CN111224922A - Distributed security group module access control method and system - Google Patents
Distributed security group module access control method and system Download PDFInfo
- Publication number
- CN111224922A CN111224922A CN201811416366.1A CN201811416366A CN111224922A CN 111224922 A CN111224922 A CN 111224922A CN 201811416366 A CN201811416366 A CN 201811416366A CN 111224922 A CN111224922 A CN 111224922A
- Authority
- CN
- China
- Prior art keywords
- security group
- template
- request
- module
- operation request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a distributed security group module access control method and a system, wherein a security group module comprises at least one of a security group, a security group template, a security group rule and a security group associated cloud host, wherein the security group module is associated with a virtual machine network card to form a distributed security group module, the security group module is distributed, so high-concurrency scenes can be flexibly dealt with, and the security group module is associated with the virtual machine network card, and by triggering an operation request aiming at the security group module and executing a corresponding operation step aiming at the security group module according to the operation request, a user can access and control the security group module from the network card dimension of the virtual machine, so that communication filtering among different virtual network cards can be realized.
Description
Technical Field
The present invention relates to distributed security groups, and in particular, to a method and a system for controlling module access of a distributed security group.
Background
A hardware firewall is typically placed on the gateway to isolate access control between subnets. Thus, firewalls, i.e., services, also access control at network nodes, and specifically in router namespaces. The firewall can isolate malicious traffic from outside before the security group, but cannot filter traffic between different virtual network cards inside the same subnet (unless it is across subnets).
When the device is put into an actual use environment, the situation changes at any time. The rules of the hardware firewall will change and adjust constantly, the configuration parameters will change frequently, the operator needs to modify the configuration file, and the operation is complex.
The existing hardware firewall is usually in a master-standby mode, and the performance of the firewall is rapidly reduced when a large amount of data is concurrent.
The security group is a virtual firewall with a packet filtering function, is used for setting network access control of a single or a plurality of cloud servers, provides a network security isolation function, and is bound on a network card of a Virtual Machine (VM). By modifying the rules of the security groups, the corresponding inbound or outbound traffic is put through.
The firewall is protection software, belongs to passive protection and protects the firewall only when being attacked. The security group performs protection by using a security policy, belongs to active protection and performs security protection when not attacked. The user does not need to pay attention to the underlying technical access control, and only needs to click a corresponding button on a platform page to control the change of the strategy. And the security group rules are in effect immediately, without the user's apparent perception. And the security group is distributed, so that high-concurrency scenes can be flexibly dealt with.
In order to solve the problems of the existing firewall, the invention provides a public cloud distributed security group access control technology.
Disclosure of Invention
In order to solve the above technical problems, an object of the present invention is to provide a distributed security group module access control method and system.
According to one aspect of the present invention, there is provided a distributed secure group module access control system comprising:
the operation request receiving unit is configured to receive an operation request, which is triggered by a user and is directed to a security group module, wherein the security group module comprises at least one of a security group, a security group template, a security group rule and a security group associated cloud host, and the security group module is associated with a virtual machine network card to form a distributed security group module;
and the operation step execution unit is configured to execute the corresponding operation step aiming at the security group module according to the operation request.
Further, the operation request for the security group module received by the operation request receiving unit includes a creation or cloning request for the security group, and the corresponding operation steps performed by the operation step performing unit include:
receiving a creation or cloning request aiming at a security group triggered by a user and creation or cloning configuration parameters input by the user;
determining whether the name of the pre-created or cloned security group and the associated item of the pre-created or cloned security group meet the requirements for creation or cloning, if so, generating a creation or cloning type and recording the creation or cloning type into a database;
and judging whether to create or clone on the security group template according to the creation or clone configuration parameters, if so, copying security group rules associated with the security group template to a pre-created security group for creating the security group and recording the created security group into a database, or copying the security group rules of the cloned security group to a new security group for cloning the security group and recording the cloned security group into the database.
The operation request for the security group module received by the operation request receiving unit includes a deletion request for a security group, and the corresponding operation steps performed by the operation step performing unit include:
receiving a deletion request for the security group triggered by a user;
and determining whether the security group is associated with the cloud host, if not, deleting the security group and the associated security group rule thereof, and if so, calling a physical machine agent processing module of the associated cloud host to delete.
The operation request for the security group module received by the operation request receiving unit includes a creation request for the security group template, and the corresponding operation steps performed by the operation step performing unit include:
receiving a creation request aiming at the security group template triggered by a user and creation configuration parameters input by the user;
and determining whether the name of the pre-created security group template and the associated item of the pre-created security group template meet the creation requirement, if so, generating a creation type and recording the creation type in a database.
The operation request for the security group module received by the operation request receiving unit includes a deletion request for the security group template, and the corresponding operation steps performed by the operation step performing unit include:
receiving a deletion request for the security group template triggered by a user;
and judging whether the security group template is a system template or a common template, if the security group template is the system template, deleting the security group template, and if the security group template is the common template, deleting the security group template.
The operation request for the security group module received by the operation request receiving unit comprises a prioritization operation request for the security group rule, the respective operation steps comprising:
receiving a user-triggered prioritization operation request aiming at the security group rule;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, and performing priority sequencing on the current security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host.
