center Server 4042 is mainly responsible for legality judgment. Break and obtain the upgraded address information and send it back to the server. It does not contain complicated functions such as transferring files. It will complete the call very quickly, so that the speed-by-pass mechanism can be used for security control. The central server 4042 reserves a large amount of throughput space (the throughput refers to the number of users that can communicate with the server at the same time, and the larger the number, the greater the throughput); 3_The security control center server 4042 collects immediately The status and dynamic configuration information of each security upgrade server 4G44, such as an upgrade server 4044 due to the failure cause the upgrade server 201243617 is unavailable, the security control center server 4042 will immediately know this Information and report this communication failure to the client and administrator requesting the upgrade; if the maximum throughput of the upgrade server 4044 is changed, the security control center server 4042 will immediately know this information and balance the security upgrade in the future. The load of the server 4044 is correctly responded; 4. The security control center server 4042 is also responsible for collecting the security ticket. 4064 member information, such as the number of members, etc., the member information of these security units 4064 is distributed on the security upgrade server 4044, so the security control center server 4042 must communicate with the security upgrade server 4044 to obtain such information; statistical security The meaning of the member information of the unit 4064 is to provide relevant information of interest to the group organizations such as enterprises, for example, the enterprise needs to know exactly the number of members of the company or a certain department; the technical characteristics of the security upgrade server 4044 are as follows: 1) The security upgrade server 4044 may have one or more, which may be added and removed as needed; 2. it is directly responsible for the upgrade of the virus database and software of the security object entity 4062, and receives the security object entity 4062 for security related The information report, for example, the poisoning information of the security entity, the status information of the security protection service on the security entity, etc.; The technical features of the security assistance server 4046 are as follows: 1. The security assistance server 4046 provides auxiliary functions for the security upgrade server 4044. Service, it does not have to be secure The level server 4044 is on the same computer, and it can be located in any other computer that can communicate with the security upgrade server 4044. 2. The security assistant server 4046 acts as a security upgrade server 4044 17 201243617 and the female full control center 4042 The communication medium will hand over the control operation of the security control center 4042 to the security assistant center 4〇46 to make the security upgrade server 4044 only responsible for handling the security upgrade of the security object entity 4Q62, such as the security upgrade control center. 4〇42 When it is necessary to collect the number of members of the safety order π 4064, the safety assistance center 4〇46 will actually collect the time-consuming operation of the number of users on the security upgrade feeder 4044', thus for the safety upgrade of the health device 4 Reserve more time to deal with the large amount of data such as transferring files; 3. All security object entities 4〇62 will be established with the security assistant server 4046 - a long-term communication channel, as long as this security entity stores The channel will be - straight existence' its main role is to instantly collect security information on the security of the entity 4062, such as poisoning information; The low-pass k-channel administrator can perform remote communication with the security object entity 2 to help or notify the security object entity 4062 of the current administrator's management information; 4_Security Assistant (4) 4G46 also provides access to the intranet and external The network's IP address and communication 槔 mapping information, 丨p address and 埠 mapping in the technology refers to any - the Pc computer located in the regional network has a private IP and 埠 information allocated by the regional network, When the PC is connected to the Internet: the private 丨P and 蟑 have an Internet 丨p and 埠 corresponding to it, so that it can send communication data on the Internet to the Internet.槔 is the external network and 槔 我们 槔 槔 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 三 安全 安全This entity security object entity 4062 is a computer. It has its own hardware facilities and a secure client that loads our cloud computing.

The technical features of the S 18 201243617 domain are as follows: 1_ The security object entity 4062 can immediately respond to the collection request of the security data sent by the security upgrade server entity, for example, collecting the poisoning information of the security object entity 4062 and instant communication to determine the security entity. The existence status of the general 2; 2. The security object entity 2 always establishes a permanent communication channel with the security assistant server for the security service (4) to ensure that the security object entity 4G62 can accept the management. The remote technical help of the management object such as the member; and the overall technical features of the cloud computing security management platform based on the service management system of the present embodiment are as follows: The cloud computing security management platform is divided into two major parts: the client-side service platform of the object entity and the security unit The technical characteristics of the management platform based on the security unit are as follows: σ 1. The processing platform is in the form of a website. Provided to the administrator; 2. All administrators are given a single The login name and login password 'ensure that only the administrator who manages the license can manipulate the management platform; 3. The management platform provides a tree-level management structure to assign operational permissions to different (four) administrators; .... The official platform Provides the administrator with all the security information it manages, including basic information about the security unit, such as hardware configuration information, card information, etc. The management platform provides the administrator with a pie chart to observe the security status of all security units. Number, provide statistics on the proportion of clients who have been threatened and infected by 19 201243617, provide all virus information and all relevant information about their location; according to these information administrators will be able to prevent judgment. In summary, according to the present invention, a service computing system based on cloud computing can be realized, which has the following advantages: 1. Can be provided to any independent group organization (for example, a specific enterprise or a certain enterprise) ) The beginning of the kitchen knife and the distribution of different levels of administrator services according to the level of management permissions; 2. Can be provided to any independent group of organizations to manage all its members It is a service of a personal PC. 3. An administrator who can provide it to any group organization to organize smaller and smaller management units according to needs (for example, - an enterprise specifically divides multiple business units, Everything is for tea. 丨ί can be specifically divided into one or more specific departments, the department enters J to specifically divide the sub-sector's services; 4. Can be provided to any group of organizations Regional cross-network management services belonging to its group members; 5. An administrator who can provide it to any group organization Group members computer security information, so that the group managers can view and analyze the PC full state of the specific PC Raytheon 6 A & electric shame: PC basic information (computer name, etc.), virus upgrades, * screen Information, poisoning situation and virus type statistics, etc.; warehouse b is enough for any group of organizations to remotely control the group members PCs as needed: configure % computer security

