CN115134367A - Cloud platform and service processing method - Google Patents
Cloud platform and service processing method Download PDFInfo
- Publication number
- CN115134367A CN115134367A CN202210743663.7A CN202210743663A CN115134367A CN 115134367 A CN115134367 A CN 115134367A CN 202210743663 A CN202210743663 A CN 202210743663A CN 115134367 A CN115134367 A CN 115134367A
- Authority
- CN
- China
- Prior art keywords
- available domain
- domain
- service
- target
- available
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 23
- 238000011161 development Methods 0.000 claims abstract description 23
- 238000013507 mapping Methods 0.000 claims abstract description 12
- 238000013480 data collection Methods 0.000 claims abstract description 7
- 238000000586 desensitisation Methods 0.000 claims abstract description 7
- 238000003860 storage Methods 0.000 claims description 65
- 238000000034 method Methods 0.000 claims description 26
- 238000012545 processing Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 13
- 238000009434 installation Methods 0.000 claims description 12
- 230000004044 response Effects 0.000 claims description 9
- 238000012423 maintenance Methods 0.000 claims description 6
- 230000018109 developmental process Effects 0.000 description 17
- 238000013461 design Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 11
- 238000002955 isolation Methods 0.000 description 11
- 238000013473 artificial intelligence Methods 0.000 description 6
- 239000000243 solution Substances 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 239000012634 fragment Substances 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000002184 metal Substances 0.000 description 2
- 230000001737 promoting effect Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 230000032683 aging Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000002372 labelling Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a cloud platform and a service processing method. The cloud platform comprises a first available domain, a second available domain and a cloud management and control platform, wherein the first available domain and the second available domain are physically isolated, the first available domain is used for providing automatic driving business service for vehicles, and tools comprising mapping-related data collection, data desensitization and business development are deployed; a second available domain for providing infrastructure as a service (IaaS) and platform as a service (PaaS) for vehicles, deploying tools including mapping-independent data development and business development; the cloud management and control platform is respectively connected with the first available domain and the second available domain and is used for carrying out resource management on the first available domain and the second available domain. According to the scheme, the cloud management and control platform is used for carrying out resource management on the first available domain and the second available domain, so that the problems of high resource management cost and complicated management mode are reduced.
Description
Technical Field
The application relates to the technical field of computers, in particular to a cloud platform and a service processing method.
Background
In the field of automatic driving, when data (such as videos, laser information and the like) collected by a road acquisition device is transmitted back to the rear end of a cloud platform, a machine room at the rear end of the cloud platform is required to be physically isolated (namely, the machine room cannot be communicated with the internet); meanwhile, a lot of services developed by using the cloud platform have a need for intercommunication with the internet, for example, the cockpit platform in the cloud platform is upgraded by Over-the-Air Technology (OTA) through the internet, the cloud platform controls the vehicle end through the internet, and information recommendation is performed.
In the prior art, two sets of cloud platforms are often required to be deployed in the face of such a situation, so as to meet the requirements of compliance and business. Specifically, a set of cloud platforms is used for storing collected data in a physical isolation mode, and a set of cloud platforms is used for business application with intercommunication requirements with the internet.
However, this method is too costly and difficult to manage.
Disclosure of Invention
The embodiment of the application provides a cloud platform and a service processing method, and aims to solve the problems that in the prior art, operation and maintenance cost is too high and management is complex and the like in resource management.
In a first aspect, an embodiment of the present application provides a cloud platform, including: a first available domain, a second available domain, and a cloud management platform, the first available domain and the second available domain being physically isolated;
the first available domain for providing autonomous driving business services for vehicles, deploying tools including mapping-related data collection, data desensitization, and business development;
the second available domain is used for providing infrastructure as a service (IaaS) and platform as a service (PaaS) for the vehicle, and tools comprising mapping-independent data development and business development are deployed;
the cloud management and control platform is connected with the first available domain and the second available domain respectively and used for conducting resource management on the first available domain and the second available domain.
In a possible design of the first aspect, the server of the target available domain is connected to the storage area of the target available domain through a first network card, and is configured to access the storage area, where the target available domain is the first available domain or the second available domain.
In another possible design of the first aspect, the cloud management and control platform is connected to the server of the target available domain through a second network card, and is configured to perform resource access, configuration management, and operation and maintenance operation on the target available domain.
Optionally, the first available domain is connected to the intranet through a first firewall; the second available domain is connected to the extranet through a second firewall.