The operation request for the security group module received by the operation request receiving unit includes any one of operation requests of creating, editing, inserting, importing and deleting for the security group rule, and the corresponding operation steps executed by the operation step executing unit include:
receiving any one operation request in new creation, editing, insertion, import and deletion aiming at the security group rule triggered by a user;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, carrying out operation processing corresponding to the operation request on the current security group rules, and carrying out priority sequencing on the processed security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host.
The operation request for the security group module received by the operation request receiving unit includes a binding or unbinding request for the security group associated cloud host, and the corresponding operation steps performed by the operation step performing unit include:
receiving a binding or unbinding request aiming at the security group associated cloud host triggered by a user, and calling a physical machine agent processing module where the associated cloud host is located to carry out binding or unbinding operation between the security group and the corresponding cloud host.
The physical machine agent processing module for calling the associated cloud host executed by the operation step execution unit comprises:
acquiring a physical machine where a security group associated cloud host is located, judging whether the agent state of the physical machine is normal, if so, connecting the agent of the physical machine to acquire a security group initial template and all associated security group rules on the physical machine;
and assembling the security group rules into a configuration file, and sending the configuration file to an agent processing module for configuration.
According to another aspect of the present invention, there is provided a distributed security group module access control method, comprising the steps of:
receiving an operation request aiming at a security group module triggered by a user, wherein the security group module comprises at least one item of security groups, security group templates, security group rules and security group associated cloud hosts, and the security group module is associated with a virtual machine network card to form a distributed security group module;
and executing corresponding operation steps aiming at the security group module according to the operation request.
Further, the operation request for the security group module includes a create or clone request for the security group, and the corresponding operation steps include:
receiving a creation or cloning request aiming at a security group triggered by a user and creation or cloning configuration parameters input by the user;
determining whether the name of the pre-created or cloned security group and the associated item of the pre-created or cloned security group meet the requirements for creation or cloning, if so, generating a creation or cloning type and recording the creation or cloning type into a database;
and judging whether to create or clone on the security group template according to the creation or clone configuration parameters, if so, copying security group rules associated with the security group template to a pre-created security group for creating the security group and recording the created security group into a database, or copying the security group rules of the cloned security group to a new security group for cloning the security group and recording the cloned security group into the database.
The operation request for the security group module comprises a delete request for the security group, the respective operation steps comprising:
receiving a deletion request for a security group triggered by a user;
and determining whether the security group is associated with the cloud host, if not, deleting the security group and the associated security group rule thereof, and if so, calling a physical machine agent processing module where the associated cloud host is located to delete.
The operation request for the security group module comprises a creation request for the security group template, the respective operation steps comprising:
receiving a creation request aiming at a security group template triggered by a user and creation configuration parameters input by the user;
and determining whether the name of the pre-created security group template and the associated item of the pre-created security group template meet the creation requirement, if so, generating a creation type and recording the creation type in a database.
The operation request for the security group module comprises a delete request for the security group template, the respective operation steps comprising:
receiving a deletion request for the security group template triggered by a user;
and judging whether the security group template is a system template or a common template, if the security group template is the system template, deleting the security group template, and if the security group template is the common template, deleting the security group template.
The operation request for the security group module comprises a prioritization operation request for the security group rule, the respective operation step comprising:
receiving a priority ordering operation request aiming at the security group rule triggered by a user;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, and performing priority sequencing on the current security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host.
The operation request for the security group module comprises any one operation request of creating, editing, inserting, importing and deleting aiming at the security group rule, and the corresponding operation step comprises the following steps:
receiving any one operation request in new creation, editing, insertion, import and deletion aiming at the security group rule triggered by a user;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, carrying out operation processing corresponding to the operation request on the current security group rules, and carrying out priority sequencing on the processed security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host.
The operation request for the security group module comprises a binding or unbinding request for the security group associated cloud host, the respective operation steps comprising:
receiving a binding or unbinding request aiming at the security group associated cloud host triggered by a user, and calling a physical machine agent processing module where the associated cloud host is located to carry out binding or unbinding operation between the security group and the corresponding cloud host.
Calling a physical machine agent processing module where the associated cloud host is located, wherein the calling comprises the following steps:
acquiring a physical machine where a security group associated cloud host is located, judging whether the agent state of the physical machine is normal, if so, connecting the agent of the physical machine to acquire a security group initial template and all associated security group rules on the physical machine;
and assembling the security group rules into a configuration file, and sending the configuration file to an agent processing module for configuration.
According to another aspect of the present invention, there is provided an apparatus comprising:
one or more processors;
a memory for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of the above.
According to another aspect of the invention, there is provided a computer readable storage medium storing a computer program which, when executed by a processor, access controls a method as described in any one of the above.
Compared with the prior art, the invention has the following beneficial effects:
1. according to the public cloud distributed security group access control system disclosed by the invention, as the security group modules are distributed, high-concurrency scenes can be flexibly dealt with, and as the security group modules are associated with the virtual machine network card, through the cooperation of the operation request receiving unit and the operation step executing unit, a user can access and control the security group modules from the network card dimension of the virtual machine, so that communication filtering among different virtual network cards can be realized.
2. According to the public cloud distributed security group access control method, the security group module comprises at least one of security groups, security group templates, security group rules and security group associated cloud hosts, wherein the security group module is associated with the virtual machine network card to form a distributed security group module, the security group module is distributed, so that high-concurrency scenes can be flexibly dealt with, the security group module is associated with the virtual machine network card, and the security group module is enabled to trigger an operation request aiming at the security group module and execute corresponding operation steps aiming at the security group module according to the operation request, so that a user can access and control the security group module from the network card dimension of the virtual machine, and communication filtering among different virtual network cards can be realized.
