WO2015188579A1 - Appareil et procédé de pare-feu virtuel réparti, et contrôleur de pare-feu - Google Patents

Appareil et procédé de pare-feu virtuel réparti, et contrôleur de pare-feu Download PDF

Info

Publication number
WO2015188579A1
WO2015188579A1 PCT/CN2014/090473 CN2014090473W WO2015188579A1 WO 2015188579 A1 WO2015188579 A1 WO 2015188579A1 CN 2014090473 W CN2014090473 W CN 2014090473W WO 2015188579 A1 WO2015188579 A1 WO 2015188579A1
Authority
WO
WIPO (PCT)
Prior art keywords
firewall
module
policy information
information
controller
Prior art date
Application number
PCT/CN2014/090473
Other languages
English (en)
Chinese (zh)
Inventor
耿兴元
王良家
丁杰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015188579A1 publication Critical patent/WO2015188579A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to the field of computer network technologies, and in particular, to a distributed virtual firewall device, method, and firewall controller.
  • the east-west network traffic control of the virtual network can be divided into a virtual switch-based configuration access control list (ACL) control policy and running virtual firewall software in the virtual machine.
  • ACL configuration access control list
  • the technical problem to be solved by the embodiments of the present invention is to provide a distributed virtual firewall device, a method, and a firewall controller, which are used to solve the problem that the configurable policies in the related technologies are not rich and inflexible, and the control policies cannot identify the service layer data. problem.
  • an embodiment of the present invention provides a firewall controller, which is configured as a cloud computing management node, and includes an information collecting module and an information sending module, where
  • the information collection module is configured to collect configuration information and firewall policy information
  • the information sending module is configured to send the configuration information and the firewall policy information to the firewall module.
  • the information collection module is further configured to receive firewall policy information set by the user;
  • the information sending module is further configured to send the firewall policy information that meets a preset condition to the firewall module.
  • the information sending module is configured to send the firewall policy information that meets a preset condition to the firewall module in the following manner:
  • the information sending module is configured to compare the firewall policy information with a preset implementation standard in the following manner:
  • the firewall policy information is compared with the preset implementation criteria by means of a recursive tree Trie.
  • the information sending module is configured to send configuration information and firewall policy information to the firewall module in the following manner:
  • the configuration information and the firewall policy information are sent to the firewall module by executing a command line interface through a Rest API interface or an agent.
  • an embodiment of the present invention provides a distributed virtual firewall device, including: a firewall controller and a firewall module;
  • the firewall controller is deployed on the cloud computing management node, and is configured to send configuration information and firewall policy information to the firewall module.
  • the firewall module is deployed on the host node, and is configured to filter or forward network traffic in the virtual switch vSwitch according to the received configuration information and the firewall policy information.
  • the firewall controller is further configured to receive the firewall policy information set by the user, and send the firewall policy information that meets the preset condition to the firewall module.
  • the firewall controller is configured to send the firewall policy information that meets a preset condition to the firewall module in the following manner:
  • the firewall policy information is sent to the firewall module.
  • the firewall controller is configured to compare the firewall policy information with a preset implementation standard in the following manner:
  • the firewall policy information is compared with the preset implementation criteria by means of a recursive tree Trie.
  • the firewall controller is configured to send configuration information and firewall policy information to the firewall module in the following manner:
  • the configuration information and the firewall policy information are sent to the firewall module by executing a command line interface through a Rest API interface or an agent;
  • the firewall module is configured to filter or forward network traffic in the virtual switch vSwitch in the following manner:
  • the network traffic in the vSwitch is captured by a hook function hook.
  • an embodiment of the present invention provides a firewall control method, including:
  • the method further includes:
  • the sending the firewall policy information that meets the preset condition to the firewall module includes:
  • comparing the firewall policy information with a preset implementation standard including:
  • the firewall policy information is compared with the preset implementation criteria by means of a recursive tree Trie.
  • the sending the configuration information and the firewall policy information to the firewall module including:
  • the configuration information and the firewall policy information are sent to the firewall module by executing a command line interface through a Rest API interface or an agent.
  • the embodiment of the present invention further provides a distributed virtual firewall method, including:
  • the firewall controller sends configuration information and firewall policy information to the firewall module.
  • the firewall module detects and filters the network traffic in the virtual switch vSwitch according to the received configuration information and the firewall policy information.
  • the method further includes:
  • the firewall controller receives the firewall policy information set by the user, and sends firewall policy information that meets the preset condition to the firewall module.
  • the firewall controller sends the firewall policy information that meets the preset condition to the firewall module, including:
  • the firewall controller compares the firewall policy information with a preset implementation standard, and sends the firewall policy information to the firewall module when the firewall policy information meets the implementation criteria.
  • the firewall controller compares the firewall policy information with a preset implementation standard, including:
  • the firewall controller compares the firewall policy information with the preset implementation criteria by means of a recursive tree Trie.
  • the firewall controller sends configuration information and firewall policy information to the firewall module, including:
  • the firewall controller executes the command line interface through the Rest API interface or the agent, and the matching The information and the firewall policy information are sent to the firewall module;
  • the firewall module detects and filters the network traffic in the virtual switch vSwitch, including:
  • the firewall module captures network traffic in the vSwitch through a hook function hook.
  • the embodiment of the present invention has at least the following advantages:
  • the distributed virtual firewall device, the method, and the firewall controller provided by the embodiment of the present invention can quickly detect and filter the network traffic on the virtual switch vSwtich according to the received configuration information and the firewall policy, and avoid the networking.
  • the performance bottleneck in the performance bottle has a rich and flexible configuration strategy.
  • FIG. 1 is a schematic diagram of a distributed virtual firewall device according to a first embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a firewall controller in a second embodiment of the present invention.
  • FIG. 3 is a flowchart of a method for distributed virtual firewall in a third embodiment of the present invention.
  • FIG. 4 is a flowchart of a firewall control method according to a fourth embodiment of the present invention.
  • FIG. 5 is a schematic diagram of application of a system deployment architecture in a fifth embodiment of the present invention.
  • the present invention provides a distributed virtual firewall device, method, and firewall controller, which are described below with reference to the accompanying drawings and embodiments. The invention is further described in detail. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
  • a first embodiment of the present invention is a distributed virtual firewall device.
  • FIG. 1 is a schematic diagram of a distributed virtual firewall device according to a first embodiment of the present invention.
  • the distributed virtual firewall device provided by the embodiment of the present invention includes: a firewall module 10 and a firewall controller 20.
  • the distributed virtual firewall device provided by the embodiment of the present invention is applied to a cloud computing environment.
  • a firewall module 10 is deployed on each host;
  • a firewall controller 20 is deployed on the control node of the host cluster to perform unified management and policy configuration on all firewall modules in the entire cluster environment. among them:
  • the firewall module 10 is configured to receive configuration information and firewall policy information sent by the firewall controller 20, and detect and filter network traffic in the virtual switch vSwitch running in the kernel of the host virtualization layer according to the configuration information and the firewall policy information.
  • the firewall module 10 provided by the embodiment of the present invention is disposed in a virtual machine monitor hypervisor virtualization core layer of the host.
  • the firewall module 10 is configured to embed a hook function hook at the data receiving unified entrance of the virtual switch vSwitch, and the firewall module 10 is configured to capture all virtual network traffic of the virtual switch vSwitch running on the host virtualization layer kernel through the hook function, and the network is The traffic is subjected to unified detection and filtering of 2-7 layers, which realizes flexible control of east-west traffic in the cloud computing network.
  • the hook function is used to capture all the virtual network traffic of the virtual switch vSwitch running on the core of the host virtualization layer, the network traffic that needs to be forwarded by the vSwitch is still fetched and sent to the vSwtich for normal forwarding.
  • the firewall module 10 provided in the embodiment of the present invention is not only configured to support processing of a network protocol header, but also configured to support processing according to a keyword configured by a user to process network traffic content and process the same. And the results are recorded.
  • the firewall controller 20 is deployed on the cloud management node, and is configured to send configuration information and firewall policy information to the firewall module 10.
  • the firewall controller 20 is configured to send the configuration information and the firewall policy to the firewall module 10 by using the expression state transfer Rest API interface or the command execution interface through the agent.
  • the firewall controller 20 is further configured to receive the firewall policy information of the user or the cloud computing management node, and send the firewall policy information that meets the preset condition to the firewall module 10, that is, the firewall controller 20 is configured to set the firewall policy information with The preset implementation criteria are compared. When the firewall policy information meets the implementation criteria, the firewall controller 20 sends the firewall policy information to the firewall module 10.
  • the firewall controller 20 is configured to compare the firewall policy information with the preset implementation standard by using a recursive tree Trie, and check the consistency of the user configuration firewall policy request information, and the firewall controller 20 is configured to perform After pre-analysing and deriving the enforceability results, the firewall policy information is sent to the fire protection associated with the policy.
