CN106878302A - A kind of cloud platform system and method to set up - Google Patents

A kind of cloud platform system and method to set up Download PDF

Info

Publication number
CN106878302A
CN106878302A CN201710078467.1A CN201710078467A CN106878302A CN 106878302 A CN106878302 A CN 106878302A CN 201710078467 A CN201710078467 A CN 201710078467A CN 106878302 A CN106878302 A CN 106878302A
Authority
CN
China
Prior art keywords
cloud
main frame
user
secure group
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710078467.1A
Other languages
Chinese (zh)
Other versions
CN106878302B (en
Inventor
张傲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WUHAN FIBERHOME INTEGRATION TECHNOLOGIES Co.,Ltd.
Original Assignee
Wuhan Beacon Information Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Beacon Information Service Co Ltd filed Critical Wuhan Beacon Information Service Co Ltd
Priority to CN201710078467.1A priority Critical patent/CN106878302B/en
Publication of CN106878302A publication Critical patent/CN106878302A/en
Application granted granted Critical
Publication of CN106878302B publication Critical patent/CN106878302B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of cloud platform system and method to set up, are related to field of cloud calculation, including cloud hard disc module, routing module, FWSM and secure group module;Before user creates cloud main frame, image starting cloud hard disc module first as the system disk of cloud main frame, and sets routing module with required network connection;User sets required safety regulation, and a kind of occupation mode of cloud main frame of every kind of safety regulation correspondence in secure group module in advance;Before the cloud main frame of user accesses outer net or exchanged visits with the cloud main frame of other users, firewall rule needed for being created in FWSM, firewall policy is created again, according to the two establishment fire wall, and by the fire wall added to route.The present invention improves the security that user uses, the extraneous virus harassing and wrecking of protection, it is to avoid information leakage.