Drawings
FIG. 1 is a flowchart of a distributed security group module access control method according to an embodiment;
FIG. 2 is a block diagram of the functional modules of a security group according to one embodiment;
FIG. 3 is a flow diagram illustrating security group creation and clone creation according to an embodiment;
FIG. 4 is a flowchart of a security group, security group template deletion module, according to an embodiment;
FIG. 5 is a flowchart illustrating the agent processing module invocation according to one embodiment;
FIG. 6 is a flow diagram of an embodiment of a security group rule processing;
FIG. 7 is a block diagram of a distributed security group module access control system according to an embodiment;
FIG. 8 is a diagram illustrating a computer system according to an embodiment,
in the figure, 100 computer system, 101CPU, 102ROM, 103RAM, 104 bus, 105I/O interface, 106 input part, 107 output part, 108 storage part, 109 communication part, 110 drive, 111 removable medium.
Detailed Description
In order to better understand the technical scheme of the invention, the invention is further explained by combining the specific embodiment and the attached drawings of the specification.
The first embodiment is as follows:
the embodiment provides a distributed security group module access control method, as shown in fig. 1, including the following steps:
s1, receiving an operation request for a security group module triggered by a user through an external interface or a cloud platform, specifically, selecting a security group module through an external interface or a cloud platform, where the security group module includes at least one of a security group, a security group template, a security group rule, and a security group associated cloud host, and generally includes: the system comprises a security group, a security group template, a security group rule and a security group associated cloud host, wherein the security group module is associated with a virtual machine network card to form a distributed security group module, an operation request aiming at the security group module is triggered according to the needs of a user, the security group information existing in the security group module can be displayed through the operation request, the user can check the detailed information of the current security group and can also perform other operations on the security group module, the operation request can be a request for creating, cloning and deleting the security group, a request for creating and deleting the security group template, and an operation request for creating, editing, inserting, sorting the priority, importing and deleting the security group rule;
s2, executing the corresponding operation steps for the security group module according to the operation request, where the operation request may be a request for creating, cloning, and deleting a security group, a request for creating and deleting a security group template, a request for creating, editing, inserting, prioritizing, importing, and deleting a security group rule, so that the corresponding operation request may execute a creating, cloning, and deleting operation for a security group, a creating and deleting operation for a full group template, and a new, editing, inserting, prioritizing, importing, and deleting operation request for a security group rule. Since the security group modules in this embodiment are distributed, highly concurrent scenes can be flexibly handled, and since the security group modules are associated with the network cards of the virtual machines, by triggering the operation requests for the security group modules and executing the corresponding operation steps for the security group modules according to the operation requests, the user can access and control the security group modules from the network card dimension of the virtual machines, the network security isolation function is good and flexible, and communication filtering between different virtual network cards inside the same subnet can be realized, which is an effect that cannot be obtained by the existing firewall technology.
When an operation request for the security group module, which is triggered by a user through an external interface or a cloud platform, is a request for creating, cloning and deleting the security group, three specific operations of creating, cloning and deleting the security group can be performed.
Wherein the creating or cloning operation for the security group comprises:
receiving a creation or cloning request aiming at a security group triggered by a user through a cloud platform and creation or cloning configuration parameters input by the user through the cloud platform;
determining whether the name of the pre-created or cloned security group and the associated project of the pre-created or cloned security group meet the requirements of creation or cloning, if so, generating a creation or cloning type and recording the creation or cloning type into a database, wherein the security group type is public or exclusive to the project;
and judging whether to create or clone on the security group template according to the creation or clone configuration parameters, if so, copying security group rules associated with the security group template to a pre-created security group for creating the security group and recording the created security group into a database, or copying the security group rules of the cloned security group to a new security group for cloning the security group and recording the cloned security group into the database.
The specific security group creation process is (as shown in fig. 3): a user clicks a security group creation button through an external interface or a cloud platform, and a background firstly checks whether a name meets a specification and whether a current quota of a project associated with the security group meets creation according to creation parameters transmitted from a front end; if the two points are met, judging whether the creation type is public or exclusive to the project, and recording the creation type into a database; and judging whether the template is created on the basis of the template according to the transmitted parameters, and if so, copying the security group rules associated with the template into the newly-built security group and recording the security group rules into a database.
The specific safe group cloning procedure is (as shown in fig. 3): a user clicks a security group cloning button through an external interface or a cloud platform, and a background firstly checks whether a name meets a specification and whether a current quota of a project associated with the security group meets the specification according to a cloning parameter transmitted from a front end; if the two points are met, judging whether the creation type is public or exclusive to the project, and recording the creation type into a database; the cloned security group inbound and outbound rules are obtained, and the original rules are copied to the new security group and written into the database.