In a second aspect, an embodiment of the present application provides a service processing method, which is applied to the cloud management and control platform in the first aspect and various possible designs, where the method includes:
in response to an operation of a user to create an object storage container, determining an identification of a target available domain, the target available domain being a first available domain or a second available domain;
generating domain name information of an access node in the target available domain according to the identification of the target available domain;
globally storing the related information of the object storage container, and determining routing information according to the domain name information;
storing the routing information into a load access node of the target available domain.
In one possible design of the second aspect, the method further includes:
and in the process of installing the general class basic service, skipping installation of the service matched with the interception parameter, wherein the interception parameter is contained in an installation script of the general class basic service, and the interception parameter is used for recording the service which is not required to be added in the target available domain.
In a third aspect, an embodiment of the present application provides a service processing apparatus, which is applied to the cloud management and control platform in the first aspect and various possible designs, where the apparatus includes:
a response module, configured to determine, in response to an operation of creating an object storage container by a user, an identification of a target available domain, where the target available domain is a first available domain or a second available domain;
a generating module, configured to generate domain name information of an access node in the target available domain according to the identifier of the target available domain;
the determining module is used for globally storing the related information of the object storage container and determining routing information according to the domain name information;
and the storage module is used for storing the routing information into the load access node of the target available domain.
In one possible design of the third aspect, the processing module is configured to:
and in the process of installing the general class basic service, skipping installation of the service matched with the interception parameter, wherein the interception parameter is contained in an installation script of the general class basic service, and the interception parameter is used for recording the service which is not required to be added in the target available domain.
In a fourth aspect, an embodiment of the present application provides a server, including: a processor, a memory;
the memory stores computer-executable instructions;
the processor executes the computer-executable instructions to cause the server to perform the business process method as described in the second aspect and various possible designs above.
In a fifth aspect, embodiments of the present application provide a computer-readable storage medium, in which computer-executable instructions are stored, and when the computer-executable instructions are executed by a processor, the computer-readable storage medium is configured to implement the business processing method as described in the second aspect and various possible designs.
In a sixth aspect, embodiments of the present application provide a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program is used to implement the service processing method as described in the second aspect and various possible designs.
The cloud platform and the service processing method provided by the embodiment of the application. The cloud platform comprises a first available domain, a second available domain and a cloud management and control platform, wherein the first available domain and the second available domain are physically isolated, the first available domain is used for providing automatic driving business service for vehicles, and tools comprising mapping-related data collection, data desensitization and business development are deployed; a second available domain for providing infrastructure as a service, IaaS, and platform as a service, PaaS, for the vehicle, deploying tools including mapping-independent data development and business development; the cloud management and control platform is connected with the first available domain and the second available domain respectively and used for conducting resource management on the first available domain and the second available domain. According to the scheme, the cloud management and control platform is used for carrying out resource management on the first available domain and the second available domain, so that the problems of high resource management cost and complicated management mode are reduced.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic view of an application scenario of a service processing method according to an embodiment of the present application;
fig. 2 is a first schematic architecture diagram of a cloud platform according to an embodiment of the present disclosure;
fig. 3 is a schematic architecture diagram of a cloud platform according to an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of a service processing method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a service processing apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. The drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the concepts of the application by those skilled in the art with reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
Before introducing the embodiments of the present application, the terms and background of the present application are explained first:
data Center (DC): the physical concept refers to a collection of devices such as servers, networks, and storages in a physical space (e.g., a computer room), which implements centralized processing, storage, transmission, exchange, and management of information.
Available field (Available Zone, AZ): the logical concept, namely, refers to the isolated domain of the fault. One available domain may contain a plurality of DCs, and one DC may set a plurality of available domains.
Data annotation: the data annotator uses an automated tool to capture and collect data including text, pictures, voice, etc. from the internet, and then arranges and annotates the captured data.
Data global distributed storage: distributed storage solves the problems of how to store data on multiple machines and provide availability, reliability and consistency, and in recent years, a plurality of practical experiences exist, and some modes are slowly precipitated. With these generic implementations as a base, different user interfaces can be packaged, such as file systems, relational databases, object stores, etc.
