CN103067380A - Deployment configuration method and system of virtual safety device - Google Patents
Deployment configuration method and system of virtual safety device Download PDFInfo
- Publication number
- CN103067380A CN103067380A CN2012105767557A CN201210576755A CN103067380A CN 103067380 A CN103067380 A CN 103067380A CN 2012105767557 A CN2012105767557 A CN 2012105767557A CN 201210576755 A CN201210576755 A CN 201210576755A CN 103067380 A CN103067380 A CN 103067380A
- Authority
- CN
- China
- Prior art keywords
- virtual
- virtual secure
- secure equipment
- configuration
- center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a deployment configuration method and a system of a virtual safety device. The deployment configuration method and the system of the virtual safety device overcome the defects that an existing virtualization technology is limited in safety support and centralized management ability of the safety device needs to be improved. A safety management configuration center of the system acquires topological information of a virtual computing environment from a virtualization management center, acquires device information of the virtual safety device which can take part in configuration from a virtual security product device library, and displays the topological information and the device information to a user. A receive user can choose the virtual safety device which needs to be configured. The user is guided to input a configuration parameter and a configuration file is generated according to the type of the virtual safety device which needs to be configured. The virtualization management center is called to configure the virtual safety device, and the virtual safety device which needs to be configured is configured according to the configuration file. The deployment configuration method and the system of the virtual safety device can be tightly combined with an existing virtual machine management platform, and automatic configuration, centralized management and convenient and fast configuration of a virtual safety product are achieved.
Description
Technical field
The present invention relates to the virtual secure technology, relate in particular to a kind of deployment configuration method and system of virtual secure equipment.
Background technology
Along with the development of information technology, the equipment such as calculating and network have become information infrastructure indispensable in our Working Life.A large amount of enterprises and institutions have set up business that data center carries out for oneself and provide to calculate and support.Simultaneously, in order to adapt to growing business demand, these data centers are also in continuous expansion.Yet ASSOCIATE STATISTICS shows that but the resource utilization of these data centers is lower.How to realize the shared and collaborative of resource, improving resource utilization is one of key problem of current industrial circle and researcher's care.
Virtualized this difficult problem of solution that appears as provides important technological means.
The Intel Virtualization Technology that turns to representative with virtual machine and network virtual carries out virtual from the angle of computational resource and Internet resources to resource respectively, support to the encapsulation of resource, cut apart, isolate and dynamic the distribution and management, be that sharing and the collaborative technical support that provides of isomery, distributed resource is provided.These superperformances of Intel Virtualization Technology just, it is just little by little adopted in a large number by numerous data centers.
Intel Virtualization Technology has brought many challenges also for system management and system safety when having brought many facilities and benefit.
At first, virtual machine is natural to possess good dynamic, and its establishment, deployment and migration are all very convenient.
Traditional physical machine is static, and residing environment facies are to fixing.It is carried out safeguard protection relatively easy, break down or the location occurs being easier to after the safety problem, isolation is got up also more convenient.Corresponding with it, the virtual machine dynamic is strong, and it can dynamic creation, destruction and move its also dynamic change along with the variation of virtual machine of residing network environment between a plurality of hosts.The dynamic of virtual machine has increased the difficulty of administration configuration, and particularly when virtual machine environment of living in changed, its security strategy and configuration all needed to do corresponding adjustment.
Secondly, Intel Virtualization Technology has great impact to network configuration.
Under the traditional calculations environment, network boundary is clear and definite, and the security domain boundary is easier to divide, and the protection point of the deployment point of safety product and reinforcing safety has definite position.And under virtual computation environmental, virtual networking has blured network boundary.For example, virtual networking can will divide the equipment that is in the different physical networks to form same virtual network, and tradition needs to change under virtual computation environmental according to the method for physical network boundary demarcation security domain.And for example, virtual switch is transferred to host inside with the message switching of script outside main frame and is carried out, and the security strategy that is deployed on the physical switches can't act on the communication between virtual machine in the same host.
Therefore, under virtual computation environmental, for the safety of protection system, need can to virtual machine particularly virtual safety means carry out Dynamical Deployment, management and configuration.Current scientific research and the product of business circles have all been done a large amount of work on this direction.
The mode that vCenter assembly among the VMWare cloud computing external member vSphere is taked to concentrate is disposed and is managed virtual machine.By the unified administration interface of vCenter, the keeper can operate the virtual machine of all vCenter administrations, and need not to log on one by one on the virtual machine that is managed, to bringing great convenience property of management.