The deletion operation for the security group comprises the following steps:
receiving a deletion request for the security group triggered by a user through a cloud platform, specifically, as shown in fig. 4, the user clicks a security group deletion button through an external interface or the cloud platform;
and determining whether the security group is associated with the cloud host, if not, deleting the security group and the associated security group rule thereof, and if so, calling a physical machine agent processing module of the associated cloud host virtual machine to delete. Specifically, the method comprises the steps of entering a step of judging whether a security group exists or not if the security group does not exist as a template, judging whether the security group is associated with a cloud host or not if the security group exists, deleting rules associated with the security group first and then deleting the security group if the security group does not exist; and if the cloud host is associated, calling a physical agent processing module, and then carrying out deletion operation. Calling a physical machine agent processing module where the associated cloud host is located, wherein the calling comprises the following steps: acquiring a physical machine where a security group associated cloud host is located, judging whether the agent state of the physical machine is normal, if so, connecting the agent of the physical machine to acquire a security group initial template and all associated security group rules on the physical machine; and assembling the security group rules into a configuration file, and sending the configuration file to an agent processing module for configuration. Among them, agent processing module (as shown in FIG. 5). The module is used when a security group associated with a cloud host deletes or changes a rule or unbinds the associated cloud host. Firstly, a cloud HOST Virtual Machine (VM) associated with the security group is obtained, then a physical machine (HOST) where the VM is located is found, whether the agent state on the physical machine (HOST) is normal or not is judged, the following operation can be continued only if the agent state is normal, and the agent is connected to obtain an initial security group template. Since there is more than one Virtual Machine (VM) and more than one associated security group on the same physical machine (HOST), all security groups on the physical machine (HOST) are traversed, corresponding security group rules (security group inbound and outbound rules) are respectively obtained according to priority, and the rules are assembled into an initial configuration file in sequence. And finally, transmitting the processed configuration file to an agent and restarting the service.
The creating operation for the security group template comprises the following steps:
receiving a creation request aiming at a security group template triggered by a user through an external interface or a cloud platform and creation configuration parameters input by the user through the cloud platform;
and determining whether the name of the pre-created security group template and the associated project of the pre-created security group template meet the creation requirement, if so, generating the creation type to be public or project exclusive, and recording the creation type to a database.
The deletion operation for the security group template comprises the following steps:
receiving a deletion request aiming at the security group template triggered by a user through an external interface or a cloud platform;
and judging whether the security group template is a system template or a common template, if the security group template is the system template, deleting the security group template, and if the security group template is the common template, deleting the security group template.
The safe group template deleting process specifically comprises the following steps: firstly, judging whether the system template is a common template or not, wherein the system template cannot be deleted; and if the template is a common template, judging whether the template exists, and directly deleting the template because the template is not bound with the cloud host.
The prioritizing operation for the security group rules comprises:
receiving a user-triggered prioritization operation request aiming at the security group rule;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, and performing priority sequencing on the current security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host. The specific process of calling the physical machine agent processing module where the associated cloud host is located is as above.
Aiming at any one operation request of creating, editing, inserting, importing and deleting the security group rule, the corresponding operation steps executed by the operation step execution unit comprise:
receiving any one operation request in new creation, editing, insertion, import and deletion aiming at the security group rule triggered by a user;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, carrying out operation processing corresponding to the operation request on the current security group rules, and carrying out priority sequencing on the processed security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host. The specific process of calling the physical machine agent processing module where the associated cloud host is located is as above.
The security group rule functions include adding, editing, inserting, changing priority, importing, deleting and other specific operations.
The operation flow of adding, editing, inserting, changing priority and deleting the security group rule is shown in fig. 6. The security group rules module first checks whether the front-end incoming parameters, such as classless inter-domain routing (cidr) etc., comply with the ip specification. And then inquiring the priority of the original rule according to the universal unique identification code (uuid) of the security group, and adding a new rule or modifying the original rule according to the operation to correspondingly modify the priority. And judging whether the cloud host is associated, and if so, calling the agent processing module.
And the safety group rule deletion refers to inquiring original rule details according to the uuid of the safety group, deleting the safety group rule selected by the user, reordering the rest rules and updating the database. And judging whether the cloud host is associated, and if so, calling the agent processing module.
The binding or unbinding operation step for the security group associated cloud host includes:
receiving a binding or unbinding request aiming at the security group associated cloud host triggered by a user, and calling a physical machine agent processing module where the associated cloud host is located to carry out binding or unbinding operation between the security group and the corresponding cloud host. The specific process of calling the physical machine agent processing module where the associated cloud host is located is as above.
The present embodiment further provides a distributed security group module access control system, as shown in fig. 7, including:
an operation request receiving unit configured to receive an operation request for the security group module triggered by a user through an external interface or a cloud platform, the security group module comprises at least one of security groups, security group templates, security group rules, and security group associated cloud hosts, so the operation request for the security group module received by the operation request receiving unit comprises a creation or cloning request for the security groups, a deletion request for security groups, a creation request for the security group templates, a deletion request for the security group templates, a prioritization operation request for the security group rules, any one of a new creation, an edit, an insertion, an import, a deletion request for the security group rules, and a binding or unbinding request for the security group associated cloud hosts, wherein the security group module and the virtual machine network card are associated to form a distributed security group module;
and the operation step execution unit is configured to execute the corresponding operation step aiming at the security group module according to the operation request. The operation request receiving unit indicates that the security group module comprises at least one of security groups, security group templates, security group rules and security group association cloud hosts, the security group module is associated with the virtual machine network card to form a distributed security group module, the security group module is distributed, so high-concurrency scenes can be flexibly dealt with, and the security group module is associated with the virtual machine network card, and a user can access and control the security group module from the network card dimension of the virtual machine through the cooperation of the operation request receiving unit and the operation step executing unit, so that the network security isolation function is good and flexible, and communication filtering among different virtual network cards in the same subnet can be realized.