  • the wall module 10 instead of sending all user-configured firewall policy information to all firewall modules 10, ensures the correctness and enforceability of the firewall policy information sent to the firewall module 10 so that the firewall module 10 can follow The received firewall policy information effectively detects and filters network traffic.
  • the firewall controller 20 is configured to send feedback information to the user, and the user may modify the firewall policy request information according to the feedback information to satisfy The implementation standard preset by the firewall controller.
  • the firewall controller 20 and the firewall module 10 can be completely decoupled in function and deployment, so that the firewall controller 20 and the firewall module 10 can operate independently. And the heartbeat between the firewall module 10 and the firewall controller 20 can also be configured.
  • the firewall module 10 is configured to establish a connection between the firewall module 10 and the firewall controller 20 when the firewall controller 20 is detected to be working or working normally, and the firewall module 10 receives The configuration information and firewall policy sent from the firewall controller 20 are used to detect network traffic.
  • the firewall module 10 is configured to detect and filter network traffic according to its own configuration information or a firewall policy configured by the user, when the firewall controller 20 is not detected or the firewall controller 20 is not working properly.
  • the firewall controller 20 provided by the embodiment of the present invention supports dual-master backup mode operation, and achieves high availability of the system.
  • a second embodiment of the present invention is a schematic structural diagram of a firewall controller.
  • the firewall controller includes an information collecting module and an information sending module, where
  • the information collection module is configured to collect configuration information and firewall policy information
  • the information sending module is configured to send configuration information and firewall policy information to the firewall module
  • the information sending module is configured to execute the command line interface by using a Rest API interface or an agent, and send the configuration information and the firewall policy information to the firewall module.
  • the information collection module is further configured to receive firewall policy information set by the user;
  • the information sending module is further configured to send the firewall policy information that meets a preset condition Send to the firewall module.
  • the information sending module is configured to send the firewall policy information that meets the preset condition to the firewall module, and the method includes: setting the firewall policy information to be compared with a preset implementation standard, Sending the firewall policy information to the firewall module when the firewall policy information meets the implementation criteria;
  • the information sending module is configured to compare the firewall policy information with a preset implementation standard, including: setting the firewall policy information to the preset by using a recursive tree Trie The implementation criteria are compared.
  • a third embodiment of the present invention is a distributed virtual firewall method in cloud computing.
  • FIG. 3 is a flowchart of a method for distributed virtual firewall in cloud computing according to a third embodiment of the present invention.
  • step 301 the firewall controller sends the configuration information and the firewall policy to the firewall module.
  • the distributed virtual firewall in the cloud computing is used in a cloud computing environment.
  • a firewall module is deployed on each host.
  • a firewall controller is deployed on the control node of the host cluster to implement unified management and policy configuration for all firewall modules in the entire cluster environment.
  • the firewall controller preferably delivers the configuration information and the firewall policy of the firewall module through the expression state transfer Rest API interface or the execution of the command interface through the agent.
  • the firewall controller further receives the firewall policy information of the user or the cloud computing management node, and sends the firewall policy information that meets the preset condition to the firewall module.
  • the firewall controller compares the firewall policy information with the preset implementation criteria. When the firewall policy information meets the implementation criteria, the firewall controller sends the firewall policy information to the firewall module.
  • the firewall controller preferably compares the firewall policy information with the preset implementation standard by using a recursive tree Trie, and checks the consistency of the user configuration firewall policy request information, and the firewall controller performs pre-analysis and obtains After the implementation result, the firewall policy information is sent to the firewall module related to the policy, instead of sending all the configured firewall policy information to all firewall modules, thus ensuring the firewall policy sent to the firewall module.
  • the correctness of the information and It can be implemented so that the firewall module can effectively detect and filter network traffic according to the received firewall policy information.
  • the firewall controller sends a feedback message to the user, and the user can modify the firewall policy request information according to the feedback information to meet the firewall controller pre-configuration. Established implementation standards.
  • Step 302 The firewall module detects and filters the network traffic in the virtual switch vSwitch according to the received configuration information and the firewall policy.
  • the firewall module provided by the embodiment of the present invention is based on a host virtual machine monitor hypervisor virtualization core layer.
  • the firewall module implants a hook function hook at the data receiving unified entrance of the virtual switch vSwitch.