In addition, VMWare also provides a kind of security architecture vShield of virtual data center, for the protection of vCenterServer and ESX/ESXi main frame, provides end to end cloud security.The vShield assembly comprises: vShield App, vShield Edge, vShield Endpoint and vShield Manager etc.VShield App is the virtual firewall of analyzing virtual network traffics in essence, and what it was mainly protected is the interior safety of virtual system, the application that it forms liking a plurality of virtual machine Programs.VShield Edge provides security service for the edge of virtual data center, and its main object is the ESX/ESXi main frame.VShieldEndpoint then mainly strengthens the safety of every virtual machine, and it is the anti-virus agency in each virtual machine, gives the safe VM that is provided by anti-virus manufacturer with anti-microbial function and processes.VShield Manager is the Management Unit of vShield security bundle, and it can manage and configure other security component of vShield concentratedly, thereby controls the fail safe of whole vCenter environment.
In the community that increases income, exist in the similar product of VMWare vSphere assembly function.OVirt is a virtualized project of KVM of being absorbed in the linux system, for main frame and client computer provide characteristic abundant and powerful virtual management system, but the function of secure context it relate to seldom.OpenStack is a cloud platform management project of increasing income, and by a plurality of module compositions, can support aspects such as calculating, storage administration, networks, but it supports same deficiency to the safety under the virtual computation environmental.Open vSwitch is a virtualized switch, is generally used for the virtual machine networking.For network security problem, Open vSwitch provides virtual fire compartment wall, can configure the ACL strategy packet is filtered.
The present inventor finds that current product mainly exists following problem in realizing process of the present invention.
At first, existing product is very limited and seal to virtual safe support.Most of product is absorbed in Virtual Machine Manager, lacks virtual safe support.Even product provides safe support to virtual, the safety function that also can only use this manufacturer to provide can not be easily come in the safety product of other manufacturer is integrated, and autgmentability is poor.
Secondly, in existing product and the solution, usually the concertedness between Virtual Machine Manager platform and the safety management platform is relatively poor, can not well Virtual Machine Manager and safety management well be combined, and is not easy to concentrated deployment, configuration and the management of safety means.
Summary of the invention
Technical problem to be solved by this invention is to overcome present Intel Virtualization Technology to the deficiency that support is comparatively limited and autgmentability is relatively poor and the centralized management ability of safety means has much room for improvement of safety.
In order to solve the problems of the technologies described above, the invention provides a kind of deployment configuration system of virtual secure equipment, comprise the safety management configuration center, and the virtual management center that links to each other with this safety management configuration center and virtual secure product component inventory, wherein:
Be set to the virtual secure equipment of storage virtual machine form in the virtual secure product component inventory;
The safety management configuration center, be set to obtain from this virtual management center the topology information of virtual computation environmental, obtain the facility information of the virtual secure equipment that can participate in disposing from this virtual secure product component inventory, this topology information and facility information are showed the user; Receive the user selects the needs deployment according to this topology information and facility information virtual secure equipment; The type guiding user of the virtual secure equipment of disposing according to this needs inputs deployment parameters, according to this deployment parameters generating configuration file; Call this virtual management center this virtual secure equipment that need to dispose is disposed, and the virtual secure equipment of these needs being disposed according to this configuration file is configured.
Preferably, this safety management configuration center comprises interactive interface module, user interactive module, user wizard module, security service administration agent module and administration configuration service module, wherein:
User interactive module, be set to obtain this topology information by this interactive interface module from this virtual management center, obtain this facility information from this virtual secure product component inventory, this topology information and facility information are showed the user, receive the user selects the needs deployment according to this topology information and facility information virtual secure equipment and corresponding topological structure and topology location;
The user wizard module is set to the type of the virtual secure equipment disposed according to this needs and this topological structure and topology location guiding user and inputs deployment parameters, according to this deployment parameters generating configuration file;
The administration configuration service module, the application programming interfaces that are set to call by this interactive interface module this virtual management center are disposed this virtual secure equipment that need to dispose, and the virtual secure equipment of by this security service administration agent module these needs being disposed according to this configuration file is configured;
Security service administration agent module is set to access the security service control desk that needs to dispose virtual secure equipment by the Intranet access mode.
Preferably, the security service management interface of the virtual secure equipment that this need to be disposed is configured to internal address, the security service management interface that this security service administration agent module is set to the virtual secure equipment that need to dispose with this links to each other, be connected to the security service control desk of this virtual secure equipment that need to dispose by access agency's mode, access the virtual secure equipment that this need to be disposed with the Intranet access mode, the security service of this virtual secure equipment that need to dispose is configured.
Preferably, this safety management configuration center links to each other with this virtual secure product component inventory by storage area network agreement or Internet Small Computer Systems Interface agreement.