Description

A kind of cloud platform system and method to set up
Technical field
The present invention relates to field of cloud calculation, in particular to a kind of cloud platform system and method to set up.
Background technology
Cloud computing is a kind of calculation based on internet, in this way, shared software and hardware resources and information Can externally be provided by network.
And cloud platform is pith in field of cloud calculation, it is allowed to which user uses the service of " cloud " inner offer.Because cloud is flat Platform will provide service, the key issue that business datum safety and network service protection are built as cloud platform to multiple users.By More in the user of existing cloud platform, not enough, user faces information and lets out while using cloud platform for the security protection of cloud platform The hidden danger of dew, while can also face the harassing and wrecking of extraneous virus, security is relatively low in user's use.
The content of the invention
For defect present in prior art, it is an object of the invention to provide a kind of cloud platform system and setting side Method, improves the security that user uses, the extraneous virus harassing and wrecking of protection, it is to avoid information leakage.
To achieve the above objectives, the present invention takes a kind of cloud platform system, it is characterised in that including:
Cloud hard disc module, for storing cloud resource;
Routing module, for connecting user's private network and public network;
FWSM, for providing security protection to the cloud resource stored in cloud hard disc module;
Secure group module, secure group rule is set for user, and the difference of different secure group rule correspondence cloud main frames makes Use mode.
On the basis of above-mentioned technical proposal, the secure group rule of the secure group module includes ICMP agreements, for using Ping leads between the cloud main frame of family.
On the basis of above-mentioned technical proposal, the secure group rule of the secure group module includes Transmission Control Protocol, remote for family Journey accesses the cloud main frame of oneself,
On the basis of above-mentioned technical proposal, the FWSM is created according to firewall rule and firewall policy, Firewall policy includes firewall rule.
On the basis of above-mentioned technical proposal, the cloud hard disc module carry in the cloud main frame of user, and to be hung cloud master The system disk of machine.
The present invention also provides a kind of method to set up of cloud platform system, including:Before user creates cloud main frame, mirror image first Start cloud hard disc module, as the system disk of cloud main frame, and routing module is set with required network connection;User is in advance in safety Group module sets required safety regulation, and a kind of occupation mode of cloud main frame of every kind of safety regulation correspondence;The cloud main frame of user is visited Before asking outer net or being exchanged visits with the cloud main frame of other users, required firewall rule is created in FWSM, creates anti-again Wall with flues strategy, according to the two establishment fire wall, and is added to route by the fire wall.
On the basis of above-mentioned technical proposal, by fire wall added to after routeing, firewall state is normal to user, is not added It is exception to add to the firewall state of route.
On the basis of above-mentioned technical proposal, when fire wall uses firewall policy or firewall rule, fire prevention is first deleted Wall, then delete firewall policy or firewall rule.
On the basis of above-mentioned technical proposal, the safety regulation includes the entrance and required export deal of cloud main frame.
On the basis of above-mentioned technical proposal, if needing ping to lead between user's cloud main frame, by secure group inside modules Addition ICMP agreements are carried out;If user remotely accesses the cloud main frame of oneself, add Transmission Control Protocol by secure group inside modules and enter OK.
The beneficial effects of the present invention are:
By setting firewall rule and strategy, and then fire wall is created, be that cloud main frame accesses outer net or user exchanges visits and carries For safety guarantee, the security that user uses is improved, it is to avoid user profile is revealed, also virus and wooden horse are isolated to external world Protection.In addition, the firewall state only added to route is normal, and the nothing in firewall policy or firewall rule use Method is deleted, user using during cloud platform, will not because of delete by mistake or maloperation and lose protection, more improve peace All risk insurance hinders.
User can set secure group rule by secure group module, set cloud main frame entrance and required export deal, Used according to different cloud main frames, select corresponding export deal, it is ensured that the security that cloud main frame is used.
Brief description of the drawings
Fig. 1 is embodiment of the present invention cloud platform system setting procedure figure.
Specific embodiment
The present invention is described in further detail below in conjunction with drawings and Examples.
Cloud platform system of the present invention, including cloud hard disc module, routing module, FWSM and secure group module.
The cloud hard disc module is used to store cloud resource, and cloud hard disc module is set in the form of logical storage volumes, and it is one Kind can resilient expansion dummy block storage device.User can be operated online, and occupation mode is complete with traditional server hard disk It is complete consistent.Meanwhile, cloud hard disc module has a data reliability higher, I/O handling capacities higher and simpler easy-to-use etc. Feature.The cloud hard disc module carry in cloud main frame, as the system disk of hung cloud main frame, if cloud hard disk hangs module is loaded in cloud master It is that can not carry out dilatation, it is necessary to first be unloaded from cloud main frame, then carry out dilatation during machine.
The routing module is used to connect user's private network and public network, and user can apply for wound by tenant keeper Router is built, needs router to be connected with private network after establishment, if user needs to access outer net, it is necessary to router connects with public network Connect.
The FWSM, for providing security protection to the cloud resource stored in cloud hard disc module;FWSM Created according to firewall rule and firewall policy, firewall policy includes firewall rule, the cloud main frame in order to user is needed Access outer net or exchanged visits with the cloud main frame of other users.
The secure group module, secure group rule is set for user, and different secure group rule correspondence cloud main frames are not Same occupation mode.The secure group of the secure group module is regular including ICMP agreements and Transmission Control Protocol etc., if being needed between user's cloud main frame Want ping logical, it is necessary to add the ICMP agreements of secure group rule;If user needs to remotely access (ssh) cloud main frame of oneself, need Add the Transmission Control Protocol of secure group rule.Under default situations, any secure group rule has all only opened outlet, and user needs root According to the export deal for needing oneself addition entrance or needs.
As shown in figure 1, being a kind of method to set up flow of cloud platform system of inventive embodiments, specifically include:
S1. before user creates cloud main frame, image starting cloud hard disc module first as the system disk of cloud main frame, and sets Routing module is put with required network connection.Preferably, user initiates tenant keeper to apply that tenant keeper has permission newly-built Privately owned newly-built private network, addition subnet, establishment router, it is necessary to router is linked with private network after establishment;If user needs Outer net is accessed, it is necessary to router is linked with public network.
S2. user sets required safety regulation, and a kind of cloud main frame of every kind of safety regulation correspondence in secure group module in advance Occupation mode, safety regulation is including ICMP agreements and Transmission Control Protocol etc..Preferably, if needing ping to lead between user's cloud main frame, Adding ICMP agreements by secure group inside modules is carried out;If user remotely accesses the cloud main frame of oneself, by secure group module Inside addition Transmission Control Protocol is carried out.
S3. before the cloud main frame of user accesses outer net or exchanged visits with the cloud main frame of other users, created in FWSM Build required firewall rule, create firewall policy again, according to the two establishment fire wall, and the fire wall is added to route. By fire wall added to after routeing, firewall state is normal to user, and the firewall state added to route is not abnormal.Fire prevention Wall strategy or firewall rule cannot be deleted during fire wall use, it is necessary to first deleted fire wall, then deleted fire wall plan Omit or firewall rule.
The present invention is not limited to the above-described embodiments, for those skilled in the art, is not departing from On the premise of the principle of the invention, some improvements and modifications can also be made, these improvements and modifications are also considered as protection of the invention Within the scope of.The content not being described in detail in this specification belongs to prior art known to professional and technical personnel in the field.