  • the firewall module captures all virtual network traffic of the virtual switch vSwitch running on the host virtualization layer kernel through the hook function, and performs 2-7 on the network traffic. Uniform detection and filtering of layers to achieve flexible control of east-west traffic in cloud computing networks.
  • the hook function is used to capture all the virtual network traffic of the virtual switch vSwitch running on the core of the host virtualization layer, the network traffic that needs to be forwarded by the vSwitch is still fetched and sent to the vSwtich for normal forwarding.
  • the firewall module provided by the embodiment of the present invention not only supports the processing of the network protocol header, but also processes the keyword according to the user configuration to process the network traffic content and record the processing result.
  • the firewall controller and the firewall module can be completely decoupled in function and deployment, so that the firewall controller and the firewall module can operate independently. And the heartbeat between the firewall module and the firewall controller can be configured.
  • the firewall module detects that the firewall controller exists or works normally, the firewall module establishes a connection with the firewall controller, and the firewall module receives the configuration information sent by the firewall controller and The firewall policy detects network traffic.
  • the firewall module does not detect the firewall controller or detects that the firewall controller is not working properly, the firewall module can detect and filter the network traffic according to its own configuration information or the firewall policy configured by the user.
  • the firewall controller provided by the embodiment of the invention supports dual-master backup mode operation, and achieves high availability of the system.
  • a fourth embodiment of the present invention is a flow chart of a firewall control method.
  • FIG. 4 is a flow chart of a firewall control method in a fourth embodiment of the present invention.
  • Step 401 collects configuration information and firewall policy information.
  • Step 402 sends the configuration information and firewall policy information to the firewall module.
  • the step 402 sends the configuration information and the firewall policy information to the firewall module by executing a command line interface by using a Rest API interface or an agent.
  • the step 401 further receives the firewall policy information set by the user, and sends the firewall policy information that meets the preset condition to the firewall module.
  • the sending the firewall policy information that meets the preset condition to the firewall module includes:
  • comparing the firewall policy information with a preset implementation standard including:
  • the firewall policy information is compared with the preset implementation criteria by means of a recursive tree Trie.
  • the fifth embodiment of the present invention is applied in a system deployment architecture and a specific implementation.
  • FIG. 5 is a schematic diagram of application of a system deployment architecture in a fifth embodiment of the present invention.
  • the upper layer represents a cloud computing management node, and the firewall controller is deployed on the cloud computing management node.
  • the active/standby mode is adopted, that is, the firewall controller host Control1 and the firewall controller standby device Control2 are used, so that in the case of a problem with the firewall host, the firewall standby machine can be operated to ensure the entire system. The normal operation.
  • the lower layer in FIG. 5 is a host node, and a firewall module is deployed on the host node, wherein the firewall module is connected to the corresponding virtual switch vSwitch.
  • Three hosts are preferably given in the figure.
  • the node may have multiple host nodes in other embodiments, and the number of host nodes of the present invention is not limited thereto.
  • the firewall module FW1 performs network traffic monitoring and filtering on the virtual switch vSwitch1 according to the configuration information and firewall policy issued by the firewall controller Control1, and the firewall module FW1 can also be configured according to the firewall policy configured by the user.
  • the request information performs network traffic detection and filtering on the virtual switch vSwitch1.
  • the firewall policy information configured by the user must be sent to the firewall module FW1 through the pre-analysis of the firewall controller. If the firewall policy information configured by the user does not pass the firewall controller preset implementation. Standard, then the firewall controller will send feedback information to the user, the user can modify the firewall policy request information according to the feedback information, in order to meet the implementation standards preset by the firewall controller.
  • the network traffic detection filtering control process for the virtual switch vSwitch of the firewall module on other host nodes is not enumerated here.
  • the distributed virtual firewall device, the method and the firewall controller provided by the invention can quickly detect and filter the network traffic on the virtual switch vSwtich according to the received configuration information and the firewall policy, and avoid the performance bottleneck in the networking. It has the characteristics of rich and flexible configuration strategy.
  • all or part of the steps of the foregoing embodiments may also be implemented by using an integrated circuit, and the steps may be separately fabricated into integrated circuit modules, or multiple modules thereof or The steps are made into a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
  • each device/function module/functional unit in the above embodiment When each device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium.
  • the above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the distributed virtual firewall device, the method, and the firewall controller provided by the foregoing technical solution can quickly detect and filter the network traffic on the virtual switch vSwtich through the firewall module according to the received configuration information and the firewall policy, and avoid the networking.
  • the performance bottleneck is characterized by rich and flexible configuration strategies.