The application also provides a kind of deployment configuration method of virtual secure equipment, and the method comprises:
The safety management configuration center obtains the topology information of virtual computation environmental from this virtual management center, obtain the facility information of the virtual secure equipment that can participate in disposing from virtual secure product component inventory, and this topology information and facility information are showed the user;
This safety management configuration center receives the user selects the needs deployment according to this topology information and facility information virtual secure equipment;
This safety management configuration center is inputted deployment parameters according to the type guiding user of the virtual secure equipment that these needs are disposed, according to this deployment parameters generating configuration file;
This safety management configuration center calls this virtual management center this virtual secure equipment that need to dispose is disposed, and the virtual secure equipment of these needs being disposed according to this configuration file is configured;
Wherein, be set to the virtual secure equipment of storage virtual machine form in this virtual secure product component inventory.
Preferably, this safety management configuration center reception user selects the virtual secure equipment of needs deployment according to this topology information and facility information, comprising: this safety management configuration center receives user selects the needs deployment according to this topology information and facility information virtual secure equipment and corresponding topological structure and topology location; This safety management configuration center is inputted deployment parameters according to the type guiding user of the virtual secure equipment that these needs are disposed, according to this deployment parameters generating configuration file, comprise: the type of the virtual secure equipment that this safety management configuration center is disposed according to this needs and this topological structure and topology location guiding user input deployment parameters, according to this deployment parameters generating configuration file.
Preferably, this safety management configuration center calls this virtual management center this virtual secure equipment that need to dispose is disposed, and comprising:
This safety management configuration center calls the application programming interfaces at this virtual management center this virtual secure equipment that need to dispose is disposed.
Preferably, the virtual secure equipment that this safety management configuration center is disposed these needs according to this configuration file is configured, and comprising:
This safety management configuration center is connected to the security service control desk of this virtual secure equipment that need to dispose by access agency's mode, the security service of this virtual secure equipment that need to dispose is configured.
Preferably, this safety management configuration center is set to access the virtual secure device security service console that this need to be disposed by the Intranet access mode, comprising:
The security service management interface of the virtual secure equipment that this need to be disposed is configured to internal address, this safety management configuration center links to each other with the security service management interface of the virtual secure equipment that this need to be disposed, access the virtual secure device security service console that this need to be disposed by the Intranet access mode, carry out the security service configuration.
Preferably, this safety management configuration center links to each other with this virtual secure product component inventory by storage area network agreement or Internet Small Computer Systems Interface agreement.
Compared with prior art, among the application's the embodiment, virtual secure equipment can carry out automatic deployment, so that virtual computation environmental can have good autgmentability, can easily third-party safety product be deployed in the existing virtual computation environmental.The application's embodiment can combine closely with existing Virtual Machine Manager platform, realizes automatic deployment, centralized management and the convenient configuration of virtual secure product.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in specification, claims and accompanying drawing.
Description of drawings
Accompanying drawing is used to provide the further understanding to technical solution of the present invention, and consists of the part of specification, is used from the application's embodiment one and explains technical scheme of the present invention, does not consist of the restriction to technical solution of the present invention.
Fig. 1 is the organigram of deployment configuration system of the virtual secure equipment of the embodiment of the present application.
Fig. 2 is the organigram of middle safety management configuration center embodiment illustrated in fig. 1.
Fig. 3 is the schematic flow sheet of deployment configuration method of the virtual secure equipment of the embodiment of the present application.
Fig. 4 is the schematic flow sheet of the security service layoutprocedure of virtual secure equipment among Fig. 3 embodiment.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, how the application technology means solve technical problem to the present invention whereby, and the implementation procedure of reaching technique effect can fully understand and implements according to this.Each feature among the embodiment of the present application and the embodiment mutually combining under the prerequisite of not conflicting mutually is all within protection scope of the present invention.
In addition, can in the computer system such as one group of computer executable instructions, carry out in the step shown in the flow chart of accompanying drawing.And, although there is shown logical order in flow process, in some cases, can carry out step shown or that describe with the order that is different from herein.
The deployment configuration method of the virtual secure equipment of the embodiment of the present application is suitable for virtualized computing environment, the constructed virtual computation environmental of VMWare vSphere for example, but be not limited to above-mentioned environment.Certainly; the present invention also can have other various embodiments; in the situation that do not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make according to the present invention various corresponding changes and distortion, but these corresponding changes and distortion all should belong to the protection range of claim of the present invention.
As shown in Figure 1, the deployment configuration system of the virtual secure equipment of the embodiment of the present application comprises safety management configuration center 120, and the virtual management center 110 that links to each other with this safety management configuration center 120 and virtual secure product component inventory 130.
Be set to the virtual secure equipment of storage virtual machine form in the virtual secure product component inventory 130.
Safety management configuration center 110 is set to obtain from this virtual management center 110 topology information of virtual computation environmental, obtain the facility information of the virtual secure equipment that can participate in disposing from this virtual secure product component inventory 130, this topology information and facility information are showed the user.Receive the user selects the needs deployment according to this topology information and facility information virtual secure equipment and corresponding topological structure and topology location.Type and this topological structure and the topology location of the virtual secure equipment of disposing according to this needs, the guiding user inputs deployment parameters, according to this deployment parameters generating configuration file.The application programming interfaces that call this virtual management center carry out the deployment of this virtual secure equipment that need to dispose, and are configured according to the virtual secure equipment of this configuration file to this needs deployment, and the interface of configuration virtual safety means security service is provided.