The most basic distributed solution is to fragment data (partition) so that one fragment can be stored in any single machine. In an implementation, the shards will generally be smaller. As more data and more slices are available, more machines are needed. However, hardware has problems of good product yield and aging, and the probability is not large, but becomes a problem in the case of a large amount of machines. In order to ensure that data is not lost, each fragment needs to be subjected to redundancy processing, including erasure codes (EC codes) and multiple copies (english: replication).
Safety compliance background: with the development of digital economy, data safety compliance is not only a requirement of economic development, but also a key requirement for protecting national safety. In the process of promoting data circulation, a series of problems of data leakage, unclear right attribute, difficult supervision, incomplete law and the like are faced, and the inevitable requirements for better exerting the value of data, promoting social development and guaranteeing data safety compliance are national development. A supervision system is established, management consciousness and capacity of individuals and enterprises are enhanced, a hierarchical classification system is constructed, and effective management of data safety compliance is promoted.
Physical isolation: meaning that the intranet is not directly or indirectly connected to the public network.
The purpose of physical isolation is to protect hardware entities such as routers, workstations, network servers and the like and communication links from natural disasters, human damage and wiretap attacks.
Only by physically isolating the intranet from the public network can the intranet be truly protected from hacker attacks from the internet. In addition, the physical isolation also defines a definite security boundary for the intranet, so that the controllability of the network is enhanced, and the internal management is facilitated.
In the field of automatic driving, when data (such as videos and laser information) collected by a road mining vehicle is transmitted back to the rear end of a cloud platform, the machine room at the rear end of the cloud platform is required to be physically isolated (namely, the machine room cannot be communicated with the internet); meanwhile, many services developed by using a cloud platform need to be communicated with the internet (for example, a cockpit platform is upgraded by an Over-the-Air Technology (OTA) through the internet, and the cloud platform controls a vehicle end through the internet, recommends information, and the like).
In the face of such a situation, two sets of cloud platforms are often required to be deployed to meet the requirements of compliance and business, and this form will generate twice the cost for resources and management, and also has the problem of complex management in management.
In order to solve the technical problems, the technical conception process of the inventor is as follows: different use areas are designed by unifying a set of cloud platform and a physical isolation technical method, so that the intercommunication requirement between different network physical isolation and the Internet is met, and meanwhile, the business and data safety compliance requirements are met by setting different computing resources, data resources, storage resources, tools and the like to fall into different physical isolation areas. For the area physically isolated from the internet, the network is not only physically isolated from the internet, but also can not be communicated with the internet through other areas; for the area needing to share with the Internet, the development can be carried out in the area independently; the two areas are physically isolated and cannot be communicated with each other, so that the technical problem in the prior art can be solved.
Based on the problems in the prior art, fig. 1 is a schematic view of an application scenario of a service processing method provided in an embodiment of the present application, so as to solve the above technical problems. As shown in fig. 1, the application scenario diagram includes: an office area 11, an internet area 12, and a cloud platform 13.
The cloud platform 13 (which may be a unified cloud platform) may include a first available domain and a second available domain.
In one possible implementation, the office area 11 may include: a compiler or compliance office, a general office, a labeling team office, and a data collection injection. The office area 11 is accessed to the compliance access area through a firewall via a private line to communicate with the first available domain.
In another possible implementation, the internet zone 12 communicates with the second available domain connection through a hardware firewall.
Finally, the purposes that a set of cloud platform, a public management assembly and a management platform are reused, the automatic driving service is isolated from the Internet, and the general service can be mutually visited with the Internet according to requirements are achieved.
It is to be understood that the above undisclosed portions are given by the following examples.
The technical solution of the present application is described in detail by specific embodiments with an application scenario schematic diagram shown in fig. 1. It should be noted that the following several specific embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 2 is a first schematic architecture diagram of a cloud platform according to an embodiment of the present disclosure. As shown in fig. 2, in conjunction with fig. 1, the cloud platform 13 includes: a first available domain 131 and a second available domain 132, and a cloud hosting platform 133.
Wherein the first available domain 131 and the second available domain 132 are physically separated.
Optionally, the first available domain 131 and the second available domain 132 may be placed in different parks in the same city, or may be placed in different rooms in the same park, and the servers of the first available domain 131 and the second available domain 132 are connected to the management plane of the cloud platform 13 through separate management ports, so that the management plane is physically separated from the business plane.
Optionally, the service plane and the storage plane of the first available domain 131 and the second available domain 132 have independent network access nodes and core nodes, respectively.