Claims (10)

1. a kind of cloud platform system, it is characterised in that including:
Cloud hard disc module, for storing cloud resource;
Routing module, for connecting user's private network and public network;
FWSM, for providing security protection to the cloud resource stored in cloud hard disc module;
Secure group module, secure group rule is set for user, and different secure group rule correspondence cloud main frame different users Formula.
2. cloud platform system as claimed in claim 1, it is characterised in that:The secure group rule of the secure group module includes ICMP agreements, it is logical for ping between user's cloud main frame.
3. cloud platform system as claimed in claim 1, it is characterised in that:The secure group rule of the secure group module includes Transmission Control Protocol, the cloud main frame of oneself is remotely accessed for family.
4. cloud platform system as claimed in claim 1, it is characterised in that:The FWSM is according to firewall rule and prevents Wall with flues strategy creates fire wall, and firewall policy includes firewall rule.
5. cloud platform system as claimed in claim 1, it is characterised in that:The cloud hard disc module carry is in the cloud master of user Machine, and by extension cloud main frame system disk.
6. a kind of method to set up based on cloud platform system described in claim 1, it is characterised in that including:
Before user creates cloud main frame, image starting cloud hard disc module first as the system disk of cloud main frame, and sets route mould Block and required network connection;
User sets required safety regulation, and a kind of user of cloud main frame of every kind of safety regulation correspondence in secure group module in advance Formula;
It is anti-needed for being created in FWSM before the cloud main frame of user accesses outer net or exchanged visits with the cloud main frame of other users Wall with flues is regular, create firewall policy again, according to the two establishment fire wall, and the fire wall is added into route.
7. the method to set up of cloud platform system as claimed in claim 6, it is characterised in that:Fire wall is added to route by user Afterwards, firewall state is normal, and the firewall state added to route is not abnormal.
8. the method to set up of cloud platform system as claimed in claim 6, it is characterised in that:Fire wall uses firewall policy or anti- During wall with flues rule, fire wall is first deleted, then delete firewall policy or firewall rule.
9. the method to set up of cloud platform system as claimed in claim 6, it is characterised in that:The safety regulation includes cloud main frame Entrance and required export deal.
10. the method to set up of cloud platform system as claimed in claim 9, it is characterised in that:If being needed between user's cloud main frame Ping leads to, and adding ICMP agreements by secure group inside modules is carried out;If user remotely accesses the cloud main frame of oneself, by safety Group inside modules addition Transmission Control Protocol is carried out.
CN201710078467.1A 2017-02-14 2017-02-14 Cloud platform system and setting method Active CN106878302B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710078467.1A CN106878302B (en) 2017-02-14 2017-02-14 Cloud platform system and setting method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710078467.1A CN106878302B (en) 2017-02-14 2017-02-14 Cloud platform system and setting method

Publications (2)

Publication Number Publication Date
CN106878302A true CN106878302A (en) 2017-06-20
CN106878302B CN106878302B (en) 2020-07-28

Family

ID=59167538

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710078467.1A Active CN106878302B (en) 2017-02-14 2017-02-14 Cloud platform system and setting method

Country Status (1)

Country Link
CN (1) CN106878302B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110913024A (en) * 2019-12-30 2020-03-24 中国联合网络通信集团有限公司 Cloud platform information synchronization method, system, control device and storage medium
CN113596048A (en) * 2021-08-04 2021-11-02 荆亮 Method and device for maintaining network by firewall
US11936622B1 (en) * 2023-09-18 2024-03-19 Wiz, Inc. Techniques for cybersecurity risk-based firewall configuration