Among the application's the embodiment, safety management configuration center 120 is connected by its disclosed API with the centralized control module virtual management center 110 of virtualized computing environment and is mutual.Virtual management center 110 is set to mainly finish the relevant work such as administration configuration of virtual machine, and safety management configuration center 120 is set to mainly finish the relevant work of safety management configuration.Among the application's the embodiment, virtual secure equipment is stored in the virtual secure product component inventory 130 with the virtual machine form.Safety management configuration center 120, links to each other with virtual secure product component inventory 130 such as storage area network (SAN) agreement or Internet Small Computer Systems Interface (iSCSI) agreement etc. by disclosed agreement.
The application's embodiment has guaranteed the independence of virtual computation environmental.Utilize the application's embodiment in existing virtual computation environmental, to add safety function, need not existing environment is made amendment, be convenient to the expansion and upgrading of system.
As shown in Figure 2, safety management configuration center 120 mainly includes administration configuration service module 210, interactive interface module 220, user interactive module 230, user wizard module 240 and security service administration agent module 250 etc.
Administration configuration service module 210 is nucleus modules of safety management configuration center 120, mainly finish the major function of virtual secure equipment automatic deployment configuration, link to each other configuration service module 210 work of assisting management of other four modules with interactive interface module 220, user interactive module 230, user wizard module 240 and security service administration agent module 250.Its application programming interfaces that are set to call by this interactive interface module this virtual management center carry out the deployment of this virtual secure equipment that need to dispose and the configuration of virtual secure equipment, and provide the access of needs being disposed the security service control desk of virtual secure equipment by security service administration agent module 250, for the user security service of virtual secure equipment is configured.
User interactive module 230, link to each other with user wizard module 250, be set to user interactive module, be set to obtain this topology information by this interactive interface module 220 from this virtual management center 110, obtain this facility information from this virtual secure product component inventory 130, this topology information and facility information are showed the user, receive the user selects the needs deployment according to this topology information and facility information virtual secure equipment and corresponding topological structure and topology location.
User wizard module 240 is set to type and this topological structure and topology location according to the virtual secure equipment of this needs deployment, and the guiding user inputs deployment parameters, according to this deployment parameters generating configuration file.The type of the virtual secure equipment that it operates as required, carry out the deployment of this virtual secure equipment that need to dispose such as the application programming interfaces that are set to call by this interactive interface module this virtual management center, and the virtual secure equipment of by this security service administration agent module these needs being disposed according to this configuration file is configured; Virtual intruding detection system (vIDS), virtual UTM (vUTM) etc., provide different guides to the user, assisted user is finished the administration configuration of virtual secure equipment, be convenient to the user and finish input according to guide, send to administration configuration service module 210 according to user's input generating configuration file.It is the supplementary module of user management configuration virtual safety means, a kind of set-up mode of simply and intuitively management configuration parameters is provided, in case parameter acquisition is finished, generating configuration file is finished relevant management and configuration by administration configuration service module 210 automatically according to configuration file.
Security service administration agent module 250, the agency of virtual secure device security service configuration, the security service management interface of virtual secure equipment is set to internal address, from outer net can't the accesses virtual safety means security service control desk (perhaps being referred to as security service administration configuration center).The access agency who provides by security service Configuration Agent module 250 is connected to the security service control desk of virtual secure equipment, and the security service of virtual secure equipment is configured.
Among the application's the embodiment, the security service control desk of accesses virtual safety means need to be transmitted via security service administration agent module 250.Among the application's the embodiment, the security service management interface of virtual secure equipment is configured to internal address, carries out inter access by security service administration agent module 250, and can't access from the outside, has strengthened fail safe.
When disposing a large amount of virtual secure equipment in the virtual computation environmental, if the security service management interface of each virtual secure equipment configures a public network IP address, then can consume a large amount of IP addresses.The application's embodiment is by the proxy access of security service administration agent module 250, and the security service management interface of virtual secure equipment is configured to interior network interface, saved compared to existing technology a large amount of IP addresses.
As shown in Figure 3, the deployment configuration method of the virtual secure equipment of the embodiment of the present application mainly comprises following content.
Step S310, user interactive module in the safety management configuration center is obtained the topology information of virtual computation environmental from the virtual management center by the interactive interface module, obtain the facility information of the virtual secure equipment that can participate in disposing from virtual secure product component inventory, and this topology information and facility information are showed the user with open arms by user interactive module.