Abstract

Appareil et procédé de pare-feu virtuel réparti, et contrôleur de pare-feu. L'appareil comporte un contrôleur de pare-feu et un module de pare-feu. Le contrôleur de pare-feu est déployé sur un nœud de gestion informatique en nuage et est configuré pour transmettre des informations de configuration et des informations de politique de pare-feu au module de pare-feu. Le module de pare-feu est déployé sur un nœud hôte, et est configuré pour détecter et filtrer un flux de réseau dans un commutateur virtuel vSwitch d'après les informations reçues de configuration et les informations reçues de politique de pare-feu. Dans le schéma technique, le module de pare-feu peut rapidement détecter et filtrer le flux de réseau dans le commutateur virtuel vSwitch d'après les informations reçues de configuration et la politique reçue de pare-feu, un goulet d'étranglement des performances de mise en réseau est évité, et la présente invention présente des caractéristiques de richesse et de souplesse dans les politiques de configuration, etc.
PCT/CN2014/090473 2014-06-09 2014-11-06 Appareil et procédé de pare-feu virtuel réparti, et contrôleur de pare-feu WO2015188579A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410252561.0A CN105141571A (zh) 2014-06-09 2014-06-09 分布式虚拟防火墙装置及方法
CN201410252561.0 2014-06-09

Publications (1)

Publication Number Publication Date
WO2015188579A1 true WO2015188579A1 (fr) 2015-12-17

Family

ID=54726780

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/090473 WO2015188579A1 (fr) 2014-06-09 2014-11-06 Appareil et procédé de pare-feu virtuel réparti, et contrôleur de pare-feu

Country Status (2)

Country Link
CN (1) CN105141571A (fr)
WO (1) WO2015188579A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113765912A (zh) * 2021-09-02 2021-12-07 迈迪信息技术有限公司 一种分布式防火墙装置及其检测方法

