CN104796470A - Multi-stage distributed deployment method of service centers - Google Patents
Multi-stage distributed deployment method of service centers Download PDFInfo
- Publication number
- CN104796470A CN104796470A CN201510180201.9A CN201510180201A CN104796470A CN 104796470 A CN104796470 A CN 104796470A CN 201510180201 A CN201510180201 A CN 201510180201A CN 104796470 A CN104796470 A CN 104796470A
- Authority
- CN
- China
- Prior art keywords
- password
- algorithm
- authentication
- center
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a multi-stage distributed deployment method of service centers. The multi-stage distributed deployment method of the service centers comprises the following steps of performing remote reliable connection through a TCP (transmission control protocol); transmitting an identity authentication package to a management center; performing encryption by using a default encryption algorithm of a system; waiting for a handshake protocol package of the management center; and assigning a follow-up random encryption algorithm and dynamic passwords. By the multi-stage distributed deployment method of the service centers, a user can quickly visit businesses corresponding to a close-range available data center, the service response speed is increased, the user visiting experience is improved, the service centers are independent from one another, safety, integrity and correctness of data are guaranteed, the data cannot be tampered, and safety precautions are taken in a whole data acquiring, transmitting, storing and analyzing link.
Description
Technical field
The present invention relates to network design field, specifically the multilevel distributed dispositions method of a kind of service centre.
Background technology
Distributed management technology is the core technology promoting network management technology development always, is also more and more subject to the attention of industry.Its technical characterstic is that distributed network is corresponding with central-control type network, and it does not have center, thus can not because of centered by destroyed and caused overall collapse.Be connected to each other between node on a distribution network, data can select mulitpath to transmit, and can break IT resource and business can only the limitation of local disposition; By the continuity of trans-regional backup with migration lifting business, thus there is higher reliability.
Multistage deployment techniques achievement solves a difficult problem for service classification examination & approval, management, avoids the repetition occupation problem of network and resource.Adapt to multi-level resource management, the effective technology mode of graded examination and approval.
Along with the fast development of mass memory and high bandwidth transmission technology, centralized safety auditing system cannot have been born at a high speed, security audit task under large-scale distributed network environment.In this case, dynamic, distributed security audit technology becomes the developing direction of security audit.
At present, in distributed security audit technique, carried out more research work both at home and abroad, and achieved polytype system.These distributed security audit systems are made up of multiple module usually, and these modules are generally distributed in the diverse location of network, complete the functions such as Data Collection, analysis and man-machine interaction respectively.But there is obvious shortcoming simultaneously:
thoroughly do not break away from the bottleneck problem of concentrated security audit model, under high speed, large-scale network environment, centralized data analysis mechanism cannot meet the processing requirements to mass data;
data storage center and data analysis center probably become the focus of attack of invader, as long as the invaded person of any one node in these two nodes controls or destroys, all can cause the paralysis of whole auditing system.Therefore, multilevel distributed security audit technology is still the emphasis studied from now on.
Summary of the invention
The object of the present invention is to provide the multilevel distributed dispositions method of a kind of service centre, to solve the problem proposed in above-mentioned background technology.
For achieving the above object, the invention provides following technical scheme:
The multilevel distributed dispositions method of a kind of service centre, comprises the following steps:
(1) long-range reliable connection is carried out by Transmission Control Protocol, the first upwards one-level management center of client or next stage administrative center that is managed sends and comprises ownship information authentication bag, this authentication bag is encrypted by the cryptographic algorithm of system default, and password is specified when system is installed and implemented;
(2) client waits for the Handshake Protocol bag of administrative center after sending authentication, specifies follow-up cryptographic algorithm and dynamic password;
(3) if do not receive this information at certain hour to represent that network cuts off or authentication is not passed through, connection is re-started; Administrative center checks the correctness of the identity received, if mistake, directly cut off this and connect, otherwise in cryptographic algorithm storehouse, select a kind of algorithm at random, and produce a random cipher, be sent to and be managed client, by password authentication, shake hands successfully, follow-up transmission all adopts this algorithm and password; Otherwise select a kind of algorithm at random in cryptographic algorithm storehouse, and produce a random cipher, be sent to and be managed client, by password authentication, shake hands successfully, follow-up transmission all adopts this algorithm and password;
(4) by the distributed dual-active technology in data center front end, the business that the data available center of user's fast access " nearest " is corresponding, the business of data center is externally issued and is adopted IP address or DNS domain name mode, and data center front end adopts corresponding technology to realize distributed network dual-active according to the external published method of business.