Step S320, the user is according to the demand for security of oneself, by virtual secure equipment and corresponding topological structure and topology location etc. that the selection of the user interactive module in the safety management configuration center need to be disposed, user interactive module receives the user according to virtual secure equipment and corresponding topological structure and the topology location of this topology information and the deployment of facility information selection needs.
Step S330, the type of the virtual secure equipment that the user wizard module in the safety management configuration center is disposed as required and this topological structure and topology location, call corresponding design wizard, the guiding user inputs deployment parameters, assisting users is finished the input of deployment parameters, and the deployment parameters according to user's input after guide is finished generates the configuration file that is used for deployment.
Step S340, administration configuration service module in the safety management configuration center calls the API at virtual management center by the interactive interface module, the virtual secure equipment that needs are disposed is disposed, and according to the configuration file that generates among the step S330, virtual secure equipment is configured.The security service management interface of virtual secure equipment is configured to internal address, and the administration configuration service provides the security service control desk of accesses virtual safety means by security service administration agent module, for the user security service of virtual unit is configured.
Among the application's the embodiment, the configuration file that obtains mainly comprises the type of virtual secure equipment, the network configuration parameters of virtual secure equipment and the information such as security service management interface of virtual secure equipment.The type of virtual secure equipment is different, and parameter required during deployment also can be different, and the deployment configuration file that therefore generates is also different.
Among the application's the embodiment, deployment parameters mainly comprises type, the topology location of deployment, the network configuration of virtual secure equipment and the security service management interface of virtual secure equipment etc. of the virtual secure equipment that needs are disposed.The user is by the selected virtual secure equipment that will dispose of user interactive module and the topology location of deployment, and the safety management configuration center selects corresponding user wizard module to obtain other configuration parameter according to the safety means type.After guide was finished, the configuration file condominium reason configuration service module that generates the XML form was called.
Among the application's the embodiment, the configuration of virtual secure equipment is divided into the network configuration of virtual secure equipment and the security service configuration two large divisions of virtual secure equipment.Virtual secure equipment exists with the virtual machine form, and its network configuration belongs to the relevant function of Virtual Machine Manager, is called the function at virtual management center by the safety management configuration center and finishes.Virtual secure device security service configuration is used for arranging the security service of virtual secure equipment, so that it brings into play the safety function of self, this part configuration belongs to the relevant function of safety management configuration, is finished by the safety management configuration center.Safety means security service configuration needs the security service management interface of accesses virtual safety means to be configured.
Security service management interface with virtual secure equipment in the embodiment of the invention all is configured to internal address, can't access from the outside.So processing can prevent the outside directly security service management interface of accesses virtual safety means, has strengthened the protection to virtual secure equipment.Simultaneously, also saved public network IP address.Deployment secure equipment as required in virtual computation environmental if the security service management interface of each safety means configures public network IP, can consume a large amount of IP address resources.
When the keeper needed the security service of configuration virtual safety means, need to transmit via the security service administration agent of safety management configuration center could accesses virtual safety means security service control desk.The security service management interface of virtual secure equipment is configured to internal address, and accesses virtual safety means management interface need to be transmitted through the security service administration agent.As shown in Figure 4, among the application's the embodiment, the security service layoutprocedure of virtual secure equipment mainly comprises following content.
Step S410, the safety management configuration center receives user's login.
Step S420, the safety management configuration center receives the virtual secure equipment that will be configured that the user selects by user interactive module.
Step S430, safety management configuration center switch User Interface to administration view, by the access interface that the safety management configuration center provides, are connected to the security service control desk of virtual secure equipment via security service administration agent module.
Step S440, the safety management configuration center is accepted the identity Authority Verification, and authentication is carried out virtual secure device security service configuration by rear security service control desk by virtual secure equipment.
The deployment of virtual secure equipment need to be carried out a series of configurations usually in the prior art, and is very loaded down with trivial details and be not easy to administrative staff memory and operation.The application's embodiment has reduced the complexity of operation by user wizard, has simplified configuration flow, has improved allocative efficiency.
It is apparent to those skilled in the art that each part of the system that above-mentioned the embodiment of the present application provides, and each step in the method, they can concentrate on the single calculation element, perhaps are distributed on the network that a plurality of calculation elements form.Alternatively, they can be realized with the executable program code of calculation element.Thereby, they can be stored in the storage device and be carried out by calculation element, perhaps they are made into respectively each integrated circuit modules, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Although the disclosed execution mode of the present invention as above, the execution mode that described content only adopts for ease of understanding the present invention is not to limit the present invention.Those of skill in the art under any the present invention; under the prerequisite that does not break away from the disclosed spirit and scope of the present invention; can carry out any modification and variation in form and the details implemented; but scope of patent protection of the present invention still must be as the criterion with the scope that appending claims was defined.