The operation request receiving unit and the operation step executing unit are matched with each other, and the operation is executed as follows:
the operation request for the security group module received by the operation request receiving unit includes a creation or clone request for the security group, and the respective operation steps performed by the operation step performing unit include:
receiving a creation or cloning request aiming at a security group triggered by a user and creation or cloning configuration parameters input by the user;
determining whether the name of the pre-created or cloned security group and the associated item of the pre-created or cloned security group meet the requirements for creation or cloning, if so, generating a creation or cloning type and recording the creation or cloning type into a database;
and judging whether to create or clone on the security group template according to the creation or clone configuration parameters, if so, copying security group rules associated with the security group template to a pre-created security group for creating the security group and recording the created security group into a database, or copying the security group rules of the cloned security group to a new security group for cloning the security group and recording the cloned security group into the database.
The operation request for the security group module received by the operation request receiving unit includes a deletion request for a security group, and the corresponding operation steps performed by the operation step performing unit include:
receiving a deletion request for the security group triggered by a user;
and determining whether the security group is associated with the cloud host, if not, deleting the security group and the associated security group rule thereof, and if so, calling a physical machine agent processing module of the associated cloud host to delete.
The operation request for the security group module received by the operation request receiving unit includes a creation request for the security group template, and the corresponding operation steps performed by the operation step performing unit include:
receiving a creation request aiming at the security group template triggered by a user and creation configuration parameters input by the user;
and determining whether the name of the pre-created security group template and the associated item of the pre-created security group template meet the creation requirement, if so, generating a creation type and recording the creation type in a database.
The operation request for the security group module received by the operation request receiving unit includes a deletion request for the security group template, and the corresponding operation steps performed by the operation step performing unit include:
receiving a deletion request for the security group template triggered by a user;
and judging whether the security group template is a system template or a common template, if the security group template is the system template, deleting the security group template, and if the security group template is the common template, deleting the security group template.
The operation request for the security group module received by the operation request receiving unit comprises a prioritization operation request for the security group rule, the respective operation steps comprising:
receiving a user-triggered prioritization operation request aiming at the security group rule;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, and performing priority sequencing on the current security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host.
The operation request for the security group module received by the operation request receiving unit includes any one of operation requests of creating, editing, inserting, importing and deleting for the security group rule, and the corresponding operation steps executed by the operation step executing unit include:
receiving any one operation request in new creation, editing, insertion, import and deletion aiming at the security group rule triggered by a user;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, carrying out operation processing corresponding to the operation request on the current security group rules, and carrying out priority sequencing on the processed security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host.
The operation request for the security group module received by the operation request receiving unit includes a binding or unbinding request for the security group associated cloud host, and the corresponding operation steps performed by the operation step performing unit include:
receiving a binding or unbinding request aiming at the security group associated cloud host triggered by a user, and calling a physical machine agent processing module where the associated cloud host is located to carry out binding or unbinding operation between the security group and the corresponding cloud host.
The physical machine agent processing module for calling the associated cloud host executed by the operation step execution unit comprises:
acquiring a physical machine where a security group associated cloud host is located, judging whether the agent state of the physical machine is normal, if so, connecting the agent of the physical machine to acquire a security group initial template and all associated security group rules on the physical machine;
and assembling the security group rules into a configuration file, and sending the configuration file to an agent processing module for configuration.
It should be understood that the steps of the distributed security group module access control method described above correspond to sub-units described in the distributed security group module access control system. Thus, the operations and features described above for the method are also applicable to the above system and the units included therein, and are not described again here.
The present embodiment also provides an apparatus, which is suitable for implementing the embodiments of the present application.
The apparatus includes a computer system 100, and as shown in fig. 8, the computer system 100 includes a Central Processing Unit (CPU)101 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)102 or a program loaded from a storage section into a Random Access Memory (RAM) 103. In the RAM103, various programs and data necessary for system operation are also stored. The CPU 101, ROM 102, and RAM103 are connected to each other via a bus 104. An input/output (I/O) interface 105 is also connected to bus 104.
The following components are connected to the I/O interface 105: an input portion 106 including a keyboard, a mouse, and the like; an output section 107 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 108 including a hard disk and the like; and a communication section 109 including a network interface card such as a LAN card, a modem, or the like. The communication section 109 performs communication processing via a network such as the internet. The drives are also connected to the I/O interface 105 as needed. A removable medium 111 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 110 as necessary, so that a computer program read out therefrom is mounted into the storage section 108 as necessary.
In particular, according to an embodiment of the invention, the process described above with reference to the flowchart of fig. 1 may be implemented as a computer software program. For example, an embodiment of the invention includes a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section, and/or installed from a removable medium. The above-described functions defined in the system of the present application are executed when the computer program is executed by the Central Processing Unit (CPU) 101.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to one embodiment of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves. The described units or modules may also be provided in a processor, and may be described as: a processor includes an operation request receiving unit, an operation step executing unit. Where the names of these units or modules do not in some cases constitute a limitation of the units or modules themselves, for example, the operation request receiving unit may also be described as being configured to receive a user-triggered operation request for a security group module comprising at least one of a security group, a security group template, a security group rule, a security group associated cloud host, wherein the security group module is associated with a virtual machine network card to form a distributed security group module.