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105429811B (zh) * 2016-01-11 2018-11-13 刘昱 网络管理系统及方法
CN106131020B (zh) * 2016-07-17 2020-05-01 合肥赑歌数据科技有限公司 一种防火墙虚拟化的模块以及管理方法
CN107872443A (zh) * 2016-09-28 2018-04-03 深圳市深信服电子科技有限公司 虚拟网络安全防护系统、流量牵引方法及装置
CN106453333B (zh) * 2016-10-19 2019-08-30 深信服科技股份有限公司 虚拟化平台的防火墙规则创建方法及装置
CN107566359A (zh) * 2017-08-25 2018-01-09 郑州云海信息技术有限公司 一种智能防火墙系统及防护方法
CN108156153B (zh) * 2017-12-22 2021-07-30 国家电网公司 一种基于分布式安全域的微分段防护方法
CN108156079B (zh) * 2017-12-29 2021-08-13 深信服科技股份有限公司 一种基于云服务平台的数据包转发系统及方法
CN107979614A (zh) * 2017-12-30 2018-05-01 杭州华为数字技术有限公司 数据包检测方法及装置
CN108108210A (zh) * 2018-01-11 2018-06-01 上海有云信息技术有限公司 安全产品的管理方法、装置、服务器及存储介质
CN109150860A (zh) * 2018-08-02 2019-01-04 郑州云海信息技术有限公司 一种在OpenStack环境下实现网络微隔离的方法与系统
CN109450871B (zh) * 2018-10-22 2021-02-23 龙岩学院 一种分布式虚拟防火墙装置及其系统部署方法
CN111224922A (zh) * 2018-11-26 2020-06-02 顺丰科技有限公司 分布式安全组模块访问控制方法、系统
CN110505246B (zh) * 2019-09-25 2021-10-08 腾讯科技(深圳)有限公司 客户端网络通讯检测方法、装置及存储介质
CN112532638A (zh) * 2020-12-03 2021-03-19 四川师范大学 一种分布式内容过滤防火墙
CN113098851B (zh) * 2021-03-25 2023-01-31 广州虎牙科技有限公司 虚拟防火墙的实现方法、装置、系统、设备和介质
CN115664870B (zh) * 2022-12-28 2023-04-07 北京志翔科技股份有限公司 跨分布式节点的桌面访问方法、装置、系统以及电子设备
CN117596139A (zh) * 2024-01-18 2024-02-23 银联数据服务有限公司 一种防火墙的配置命令生成方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977187A (zh) * 2010-10-20 2011-02-16 中兴通讯股份有限公司 防火墙策略分发方法、客户端、接入服务器及系统
CN102055735A (zh) * 2009-11-04 2011-05-11 中国移动通信集团山东有限公司 防火墙访问控制策略的配置方法及装置
CN103763310A (zh) * 2013-12-31 2014-04-30 曙光云计算技术有限公司 基于虚拟网络的防火墙服务系统及方法
US20140137258A1 (en) * 2010-11-22 2014-05-15 International Business Machines Corporation Image vulnerability repair in a networked computing environment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7966654B2 (en) * 2005-11-22 2011-06-21 Fortinet, Inc. Computerized system and method for policy-based content filtering
CN103023707B (zh) * 2012-12-28 2016-03-09 华为技术有限公司 一种策略配置的方法、管理服务器以及网络系统
CN103825876A (zh) * 2013-11-07 2014-05-28 北京安码科技有限公司 一种复杂网络环境下的防火墙策略审计系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102055735A (zh) * 2009-11-04 2011-05-11 中国移动通信集团山东有限公司 防火墙访问控制策略的配置方法及装置
CN101977187A (zh) * 2010-10-20 2011-02-16 中兴通讯股份有限公司 防火墙策略分发方法、客户端、接入服务器及系统
US20140137258A1 (en) * 2010-11-22 2014-05-15 International Business Machines Corporation Image vulnerability repair in a networked computing environment
CN103763310A (zh) * 2013-12-31 2014-04-30 曙光云计算技术有限公司 基于虚拟网络的防火墙服务系统及方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113765912A (zh) * 2021-09-02 2021-12-07 迈迪信息技术有限公司 一种分布式防火墙装置及其检测方法

Also Published As

Publication number Publication date
CN105141571A (zh) 2015-12-09

Similar Documents

Publication Publication Date Title
WO2015188579A1 (fr) Appareil et procédé de pare-feu virtuel réparti, et contrôleur de pare-feu
US20150312802A1 (en) Method and system for sideband communication architecture for supporting manageability over wireless lan (wlan)
CN111131379B (zh) 一种分布式流量采集系统和边缘计算方法
US10681046B1 (en) Unauthorized device detection in a heterogeneous network
EP2731010A1 (fr) Procédé, dispositif et système pour transférer des informations de configuration pendant la migration en temps réel de machine virtuelle
US11706080B2 (en) Providing dynamic serviceability for software-defined data centers
JP5678723B2 (ja) スイッチ、情報処理装置および情報処理システム
CN108989352B (zh) 防火墙实现方法、装置、计算机设备及存储介质
WO2016131172A1 (fr) Procédé et dispositif pour mettre à jour un descripteur de service de réseau
CN105024855A (zh) 分布式集群管理系统和方法
US10158705B2 (en) Migration of hosts
CN103763121A (zh) 一种网络配置信息快速下发的方法及装置
US20190319923A1 (en) Network data control method, system and security protection device
TW201312346A (zh) 虛擬機器監控方法、系統及儲存其之電腦可讀取紀錄媒體
WO2017107827A1 (fr) Procédé et appareil pour isoler un environnement
WO2016107424A1 (fr) Procédé, appareil et système de détection d'état de liaison
US9754032B2 (en) Distributed multi-system management
US20140006573A1 (en) Storage system management device and method of managing storage system
WO2014056345A1 (fr) Appareil et procédé de gestion permettant de surveiller une tâche
CN107797859A (zh) 一种定时任务的调度方法及一种调度服务器
JP6489239B2 (ja) 通信装置、システム、方法、及びプログラム
US10721135B1 (en) Edge computing system for monitoring and maintaining data center operations
US20220239551A1 (en) Diagnosing intermediary network nodes
US8918670B2 (en) Active link verification for failover operations in a storage network
CN105871849A (zh) 一种防火墙系统架构

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14894431

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14894431

Country of ref document: EP

Kind code of ref document: A1