Claims (10)
1. the deployment configuration system of a virtual secure equipment comprises the safety management configuration center, and the virtual management center that links to each other with this safety management configuration center and virtual secure product component inventory, wherein:
Be set to the virtual secure equipment of storage virtual machine form in the virtual secure product component inventory;
The safety management configuration center, be set to obtain from this virtual management center the topology information of virtual computation environmental, obtain the facility information of the virtual secure equipment that can participate in disposing from this virtual secure product component inventory, this topology information and facility information are showed the user; Receive the user selects the needs deployment according to this topology information and facility information virtual secure equipment; The type guiding user of the virtual secure equipment of disposing according to this needs inputs deployment parameters, according to this deployment parameters generating configuration file; Call this virtual management center this virtual secure equipment that need to dispose is disposed, and the virtual secure equipment of these needs being disposed according to this configuration file is configured.
2. system according to claim 1, wherein, this safety management configuration center comprises interactive interface module, user interactive module, user wizard module, security service administration agent module and administration configuration service module, wherein:
User interactive module, be set to obtain this topology information by this interactive interface module from this virtual management center, obtain this facility information from this virtual secure product component inventory, this topology information and facility information are showed the user, receive the user selects the needs deployment according to this topology information and facility information virtual secure equipment and corresponding topological structure and topology location;
The user wizard module is set to the type of the virtual secure equipment disposed according to this needs and this topological structure and topology location guiding user and inputs deployment parameters, according to this deployment parameters generating configuration file;
The administration configuration service module, the application programming interfaces that are set to call by this interactive interface module this virtual management center are disposed this virtual secure equipment that need to dispose, and the virtual secure equipment of these needs being disposed according to this configuration file is configured; Be configured by the security service of this security service administration agent module to this virtual secure equipment that need to dispose;
Security service administration agent module is set to access the security service control desk that needs to dispose virtual secure equipment by the Intranet access mode.
3. system according to claim 2, wherein:
The security service management interface of the virtual secure equipment that this need to be disposed is configured to internal address, the security service management interface that this security service administration agent module is set to the virtual secure equipment that need to dispose with this links to each other, be connected to the security service control desk of this virtual secure equipment that need to dispose by access agency's mode, the security service of this virtual secure equipment that need to dispose is configured.
4. system according to claim 1, wherein:
This safety management configuration center links to each other with this virtual secure product component inventory by storage area network agreement or Internet Small Computer Systems Interface agreement.
5. the deployment configuration method of a virtual secure equipment, the method comprises:
The safety management configuration center obtains the topology information of virtual computation environmental from this virtual management center, obtain the facility information of the virtual secure equipment that can participate in disposing from virtual secure product component inventory, and this topology information and facility information are showed the user;
This safety management configuration center receives the user selects the needs deployment according to this topology information and facility information virtual secure equipment;
This safety management configuration center is inputted deployment parameters according to the type guiding user of the virtual secure equipment that these needs are disposed, according to this deployment parameters generating configuration file;
This safety management configuration center calls this virtual management center this virtual secure equipment that need to dispose is disposed, and the virtual secure equipment of these needs being disposed according to this configuration file is configured;
Wherein, be set to the virtual secure equipment of storage virtual machine form in this virtual secure product component inventory.
6. method according to claim 5, wherein:
This safety management configuration center reception user selects the virtual secure equipment of needs deployment according to this topology information and facility information, comprising: this safety management configuration center receives user selects the needs deployment according to this topology information and facility information virtual secure equipment and corresponding topological structure and topology location;
This safety management configuration center is inputted deployment parameters according to the type guiding user of the virtual secure equipment that these needs are disposed, according to this deployment parameters generating configuration file, comprise: the type of the virtual secure equipment that this safety management configuration center is disposed according to this needs and this topological structure and topology location guiding user input deployment parameters, according to this deployment parameters generating configuration file.
7. method according to claim 5, wherein, this safety management configuration center calls this virtual management center this virtual secure equipment that need to dispose is disposed, and comprising:
This safety management configuration center calls the application programming interfaces at this virtual management center this virtual secure equipment that need to dispose is disposed.
8. method according to claim 5, wherein, the virtual secure equipment that this safety management configuration center is disposed these needs according to this configuration file is configured, and comprising:
This safety management configuration center is connected to the security service control desk of this virtual secure equipment that need to dispose by access agency's mode, the security service of this virtual secure equipment that need to dispose is configured.
9. method according to claim 8, wherein, this safety management configuration center is set to access the virtual secure device security service console that this need to be disposed by the Intranet access mode, comprising:
The security service management interface of the virtual secure equipment that this need to be disposed is configured to internal address, this safety management configuration center links to each other with the security service management interface of the virtual secure equipment that this need to be disposed, access the virtual secure device security service console that this need to be disposed by the Intranet access mode, carry out the security service configuration.