Compared with prior art, the invention has the beneficial effects as follows: the inventive method is under distributed dual-active data center network environment, by the distributed dual-active technology in data center front end, user can the corresponding business in data available center of fast access " nearest ", improve service response speed, promote user and access experience; And relatively independent between each service centre, ensure the fail safe of data, integrality and correctness, guarantee that data can not be distorted, in whole data acquisition, data transmission, data store and the link of data analysis provides safety precautions.
Embodiment
Below in conjunction with the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The multilevel distributed dispositions method of a kind of service centre, comprises the following steps:
(1) long-range reliable connection is carried out by Transmission Control Protocol, the first upwards one-level management center of client or next stage administrative center that is managed sends and comprises ownship information authentication bag, this authentication bag is encrypted by the cryptographic algorithm of system default, and password is specified when system is installed and implemented;
(2) client waits for the Handshake Protocol bag of administrative center after sending authentication, specifies follow-up cryptographic algorithm and dynamic password;
(3) if do not receive this information at certain hour to represent that network cuts off or authentication is not passed through, connection is re-started; Administrative center checks the correctness of the identity received, if mistake, directly cut off this and connect, otherwise in cryptographic algorithm storehouse, select a kind of algorithm at random, and produce a random cipher, be sent to and be managed client, by password authentication, shake hands successfully, follow-up transmission all adopts this algorithm and password; Otherwise select a kind of algorithm at random in cryptographic algorithm storehouse, and produce a random cipher, be sent to and be managed client, by password authentication, shake hands successfully, follow-up transmission all adopts this algorithm and password;
(4) by the distributed dual-active technology in data center front end, the business that the data available center of user's fast access " nearest " is corresponding, the business of data center is externally issued and is adopted IP address or DNS domain name mode, and data center front end adopts corresponding technology to realize distributed network dual-active according to the external published method of business.
The expansion head of service centre's multilevel distribution system forms by expanding content identification, expanding content-length and expanding content, expands the type that content identification indicates current expansion content; When having multiple expansion content, expansion content is below directly with after the previous expansion content of access, and total length should be identical with the expansion head length of frame head.
A kind of information of the inventive method and tactful distribution management method or agreement, can define each link according to actual conditions in concrete development and implementation; Cryptographic algorithm storehouse can unrestricted choice, and in host-host protocol, each field also can define its length as required; Special host-host protocol kit can be bought simultaneously, can provide with various language development interface.
Claims (1)
1. the multilevel distributed dispositions method of service centre, is characterized in that, comprise the following steps:
(1) long-range reliable connection is carried out by Transmission Control Protocol, the first upwards one-level management center of client or next stage administrative center that is managed sends and comprises ownship information authentication bag, this authentication bag is encrypted by the cryptographic algorithm of system default, and password is specified when system is installed and implemented;
(2) client waits for the Handshake Protocol bag of administrative center after sending authentication, specifies follow-up cryptographic algorithm and dynamic password;
(3) if do not receive this information at certain hour to represent that network cuts off or authentication is not passed through, connection is re-started; Administrative center checks the correctness of the identity received, if mistake, directly cut off this and connect, otherwise in cryptographic algorithm storehouse, select a kind of algorithm at random, and produce a random cipher, be sent to and be managed client, by password authentication, shake hands successfully, follow-up transmission all adopts this algorithm and password; Otherwise select a kind of algorithm at random in cryptographic algorithm storehouse, and produce a random cipher, be sent to and be managed client, by password authentication, shake hands successfully, follow-up transmission all adopts this algorithm and password;