As another aspect, the present application also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by an electronic device, cause the electronic device to implement the distributed security group module access control method as described in the above embodiments.
For example, the electronic device may implement the following as shown in fig. 1: receiving an operation request aiming at a security group module triggered by a user, wherein the security group module comprises at least one item of security groups, security group templates, security group rules and security group associated cloud hosts, and the security group module is associated with a virtual machine network card to form a distributed security group module; and executing corresponding operation steps aiming at the security group module according to the operation request.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by a person skilled in the art that the scope of the invention as referred to in the present application is not limited to the embodiments with a specific combination of the above-mentioned features, but also covers other embodiments with any combination of the above-mentioned features or their equivalents without departing from the inventive concept. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (18)
1. A distributed security group module access control system, comprising:
the operation request receiving unit is configured to receive an operation request, which is triggered by a user and is directed to a security group module, wherein the security group module comprises at least one of a security group, a security group template, a security group rule and a security group associated cloud host, and the security group module is associated with a virtual machine network card to form a distributed security group module;
and the operation step execution unit is configured to execute the corresponding operation step aiming at the security group module according to the operation request.
2. The distributed security group module access control system as recited in claim 1, wherein the operation request for the security group module received by the operation request receiving unit includes a create or clone request for the security group, and the corresponding operation steps performed by the operation step performing unit include:
receiving a creation or cloning request aiming at a security group triggered by a user and creation or cloning configuration parameters input by the user;
determining whether the name of the pre-created or cloned security group and the associated item of the pre-created or cloned security group meet the requirements for creation or cloning, if so, generating a creation or cloning type and recording the creation or cloning type into a database;
and judging whether to create or clone on the security group template according to the creation or clone configuration parameters, if so, copying security group rules associated with the security group template to a pre-created security group for creating the security group and recording the created security group into a database, or copying the security group rules of the cloned security group to a new security group for cloning the security group and recording the cloned security group into the database.
3. The distributed security group module access control system of claim 1,
the operation request for the security group module received by the operation request receiving unit includes a deletion request for a security group, and the corresponding operation steps performed by the operation step performing unit include:
receiving a deletion request for the security group triggered by a user;
and determining whether the security group is associated with the cloud host, if not, deleting the security group and the associated security group rule thereof, and if so, calling a physical machine agent processing module of the associated cloud host to delete.
4. The distributed security group module access control system of claim 1,
the operation request for the security group module received by the operation request receiving unit includes a creation request for the security group template, and the corresponding operation steps performed by the operation step performing unit include:
receiving a creation request aiming at the security group template triggered by a user and creation configuration parameters input by the user;
and determining whether the name of the pre-created security group template and the associated item of the pre-created security group template meet the creation requirement, if so, generating a creation type and recording the creation type in a database.
5. The distributed security group module access control system as recited in any one of claims 1-4,
the operation request for the security group module received by the operation request receiving unit includes a deletion request for the security group template, and the corresponding operation steps performed by the operation step performing unit include:
receiving a deletion request for the security group template triggered by a user;
and judging whether the security group template is a system template or a common template, if the security group template is the system template, deleting the security group template, and if the security group template is the common template, deleting the security group template.
6. The distributed security group module access control system as recited in claim 1, wherein the operation request for the security group module received by the operation request receiving unit comprises a prioritization operation request for the security group rule, the respective operation step comprising:
receiving a user-triggered prioritization operation request aiming at the security group rule;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, and performing priority sequencing on the current security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host.
7. The distributed security group module access control system according to claim 1, wherein the operation request for the security group module received by the operation request receiving unit includes any one of a new creation, an edit, an insertion, an import, and a deletion of the security group rule, and the corresponding operation steps performed by the operation step performing unit include:
receiving any one operation request in new creation, editing, insertion, import and deletion aiming at the security group rule triggered by a user;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, carrying out operation processing corresponding to the operation request on the current security group rules, and carrying out priority sequencing on the processed security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host.
8. The distributed security group module access control system according to claim 1, wherein the operation request for the security group module received by the operation request receiving unit includes a binding or unbinding request for the security group associated cloud host, and the corresponding operation steps performed by the operation step performing unit include:
receiving a binding or unbinding request aiming at the security group associated cloud host triggered by a user, and calling a physical machine agent processing module where the associated cloud host is located to carry out binding or unbinding operation between the security group and the corresponding cloud host.
9. The distributed security group module access control system as claimed in any one of claims 3 and 6 to 8, wherein the operation step execution unit executes a call to a physical agent processing module in which the associated cloud host is located, and the call includes:
acquiring a physical machine where a security group associated cloud host is located, judging whether the agent state of the physical machine is normal, if so, connecting the agent of the physical machine to acquire a security group initial template and all associated security group rules on the physical machine;
and assembling the security group rules into a configuration file, and sending the configuration file to an agent processing module for configuration.
10. A distributed security group module access control method is characterized by comprising the following steps:
receiving an operation request aiming at a security group module triggered by a user, wherein the security group module comprises at least one item of security groups, security group templates, security group rules and security group associated cloud hosts, and the security group module is associated with a virtual machine network card to form a distributed security group module;
and executing corresponding operation steps aiming at the security group module according to the operation request.