10. method according to claim 5, wherein:
This safety management configuration center links to each other with this virtual secure product component inventory by storage area network agreement or Internet Small Computer Systems Interface agreement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210576755.7A CN103067380B (en) | 2012-12-26 | 2012-12-26 | A kind of deployment configuration method and system of virtual secure equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210576755.7A CN103067380B (en) | 2012-12-26 | 2012-12-26 | A kind of deployment configuration method and system of virtual secure equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103067380A true CN103067380A (en) | 2013-04-24 |
| CN103067380B CN103067380B (en) | 2015-11-18 |
Family
ID=48109842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210576755.7A Expired - Fee Related CN103067380B (en) | 2012-12-26 | 2012-12-26 | A kind of deployment configuration method and system of virtual secure equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103067380B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103354530A (en) * | 2013-07-18 | 2013-10-16 | 北京启明星辰信息技术股份有限公司 | Virtualization network boundary data flow gathering method and apparatus |
| CN104580120A (en) * | 2013-10-28 | 2015-04-29 | 北京启明星辰信息技术股份有限公司 | On-demand-service virtualization network intrusion detection method and device |
| CN105847248A (en) * | 2016-03-19 | 2016-08-10 | 浙江大学 | Method for actively defending against Trojan horse based on virtual environments |
| CN105959275A (en) * | 2016-04-26 | 2016-09-21 | 北京启明星辰信息安全技术有限公司 | Security integrated machine system |
| CN106685974A (en) * | 2016-12-31 | 2017-05-17 | 北京神州绿盟信息安全科技股份有限公司 | Establishing and providing method and device of safety protection services |
| CN106911723A (en) * | 2017-04-26 | 2017-06-30 | 北京启明星辰信息安全技术有限公司 | Traffic security processing method and safety virtualization system |
| CN107506640A (en) * | 2017-06-28 | 2017-12-22 | 青岛以太科技股份有限公司 | Virtual machine guard system |
| CN107517129A (en) * | 2017-08-25 | 2017-12-26 | 杭州迪普科技股份有限公司 | A kind of method and apparatus based on OpenStack configuration equipment upstream Interfaces |
| CN108108210A (en) * | 2018-01-11 | 2018-06-01 | 上海有云信息技术有限公司 | Management method, device, server and the storage medium of safety product |
| CN109918173A (en) * | 2019-03-06 | 2019-06-21 | 苏州浪潮智能科技有限公司 | Virtual machine health examination method and system based on openstack |
| CN110196750A (en) * | 2018-02-26 | 2019-09-03 | 华为技术有限公司 | A kind of distribution method and its relevant device of equipment |
| CN110868371A (en) * | 2018-08-27 | 2020-03-06 | 中国电信股份有限公司 | Security policy processing method and system, cloud management platform and subnet management device |
| CN111385304A (en) * | 2020-03-16 | 2020-07-07 | 深信服科技股份有限公司 | System deployment method, device, computer storage medium and fusion system |
| CN115102865A (en) * | 2022-06-27 | 2022-09-23 | 李泽宾 | Network security device topology management method and system |
| CN117667241A (en) * | 2024-02-01 | 2024-03-08 | 龙芯中科技术股份有限公司 | Device loading method and device, electronic device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1790261A (en) * | 2005-12-26 | 2006-06-21 | 北京航空航天大学 | Information service construction system and construction method |
| CN102523209A (en) * | 2011-12-06 | 2012-06-27 | 北京航空航天大学 | Dynamic adjustment method and device of safety inspection virtual machines |
| CN102739645A (en) * | 2012-04-23 | 2012-10-17 | 杭州华三通信技术有限公司 | Method and device for migrating virtual machine safety policy |
-
2012
- 2012-12-26 CN CN201210576755.7A patent/CN103067380B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1790261A (en) * | 2005-12-26 | 2006-06-21 | 北京航空航天大学 | Information service construction system and construction method |
| CN102523209A (en) * | 2011-12-06 | 2012-06-27 | 北京航空航天大学 | Dynamic adjustment method and device of safety inspection virtual machines |
| CN102739645A (en) * | 2012-04-23 | 2012-10-17 | 杭州华三通信技术有限公司 | Method and device for migrating virtual machine safety policy |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103354530A (en) * | 2013-07-18 | 2013-10-16 | 北京启明星辰信息技术股份有限公司 | Virtualization network boundary data flow gathering method and apparatus |
| CN103354530B (en) * | 2013-07-18 | 2016-08-10 | 北京启明星辰信息技术股份有限公司 | Virtualization network boundary data flow assemblage method and device |
| CN104580120A (en) * | 2013-10-28 | 2015-04-29 | 北京启明星辰信息技术股份有限公司 | On-demand-service virtualization network intrusion detection method and device |
| CN105847248A (en) * | 2016-03-19 | 2016-08-10 | 浙江大学 | Method for actively defending against Trojan horse based on virtual environments |