(4) by the distributed dual-active technology in data center front end, the business that the data available center of user's fast access " nearest " is corresponding, the business of data center is externally issued and is adopted IP address or DNS domain name mode, and data center front end adopts corresponding technology to realize distributed network dual-active according to the external published method of business.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510180201.9A CN104796470A (en) | 2015-04-16 | 2015-04-16 | Multi-stage distributed deployment method of service centers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510180201.9A CN104796470A (en) | 2015-04-16 | 2015-04-16 | Multi-stage distributed deployment method of service centers |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104796470A true CN104796470A (en) | 2015-07-22 |
Family
ID=53560978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510180201.9A Pending CN104796470A (en) | 2015-04-16 | 2015-04-16 | Multi-stage distributed deployment method of service centers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104796470A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106027523A (en) * | 2016-05-20 | 2016-10-12 | 深圳市永兴元科技有限公司 | Data collection method of distributed data system and distributed data system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1773991A (en) * | 2005-11-17 | 2006-05-17 | 上海汉邦京泰数码技术有限公司 | Information safety management multilevel distributing transmission controlling method |
| CN103365979A (en) * | 2013-07-03 | 2013-10-23 | 交通银行股份有限公司 | Long-distance double-center online processing method and system based on open database |
-
2015
- 2015-04-16 CN CN201510180201.9A patent/CN104796470A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1773991A (en) * | 2005-11-17 | 2006-05-17 | 上海汉邦京泰数码技术有限公司 | Information safety management multilevel distributing transmission controlling method |
| CN103365979A (en) * | 2013-07-03 | 2013-10-23 | 交通银行股份有限公司 | Long-distance double-center online processing method and system based on open database |
Non-Patent Citations (1)
| Title |
|---|
| 朱智达: ""分布式双活"模式在校园数据备份中的应用研究", 《电脑与电信》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106027523A (en) * | 2016-05-20 | 2016-10-12 | 深圳市永兴元科技有限公司 | Data collection method of distributed data system and distributed data system |
| CN106027523B (en) * | 2016-05-20 | 2019-01-25 | 深圳市永兴元科技股份有限公司 | The collecting method and distributed data system of distributed data system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Razouk et al. | A new security middleware architecture based on fog computing and cloud to support IoT constrained devices | |
| CN104322001A (en) | Transport layer security traffic control using service name identification | |
| US20190207747A1 (en) | System and method for providing satellite gtp acceleration for secure cellular backhaul over satellite | |
| WO2015069470A1 (en) | Method and system for automatically managing secrets in multiple data security jurisdiction zones | |
| CN102638346B (en) | Method and device for authorizing subscriber digital certificate | |
| CN102143088B (en) | Method and equipment for forwarding data based on security socket layer (SSL) virtual private network (VPN) | |
| CN101309195A (en) | Method and apparatus for guarantee quality of service of secure socket layer of virtual private network | |
| CN103778353B (en) | Signature method, device and the system of e-file | |
| US11544393B2 (en) | Securely accessing offline data with indirect communication | |
| US20070008971A1 (en) | Systems and methods for passing network traffic data | |
| CN112511565B (en) | Request response method and device, computer readable storage medium and electronic equipment | |
| EP3713147B1 (en) | Railway signal security encryption method and system | |
| CN113542339A (en) | Electric power Internet of things safety protection design method | |
| CN111726328B (en) | Method, system and related device for remotely accessing a first device | |
| CN110290151B (en) | Message sending method and device and readable storage medium | |
| CN116070253A (en) | Driving data processing method, driving data processing device and storage medium | |
| CN102045310A (en) | Industrial Internet intrusion detection as well as defense method and device | |
| CN104796470A (en) | Multi-stage distributed deployment method of service centers | |
| CN112423277A (en) | Security certificate recovery in bluetooth mesh networks | |
| CN115129518B (en) | Backup and recovery method, device, equipment and medium for TEE (trusted execution environment) internal storage data | |
| CN109195160B (en) | Tamper-proof storage system of network equipment resource detection information and control method thereof | |
| CN111835716B (en) | Authentication communication method, server, device and storage medium | |
| Nikiforov et al. | Structure of information security subsystem in the systems of commercial energy resources accounting | |
| CN114124514A (en) | Electric power universe thing networking safety protection system | |
| CN107508739B (en) | Authentication method for transmitting data through VPN tunnel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150722 |
|
| RJ01 | Rejection of invention patent application after publication |