11. The distributed security group module access control method of claim 10, wherein the operation request for the security group module comprises a create or clone request for the security group, and wherein the corresponding operation step comprises:
receiving a creation or cloning request aiming at a security group triggered by a user and creation or cloning configuration parameters input by the user;
determining whether the name of the pre-created or cloned security group and the associated item of the pre-created or cloned security group meet the requirements for creation or cloning, if so, generating a creation or cloning type and recording the creation or cloning type into a database;
and judging whether to create or clone on the security group template according to the creation or clone configuration parameters, if so, copying security group rules associated with the security group template to a pre-created security group for creating the security group and recording the created security group into a database, or copying the security group rules of the cloned security group to a new security group for cloning the security group and recording the cloned security group into the database.
12. The distributed security group module access control method of claim 10,
the operation request for the security group module comprises a delete request for the security group, the respective operation steps comprising:
receiving a deletion request for a security group triggered by a user;
and determining whether the security group is associated with the cloud host, if not, deleting the security group and the associated security group rule thereof, and if so, calling a physical machine agent processing module where the associated cloud host is located to delete.
13. The distributed security group module access control method of claim 10,
the operation request for the security group module comprises a creation request for the security group template, the respective operation steps comprising:
receiving a creation request aiming at a security group template triggered by a user and creation configuration parameters input by the user;
and determining whether the name of the pre-created security group template and the associated item of the pre-created security group template meet the creation requirement, if so, generating a creation type and recording the creation type in a database.
14. The distributed security group module access control method of claim 10,
the operation request for the security group module comprises a delete request for the security group template, the respective operation steps comprising:
receiving a deletion request for the security group template triggered by a user;
and judging whether the security group template is a system template or a common template, if the security group template is the system template, deleting the security group template, and if the security group template is the common template, deleting the security group template.
15. The distributed security group module access control method of claim 10, wherein the operation request for the security group module comprises a prioritization operation request for the security group rules, the respective operation steps comprising:
receiving a priority ordering operation request aiming at the security group rule triggered by a user;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, and performing priority sequencing on the current security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host.
16. The distributed security group module access control method as claimed in claim 10, wherein said operation request for the security group module includes any one of operation request of creating, editing, inserting, importing and deleting for said security group rule, and said corresponding operation step includes:
receiving any one operation request in new creation, editing, insertion, import and deletion aiming at the security group rule triggered by a user;
determining whether the collected configuration parameters corresponding to the operation request aiming at the security group rules meet the specifications, if so, inquiring the priority of the current security group rules according to the universal unique identification code of the security group, carrying out operation processing corresponding to the operation request on the current security group rules, and carrying out priority sequencing on the processed security group rules;
and judging whether the prior security group is associated with the cloud host, if so, calling a physical machine agent processing module of the associated cloud host.
17. The distributed security group module access control method of claim 10, wherein the operation request for the security group module comprises a bind or unbind request for the security group associated cloud host, and wherein the corresponding operation steps comprise:
receiving a binding or unbinding request aiming at the security group associated cloud host triggered by a user, and calling a physical machine agent processing module where the associated cloud host is located to carry out binding or unbinding operation between the security group and the corresponding cloud host.
18. The distributed security group module access control method as claimed in any one of claims 12 and 15 to 17, wherein calling the physical agent processing module in which the associated cloud host is located includes:
acquiring a physical machine where a security group associated cloud host is located, judging whether the agent state of the physical machine is normal, if so, connecting the agent of the physical machine to acquire a security group initial template and all associated security group rules on the physical machine;
and assembling the security group rules into a configuration file, and sending the configuration file to an agent processing module for configuration.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811416366.1A CN111224922A (en) | 2018-11-26 | 2018-11-26 | Distributed security group module access control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811416366.1A CN111224922A (en) | 2018-11-26 | 2018-11-26 | Distributed security group module access control method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111224922A true CN111224922A (en) | 2020-06-02 |
Family
ID=70832149
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811416366.1A Pending CN111224922A (en) | 2018-11-26 | 2018-11-26 | Distributed security group module access control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111224922A (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103164647A (en) * | 2013-02-28 | 2013-06-19 | 华为技术有限公司 | Access control method of network security group and security computer |