For the second available domain 132, which needs to communicate with internet zone 12, the core node link is connected to the firewall at internet zone 12, and for the first available domain 131, which needs to communicate with office zone 11, the core node link is connected to the firewall at office zone 11.
The first available domain 131 and the second available domain 132 are physically isolated and both managed by the cloud management platform 133.
Optionally, the servers of the first available domain 131 and the second available domain 132 are connected to the management plane of the cloud management and control platform 133 through separate management interfaces, so that the management plane and the business plane can be physically isolated.
In one possible implementation, the first available domain 131, used to provide autonomous driving business services for vehicles, deploys tools including mapping-related data collection, data desensitization, and business development, and thus the first available domain may be an autonomous driving available domain.
Specifically, a computing platform, a simulation platform, a Hardware-in-loop (HIL) simulation test, a data platform, an evaluation platform, data desensitization, and the like may be deployed in the first available domain 131.
In one possible implementation, the second available domain 132, which is used to provide Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) for vehicles, deploys tools including mapping-independent data development and business development, and thus may be a generic business available domain.
Specifically, the second available domain 132 may be deployed with big data and Artificial Intelligence (AI) tenants and enterprise service tenants, and have respective IaaS and PaaS functions.
The big data and artificial intelligence AI tenant, namely the big data and AI business, comprises: a big data platform and an AI research and development platform; the enterprise service tenant comprises: an enterprise service application.
Optionally, the cloud management and control platform 133 is connected to the first available domain 131 and the second available domain 132, respectively, and is configured to perform resource management on the first available domain 131 and the second available domain 132.
Specific examples of such features are set forth in the following examples.
Optionally, the first available domain 131 is connected to the intranet through a first firewall; the second available domain 132 is connected to the extranet through a second firewall.
Specifically, the service plane and the storage plane of the first available domain 131 and the second available domain 132 have an independent network access node and a core node, respectively, and for the first available domain 131 to communicate with the office area of the intranet, the core node is connected to an egress firewall, that is, a first firewall; for the second available domain 132 to need to communicate with the internet, the core node link is connected to the egress firewall, i.e., the second firewall.
In one possible implementation, the intranet is connected to a Network Function Virtualization (NFV) Network area in the first available domain 131 through a first firewall of the compliance access area, and the NFV Network area communicates with servers in the first available domain 131, and the servers in the first available domain 131 communicate with the computing function area, the bare metal area, and the storage area in the first available domain 131, respectively.
In one possible implementation, the internet is connected to the NFV network zone in the second available domain 132 through a second firewall of the internet zone, and the NFV network zone communicates with servers in the second available domain 132, which servers in the second available domain 132 communicate with the compute function zone, the bare metal zone, the storage function zone, the database, and the middleware in the second available domain 132, respectively.
The cloud platform provided by the embodiment of the application comprises a first available domain, a second available domain and a cloud management and control platform, wherein the first available domain and the second available domain are physically isolated, the first available domain is used for providing automatic driving business services for vehicles, and tools including mapping-related data collection, data desensitization and business development are deployed; a second available domain for providing infrastructure as a service (IaaS) and platform as a service (PaaS) for vehicles, deploying tools including mapping-independent data development and business development; the cloud management and control platform is respectively connected with the first available domain and the second available domain and is used for carrying out resource management on the first available domain and the second available domain. According to the scheme, the cloud management and control platform is used for managing resources of the first available domain and the second available domain, so that the problems of high resource management cost and complex management mode are reduced.
Based on fig. 2, fig. 3 is a second schematic architecture diagram of a cloud platform provided in the embodiment of the present application. As shown in fig. 3, the target available domain 21 in the cloud platform (the target available domain 21 is the first available domain 131 or the second available domain 132).
That is, in the first available domain 131 and the second available domain 132, a set of object storing areas is respectively disposed. For each set of object storage area, the storage area is generally divided into a load access node and a data node, servers of the two types of nodes have storage access and management access, and different network cards are adopted for physical isolation:
optionally, the server of the target available domain 21 is connected to the storage area of the target available domain 21 through a first network card, and is configured to access the storage area.
In a possible implementation, the storage access adopts an independent 10GE/40GE/100GE network card (first network card), and accesses to the storage surface of the target available domain 21 for the server of the target available domain 21 to perform storage access.
Optionally, the cloud management and control platform 133 is connected to the server of the target available domain through the second network card, and is configured to perform resource access, configuration management, and operation and maintenance operation on the target available domain.