20 S 201243617 attributes, send messages to members of the group, remote desktop control pc, remote restart and shutdown of PC; 7. Can be provided to any group member (this group must be granted by the cloud information security management service platform) Use permissions) to upgrade the virus database and upgrade the latest version of the software of the Tianxun Cloud Security Management client; 8. Provide real-time statistics on the number of members in the current organization of any group organization and instantly collect the security of any member of the group Information and services provided to administrators for viewing and analysis. The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Various changes and modifications can be made in the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention. BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a block diagram showing an embodiment of a cloud computing-based service management system of the present invention. 2 is a schematic diagram of an embodiment of a cloud computing based service management system of the present invention. 3 is a schematic diagram showing the relationship between security units of an embodiment of a cloud computing-based service management system according to the present invention; and FIG. 4 is a schematic diagram of an embodiment of a cloud computing-based service management system according to the present invention. [Main component symbol description] 21 201243617 100 cloud computing-based service management system 102 security object entity device 104 database management device 106 server entity device 200 service management system 202 data management domain 2022 security unit management database 2024 security server entity Management database 2026 security unit entity information database 204 server entity domain 2042 security control center server 2044 security upgrade server 2046 security assistance server 206 security object entity domain 2062 security unit 2064 security object entity 402 data entity domain 4022 balance load Information database 4024 upgrade service information database 404 server entity domain 4042 security control center server 4044 security upgrade server 4046 security assistant server 406 security object entity domain 4062 security object entity 4064 security unit

22 S

Claims (1)

201243617 VII. Patent application scope: 1 · A cloud computing-based service management system, comprising: a security object entity device, including a security unit and a security object entity, wherein the security unit is provided with security management permission, wherein each security The object entity is subordinate to the corresponding security unit; the database management device saves the information of the security unit, the information of the security object entity; the feeder device comprises a control center and the upgrade server cluster, the control The center finds the security object entity of the demand service and its subordinate security unit in the security object entity device according to the information from the security unit of the database management device and the information of the security object entity, and When the administrator of the service management system satisfies the security management permission of the slave security unit, the upgrade server is invoked from the upgrade server cluster to provide a service to the security object entity of the demand service. The service management system described in item 1 further includes: a feeding device, which acquires entity information of the upgraded feeder cluster for determining a load condition of the upgrade server cluster; the database management device further stores the entity information of the upgraded feeder cluster The financial controller invokes the upgrade server according to the entity information of the upgrade server cluster, and the load of the upgrade server is within a predetermined range. The balance server is configured to determine the service management system of the request item 2 (4), and obtain status information of the upgrade server cluster, and upgrade whether the word server cluster is abnormal. 23 201243617 The management device also stores status information of the upgrade server cluster, and the control center invokes the upgrade server according to the status information of the upgrade server cluster to ensure that the upgrade server does not have an abnormality. 4. The service management system according to claim 2, wherein the balance server further acquires dynamic configuration information of the upgrade server cluster, and the administrator further modifies the upgrade server cluster by the control center An update to the dynamic configuration information of the server. The service management system of claim 1, wherein the information of the security unit includes identification information of the security unit, and the control center searches for the slave security unit according to the identification information of the security unit. 6. The service management system according to claim 1, wherein the information of the security unit includes information of a server specified for the security unit, and the control center preferentially according to information of an upgrade server specified for the slave security unit. The specified upgrade server is selected as the upgrade server that provides the service. The service management system according to any one of claims 1 to 6, wherein the information of the security object entity includes computer information of the security object entity for determining a service running on the security object entity. The control center searches for the security object entity of the demand service according to the computer information of the security object entity. The service management system according to any one of claims 1 to 6, wherein the information of the security object entity includes poisoning information of the security object entity for determining a poisoning condition of the security object entity; The control center finds the security object entity server entity 9 of the demand service according to the poisoning information of the security object entity. The service management system described in claim 8 is further provided by: ° The security auxiliary word server, with the security object entity 'to receive the secret, +. — ^ ^ bite the positive k-channel full object entity device. The wave is stored in the security service. According to the service management system described in claim 9, the control center passes the security command. /卞The security object of the entity, collect each security ticket. Figure: (such as the next page) 25