| US20130312056A1 (en) * | 2011-07-12 | 2013-11-21 | Cisco Technology, Inc. | Zone-Based Firewall Policy Model for a Virtualized Data Center |
| CN103632090A (en) * | 2013-11-04 | 2014-03-12 | 天津汉柏信息技术有限公司 | Method for operating virtual firewall on virtual machine |
| CN104007997A (en) * | 2013-02-22 | 2014-08-27 | 中兴通讯股份有限公司 | Virtual machine security group configuration method and device |
| CN104301321A (en) * | 2014-10-22 | 2015-01-21 | 北京启明星辰信息技术股份有限公司 | Method and system for achieving distributed network safety protection |
| CN104660553A (en) * | 2013-11-19 | 2015-05-27 | 北京天地超云科技有限公司 | Implementation method of virtual firewall |
| CN104917653A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Virtual flow monitoring method based on cloud platform and device thereof |
| CN105100109A (en) * | 2015-08-19 | 2015-11-25 | 华为技术有限公司 | Method and device for deploying security access control policy |
| CN105141571A (en) * | 2014-06-09 | 2015-12-09 | 中兴通讯股份有限公司 | Distributed virtual firewall device and method |
| EP3010200A1 (en) * | 2014-10-15 | 2016-04-20 | Huawei Technologies Co., Ltd. | Method for controlling service data flow and network device |
| US20170118173A1 (en) * | 2015-10-23 | 2017-04-27 | Attala Systems, LLC | Distributed firewalls and virtual network services using network packets with security tags |
| CN106713365A (en) * | 2017-02-28 | 2017-05-24 | 郑州云海信息技术有限公司 | Cloud environment-based network security system |
| CN106790091A (en) * | 2016-12-23 | 2017-05-31 | 深圳市深信服电子科技有限公司 | A kind of cloud security guard system and flow cleaning method |
| CN107995144A (en) * | 2016-10-26 | 2018-05-04 | 北京金山云网络技术有限公司 | A kind of access control method and device based on secure group |
-
2018
- 2018-11-26 CN CN201811416366.1A patent/CN111224922A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130312056A1 (en) * | 2011-07-12 | 2013-11-21 | Cisco Technology, Inc. | Zone-Based Firewall Policy Model for a Virtualized Data Center |
| CN104007997A (en) * | 2013-02-22 | 2014-08-27 | 中兴通讯股份有限公司 | Virtual machine security group configuration method and device |
| CN103164647A (en) * | 2013-02-28 | 2013-06-19 | 华为技术有限公司 | Access control method of network security group and security computer |
| CN103632090A (en) * | 2013-11-04 | 2014-03-12 | 天津汉柏信息技术有限公司 | Method for operating virtual firewall on virtual machine |
| CN104660553A (en) * | 2013-11-19 | 2015-05-27 | 北京天地超云科技有限公司 | Implementation method of virtual firewall |
| CN105141571A (en) * | 2014-06-09 | 2015-12-09 | 中兴通讯股份有限公司 | Distributed virtual firewall device and method |
| EP3010200A1 (en) * | 2014-10-15 | 2016-04-20 | Huawei Technologies Co., Ltd. | Method for controlling service data flow and network device |
| CN104301321A (en) * | 2014-10-22 | 2015-01-21 | 北京启明星辰信息技术股份有限公司 | Method and system for achieving distributed network safety protection |
| CN104917653A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Virtual flow monitoring method based on cloud platform and device thereof |
| CN105100109A (en) * | 2015-08-19 | 2015-11-25 | 华为技术有限公司 | Method and device for deploying security access control policy |
| US20170118173A1 (en) * | 2015-10-23 | 2017-04-27 | Attala Systems, LLC | Distributed firewalls and virtual network services using network packets with security tags |
| CN107995144A (en) * | 2016-10-26 | 2018-05-04 | 北京金山云网络技术有限公司 | A kind of access control method and device based on secure group |
| CN106790091A (en) * | 2016-12-23 | 2017-05-31 | 深圳市深信服电子科技有限公司 | A kind of cloud security guard system and flow cleaning method |
| CN106713365A (en) * | 2017-02-28 | 2017-05-24 | 郑州云海信息技术有限公司 | Cloud environment-based network security system |
Non-Patent Citations (2)
| Title |
|---|
| CHENG JIN: "Secgras: Security Group Analysis as a Cloud Service", 《2014 IEEE 22ND INTERNATIONAL CONFERENCE ON NETWORK PROTOCOLS》 * |
| 王雅超: "云计算中XEN虚拟机安全隔离相关技术综述", 《信息安全与通信保密》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8266685B2 (en) | Firewall installer | |
| US20190141022A1 (en) | On-premise and off-premise communication | |
| CN110784361A (en) | Virtualized cloud honey network deployment method, device, system and computer-readable storage medium | |
| US9590993B2 (en) | Filtering kernel-mode network communications | |
| JP4507104B2 (en) | Information processing apparatus, communication control method, and communication control program | |
| KR102260435B1 (en) | Method and device for processing data | |
| CN101009683A (en) | Computer system and method for processing network flow | |
| CN110291764B (en) | Method, system and storage medium for reducing number of rules in multiple rules adopted by network firewall | |
| US20220052878A1 (en) | Techniques for utilizing multiple network interfaces for a cloud shell | |
| CN111917586A (en) | Container bandwidth adjusting method, server and storage medium | |
| KR102184114B1 (en) | Method and apparatus for providing network security service | |
| CN114296953A (en) | Multi-cloud heterogeneous system and task processing method | |
| US20190007306A1 (en) | Device and method for controlling route of traffic flow | |
| CN113691458A (en) | Network packet processing method and device, electronic equipment and storage medium | |
| CN111224922A (en) | Distributed security group module access control method and system | |
| EP3139298B1 (en) | Information processing system, control method, and control program | |
| CN114244555B (en) | Security policy adjusting method | |
| US7805733B2 (en) | Software implementation of hardware platform interface | |
| CN113839865B (en) | Management method and system for cross-domain call service | |
| KR101064201B1 (en) | Right managing device of web data, recording medium for operating right managing method of web data and apparatus and method for providing information for right management | |
| CN115208671A (en) | Firewall configuration method and device, electronic equipment and storage medium | |
| US11604670B2 (en) | Virtual machine live migration method, apparatus, and system | |
| CN110365742B (en) | Multi-active load balancing application creation method and device, computer equipment and storage medium | |
| CN113904871A (en) | Network slice access method, PCF entity, terminal and communication system | |
| CN113542282A (en) | Cross-computing center file transmission method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200602 |
|
| RJ01 | Rejection of invention patent application after publication |