In a possible implementation, an independent GE network card is used for management access, and a server of the target available domain is docked to a management plane of the cloud management and control platform 133, so as to implement access, configuration management, operation and maintenance operation and the like of resources.
According to the cloud platform provided by the embodiment of the application, a server of a target available domain (the target available domain is a first available domain or a second available domain) is connected with a storage area of the target available domain through a first network card and used for accessing the storage area, and a cloud management and control platform is connected with the server of the target available domain through a second network card and used for performing resource access, configuration management and operation and maintenance operation on the target available domain. The scheme adopts different network cards to meet the requirement of physical isolation.
On the basis of the cloud platform embodiment, fig. 4 is a schematic flow diagram of a service processing method provided in the embodiment of the present application. On the basis of the architecture corresponding to the cloud platform 13, different cloud resources and tool chains need to be designed, and the cloud resources and tool chains can fall on corresponding physical servers of the available domains according to a strategy, so that physical isolation of data among different available domains is further achieved, and the capability of automatic shielding according to the available domains needs to be designed for part of network resources.
As shown in fig. 4, the service processing method is applied to the cloud management and control platform in the foregoing embodiment, and the method includes the following steps:
and 41, responding to the operation of creating the object storage container bucket by the user, and determining the identification of the target available domain.
The target available domain is a first available domain or a second available domain (the first available domain is taken as an example in the embodiments of the present application).
In this step, when a user needs to create an object storage container in a target available domain, corresponding operations are executed in the cloud management and control platform, and it is determined in which available domain the object storage container needs to be created.
In a possible implementation, taking the object storage for creating the first available domain as an example, when a graph manager creates an object storage bucket for a smart driving user, the first available domain is selected from available zone items in a management plane of the cloud management and control platform, that is, the cloud management and control platform determines an identifier of the first available domain.
It should be understood that creating an object storage container as an example of a chain of services and tools needed in the first or second available domain may also include cloud hosting, chunk storage, object storage, file storage, blockchains, various types of databases, messaging middleware, big data, and artificial intelligence platforms, among others.
And 42, generating domain name information of the access node in the target available domain according to the identification of the target available domain.
In this step, in response to the identifier of the target available domain, the cloud management and control platform generates domain name information of the access node according to the identifier.
In one possible implementation, a background object storage service of the cloud management and control platform automatically generates a key access node domain name, such as obs-gel-auto.gelydc.com, indicating that both the bucket metadata and the storage data are stored in the first available domain.
And 43, globally storing the related information of the object storage container, and determining routing information according to the domain name information.
In this step, information such as metadata and storage data of the object storage container is stored globally, and routing information is determined according to the domain name information, so that when the object storage container is used subsequently, a storage location and the like can be determined according to the routing information.
In a possible implementation, the object storage service of the cloud management and control platform stores the bucket information created by the user globally, and resolves the routing information according to the domain name.
And step 44, storing the routing information into the load access node of the target available domain.
In one possible implementation, the routing information is stored in a storage load access node to which the first available domain is assigned.
According to the service processing method provided by the embodiment of the application, the identification of the target available domain is determined by responding to the operation of creating the object storage container by the user, the domain name information of the access node is generated in the target available domain according to the identification of the target available domain, then the related information of the object storage container is stored globally, the routing information is determined according to the domain name information, and finally the routing information is stored in the load access node of the target available domain. The technical scheme realizes that the flow design can be created for the object storage service.
In addition, the embodiment of the application also provides a process for installing the general basic service, and in the process of installing the general basic service, the service matched with the interception parameter is skipped to be installed.
The interception parameter is included in the installation script of the general class basic service, and is used for recording the service which is not required to be added in the target available domain.
Optionally, the general basic service mainly provides access to the internet or an extranet, cannot be provided in the first available domain according to the compliance requirement of related data, and needs to be filtered and cancelled at the cloud platform level, and the specific method includes:
1) an installation and deployment service (generally, an automation tool) provides a filtering mode based on a first available domain, and parameters need to be added for control because an elastic Internet Protocol (IP), a Network Address Translation (NAT) gateway, and the like are general basic services. If the intelligent driving available domain is installed, the filter _ service is added to EIP, NAT GW.
2) And analyzing the filter _ service parameter by the automatic installation script in the running process, and skipping matched services without installation.
That is, the identifier of the service that is not to be installed is carried in the filter _ service parameter (intercept parameter).