| CN105959275A (en) * | 2016-04-26 | 2016-09-21 | 北京启明星辰信息安全技术有限公司 | Security integrated machine system |
| CN106685974A (en) * | 2016-12-31 | 2017-05-17 | 北京神州绿盟信息安全科技股份有限公司 | Establishing and providing method and device of safety protection services |
| CN106911723A (en) * | 2017-04-26 | 2017-06-30 | 北京启明星辰信息安全技术有限公司 | Traffic security processing method and safety virtualization system |
| CN106911723B (en) * | 2017-04-26 | 2020-03-03 | 北京启明星辰信息安全技术有限公司 | Flow safety processing method and safety virtualization system |
| CN107506640A (en) * | 2017-06-28 | 2017-12-22 | 青岛以太科技股份有限公司 | Virtual machine guard system |
| CN107517129A (en) * | 2017-08-25 | 2017-12-26 | 杭州迪普科技股份有限公司 | A kind of method and apparatus based on OpenStack configuration equipment upstream Interfaces |
| CN108108210A (en) * | 2018-01-11 | 2018-06-01 | 上海有云信息技术有限公司 | Management method, device, server and the storage medium of safety product |
| CN110196750B (en) * | 2018-02-26 | 2023-02-24 | 华为技术有限公司 | Equipment distribution method and related equipment thereof |
| CN110196750A (en) * | 2018-02-26 | 2019-09-03 | 华为技术有限公司 | A kind of distribution method and its relevant device of equipment |
| CN110868371B (en) * | 2018-08-27 | 2022-03-01 | 中国电信股份有限公司 | Security policy processing method and system, cloud management platform and subnet management device |
| CN110868371A (en) * | 2018-08-27 | 2020-03-06 | 中国电信股份有限公司 | Security policy processing method and system, cloud management platform and subnet management device |
| CN109918173A (en) * | 2019-03-06 | 2019-06-21 | 苏州浪潮智能科技有限公司 | Virtual machine health examination method and system based on openstack |
| CN111385304A (en) * | 2020-03-16 | 2020-07-07 | 深信服科技股份有限公司 | System deployment method, device, computer storage medium and fusion system |
| CN115102865A (en) * | 2022-06-27 | 2022-09-23 | 李泽宾 | Network security device topology management method and system |
| CN117667241A (en) * | 2024-02-01 | 2024-03-08 | 龙芯中科技术股份有限公司 | Device loading method and device, electronic device and storage medium |
| CN117667241B (en) * | 2024-02-01 | 2024-04-26 | 龙芯中科技术股份有限公司 | Device loading method and device, electronic device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103067380B (en) | 2015-11-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103067380B (en) | A kind of deployment configuration method and system of virtual secure equipment | |
| CN115699698B (en) | Loop prevention in virtual L2 networks | |
| US11218483B2 (en) | Hybrid cloud security groups | |
| Chen et al. | Collaborative network security in multi-tenant data center for cloud computing | |
| CN116235484A (en) | Interface-based ACL in layer 2 networks | |
| US20140052877A1 (en) | Method and apparatus for tenant programmable logical network for multi-tenancy cloud datacenters | |
| CN105100026A (en) | Safe message forwarding method and safe message forwarding device | |
| CN116762060A (en) | Internet Group Management Protocol (IGMP) for layer 2 networks in virtualized cloud environments | |
| CN104468574A (en) | Dynamic IP address acquisition method, system and device for virtual machines | |
| CN114338606B (en) | Public cloud network configuration method and related equipment | |
| Bastin et al. | The InstaGENI initiative: An architecture for distributed systems and advanced programmable networks | |
| US20230104368A1 (en) | Role-based access control autogeneration in a cloud native software-defined network architecture | |
| EP4160409A1 (en) | Cloud native software-defined network architecture for multiple clusters | |
| US20230109231A1 (en) | Customizable network virtualization devices using multiple personalities | |
| CN114124714B (en) | Multi-level network deployment method, device, equipment and storage medium | |
| Shaji et al. | Survey on security aspects of distributed software-defined networking controllers in an enterprise SD-WLAN | |
| Chen et al. | Research and practice of dynamic network security architecture for IaaS platforms | |
| EP4160408A1 (en) | Network policy generation for continuous deployment | |
| Jain et al. | Software defined networking: State-of-the-art | |
| WO2023150527A1 (en) | Configuring a network-link for establishing communication between different cloud environments | |
| Niyaz et al. | Light VN: A Light-Weight Testbed for Network and Security Experiments | |
| Fan et al. | Dynamic hybrid honeypot system based transparent traffic redirection mechanism | |
| KR20180015738A (en) | System security using multi-user control | |
| CN106506238A (en) | A kind of network element management method and system | |
| Fecil'ak et al. | Virtual laboratory environment based on dynamips platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20151118 Termination date: 20211226 |