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140245423A1 (en) * 2013-02-26 2014-08-28 Zentera Systems, Inc. Peripheral Firewall System for Application Protection in Cloud Computing Environments
CN104902025A (en) * 2015-05-29 2015-09-09 四川长虹电器股份有限公司 Cloud platform system based on intelligent household equipment and intelligent household equipment control system
CN105100109A (en) * 2015-08-19 2015-11-25 华为技术有限公司 Method and device for deploying security access control policy
CN105227686A (en) * 2014-06-20 2016-01-06 中国电信股份有限公司 The Dynamic Configuration of cloud host domain name and system
CN105656916A (en) * 2016-01-29 2016-06-08 浪潮(北京)电子信息产业有限公司 Cloud data center service subnet security management method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140245423A1 (en) * 2013-02-26 2014-08-28 Zentera Systems, Inc. Peripheral Firewall System for Application Protection in Cloud Computing Environments
CN105227686A (en) * 2014-06-20 2016-01-06 中国电信股份有限公司 The Dynamic Configuration of cloud host domain name and system
CN104902025A (en) * 2015-05-29 2015-09-09 四川长虹电器股份有限公司 Cloud platform system based on intelligent household equipment and intelligent household equipment control system
CN105100109A (en) * 2015-08-19 2015-11-25 华为技术有限公司 Method and device for deploying security access control policy
CN105656916A (en) * 2016-01-29 2016-06-08 浪潮(北京)电子信息产业有限公司 Cloud data center service subnet security management method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
玄佳兴: "IaaS云平台运营管理子系统的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110913024A (en) * 2019-12-30 2020-03-24 中国联合网络通信集团有限公司 Cloud platform information synchronization method, system, control device and storage medium
CN110913024B (en) * 2019-12-30 2022-02-01 中国联合网络通信集团有限公司 Cloud platform information synchronization method, system, control device and storage medium
CN113596048A (en) * 2021-08-04 2021-11-02 荆亮 Method and device for maintaining network by firewall
CN113596048B (en) * 2021-08-04 2023-05-26 荆亮 Firewall maintenance network method and device
US11936622B1 (en) * 2023-09-18 2024-03-19 Wiz, Inc. Techniques for cybersecurity risk-based firewall configuration

Also Published As

Publication number Publication date
CN106878302B (en) 2020-07-28

Similar Documents

Publication Publication Date Title
CN104718526B (en) Safety moving frame
CN105991734B (en) A kind of cloud platform management method and system
CN103946834B (en) virtual network interface objects
US8356105B2 (en) Enterprise device policy management
JP2019515608A (en) Access control
CN104935572B (en) Multi-layer right management method and device
US9983813B2 (en) Maintenance of a fabric priority during synchronous copy operations
ES2687351T3 (en) Network flow control device and security strategy configuration method and device
BR112015023300B1 (en) Computer- and system-implemented method of providing devices as a service
CN103718164A (en) Virtual computer and service
CN105684391A (en) Automated generation of label-based access control rules
CN106878302A (en) A kind of cloud platform system and method to set up
KR20160122992A (en) Integrative Network Management Method and Apparatus for Supplying Connection between Networks Based on Policy
CN105847300B (en) The method for visualizing and device of enterprise network boundary device topology
US20140208406A1 (en) Two-factor authentication
CN106992984A (en) A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net
CN105354482B (en) A kind of single-point logging method and device
CN104811473B (en) A kind of method, system and management system for creating virtual non-volatile storage medium
CN105915387A (en) External network bandwidth speed limiting method, device and system of cloud host in IaaS cloud platform
CN114338153B (en) IPSec negotiation method and device
CN106453425A (en) Multiuser right management method and multiuser right management system for using host plugin
CN109711206A (en) A kind of safe hard disk of multi-user and its control method
CN108712369A (en) A kind of more attribute constraint access control decision system and method for industrial control network
US20150372854A1 (en) Communication control device, communication control program, and communication control method
US9614910B2 (en) Maintenance of a fabric priority among operations in related fibre channel exchanges

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200724

Address after: 430000, No. 88, postal academy road, Hongshan District, Hubei, Wuhan

Patentee after: WUHAN FIBERHOME INTEGRATION TECHNOLOGIES Co.,Ltd.

Address before: 430074 Wuhan, Hongshan Province District Road, Department of mail, No. 88 hospital

Patentee before: FIBERHOME INFORMATION SERVICES Co.,Ltd.

TR01 Transfer of patent right