3) The registration information of the cloud platform on the aspects of resource management, configuration management and the like is added with the first available domain list information to indicate whether the first available domain provides the service or not.
4) When the administrator of the graph service creates the elastic IP and NAT gateway, since the services do not register the first available domain in the resource management, configuration management and other lists, the first available domain cannot be selected in the drop-down box in the options of the available domain.
The realization of the mode ensures that the first available domain does not provide internet access service, and after the storage surface of the first available domain is accessed into the core switch, no link can reach the internet area, thereby ensuring the physical isolation from the internet; and the core switch of the second available domain is physically isolated from the first available domain and simultaneously accesses the Internet area to realize on-demand mutual access with the Internet.
On the basis of the foregoing method embodiment, fig. 5 is a schematic structural diagram of a service processing apparatus provided in the embodiment of the present application. The device is applied to the service processing method, and comprises the following steps:
a response module 51, configured to determine, in response to an operation of creating an object storage container by a user, an identification of a target available domain, where the target available domain is a first available domain or a second available domain;
a generating module 52, configured to generate domain name information of the access node in the target available domain according to the identifier of the target available domain;
a determining module 53, configured to store the relevant information of the object storage container globally, and determine routing information according to the domain name information;
a storage module 54, configured to store the routing information in the load access node of the target available domain.
In one possible design of the present application, the processing module is configured to:
and in the process of installing the general class basic service, the installation is skipped for the service matched with the interception parameter, the interception parameter is contained in the installation script of the general class basic service, and the interception parameter is used for recording the service which is not required to be added in the target available domain.
The service processing apparatus provided in the embodiment of the present application may be configured to execute the technical solution corresponding to the service processing method in the foregoing embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element referred to herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
Fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application. As shown in fig. 6, the server may include: a processor 60, a memory 61, and computer program instructions stored on the memory 61 and executable on the processor 60.
The server may be a server corresponding to the cloud management and control platform 133.
The processor 60 executes computer-executable instructions stored by the memory 61, causing the processor 60 to perform the aspects of the embodiments described above. The processor 60 may be a general-purpose processor including a central processing unit CPU, a Network Processor (NP), and the like; but also a digital signal processor DSP, an application specific integrated circuit ASIC, a field programmable gate array FPGA or other programmable logic device, discrete gate or transistor logic, discrete hardware components.
The memory 61 and the transceiver 62 are connected to the processor 60 via a system bus and communicate with each other, and the memory 61 is used for storing computer program instructions.
In one possible implementation, the server may further include: a display for interacting with a technician as a control panel.
The system bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The system bus may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The server provided in the embodiment of the present application may be configured to execute the technical solution corresponding to the service processing method in the foregoing embodiment, and the implementation principle and the technical effect of the server are similar, which are not described herein again.
The embodiment of the present application further provides a chip for executing the instruction, where the chip is used to execute the technical scheme of the service processing method in the foregoing embodiment.
An embodiment of the present application further provides a computer-readable storage medium, where a computer instruction is stored in the computer-readable storage medium, and when the computer instruction runs on a computer device, the computer device is enabled to execute the technical solution of the service processing method in the foregoing embodiment.
The embodiment of the present application further provides a computer program product, which includes a computer program, and the computer program is used for executing the technical solution of the service processing method in the foregoing embodiment when being executed by the processor.
The computer-readable storage medium described above may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk. Readable storage media can be any available media that can be accessed by a general purpose or special purpose computer device.
It will be understood that the present application is not limited to the precise arrangements that have been described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (10)
1. A cloud platform, comprising: a first available domain, a second available domain, and a cloud management platform, the first available domain and the second available domain being physically isolated;
the first available domain for providing autonomous driving business services for vehicles, deploying tools including mapping-related data collection, data desensitization, and business development;
the second available domain is used for providing infrastructure as a service (IaaS) and platform as a service (PaaS) for the vehicle, and deploying tools comprising mapping-independent data development and service development;
the cloud management and control platform is respectively connected with the first available domain and the second available domain and is used for carrying out resource management on the first available domain and the second available domain.
2. The cloud platform of claim 1, wherein a server of a target available domain is connected to the storage area of the target available domain through a first network card for accessing the storage area, and the target available domain is the first available domain or the second available domain.
3. The cloud platform of claim 2, wherein the cloud management and control platform is connected to the server of the target available domain through a second network card, and is configured to perform resource access, configuration management, and operation and maintenance operations on the target available domain.
4. The cloud platform of any of claims 1-3, wherein the first available domain is connected to an intranet through a first firewall; the second available domain is connected to the extranet through a second firewall.
5. A service processing method applied to the cloud management and control platform according to any one of claims 1 to 4, the method including:
in response to an operation of a user to create an object storage container, determining an identification of a target available domain, the target available domain being a first available domain or a second available domain;
generating domain name information of an access node in the target available domain according to the identification of the target available domain;
globally storing the related information of the object storage container, and determining routing information according to the domain name information;
storing the routing information into a load access node of the target available domain.
6. The method of claim 5, further comprising:
and in the process of installing the general class basic service, skipping installation of the service matched with the interception parameter, wherein the interception parameter is contained in an installation script of the general class basic service, and the interception parameter is used for recording the service which is not required to be added in the target available domain.
7. A service processing apparatus, applied to the cloud management and control platform according to any one of claims 1 to 4, the apparatus comprising:
a response module, configured to determine, in response to an operation of creating an object storage container by a user, an identification of a target available domain, where the target available domain is a first available domain or a second available domain;
a generating module, configured to generate domain name information of an access node in the target available domain according to the identifier of the target available domain;
the determining module is used for globally storing the related information of the object storage container and determining routing information according to the domain name information;
and the storage module is used for storing the routing information into the load access node of the target available domain.
8. A server, comprising: a processor, a memory and computer program instructions stored on the memory and executable on the processor, the processor when executing the computer program instructions implementing the business process method as claimed in claim 5 or 6 above.
9. A computer-readable storage medium, having stored thereon computer-executable instructions, which, when executed by a processor, are adapted to implement a service processing method as claimed in claim 5 or 6.
10. A computer program product comprising a computer program for implementing a method of service processing as claimed in claim 5 or 6 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210743663.7A CN115134367A (en) | 2022-06-28 | 2022-06-28 | Cloud platform and service processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210743663.7A CN115134367A (en) | 2022-06-28 | 2022-06-28 | Cloud platform and service processing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115134367A true CN115134367A (en) | 2022-09-30 |
Family
ID=83379316
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210743663.7A Pending CN115134367A (en) | 2022-06-28 | 2022-06-28 | Cloud platform and service processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115134367A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116112512A (en) * | 2022-12-28 | 2023-05-12 | 中国人寿保险股份有限公司上海数据中心 | Distributed storage system based on fault domain |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8650299B1 (en) * | 2010-02-03 | 2014-02-11 | Citrix Systems, Inc. | Scalable cloud computing |
| US20140123296A1 (en) * | 2012-10-30 | 2014-05-01 | Samsung Sds Co., Ltd. | Security through metadata orchestrators |
| US20160162701A1 (en) * | 2014-12-05 | 2016-06-09 | Cisco Technology, Inc. | Stack Fusion Architecture Including Distributed Software Clusters to Enable Software Communication Services |
| KR20160136489A (en) * | 2015-05-19 | 2016-11-30 | (주)나누미넷 | Method for Resource Management base of Virtualization for cloud service |
| CN107769938A (en) * | 2016-08-16 | 2018-03-06 | 北京金山云网络技术有限公司 | The system and method that a kind of Openstack platforms support Multi net voting region |
| US20180241642A1 (en) * | 2017-02-21 | 2018-08-23 | Dell Products L.P. | Consistent placement between private and public cloud deployments of application services |
| CN110830546A (en) * | 2019-09-20 | 2020-02-21 | 平安科技(深圳)有限公司 | Available domain construction method, device and equipment based on container cloud platform |
| CN112099913A (en) * | 2020-09-01 | 2020-12-18 | 北京思特奇信息技术股份有限公司 | Method for realizing safety isolation of virtual machine based on OpenStack |
-
2022
- 2022-06-28 CN CN202210743663.7A patent/CN115134367A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8650299B1 (en) * | 2010-02-03 | 2014-02-11 | Citrix Systems, Inc. | Scalable cloud computing |
| US20140123296A1 (en) * | 2012-10-30 | 2014-05-01 | Samsung Sds Co., Ltd. | Security through metadata orchestrators |
| US20160162701A1 (en) * | 2014-12-05 | 2016-06-09 | Cisco Technology, Inc. | Stack Fusion Architecture Including Distributed Software Clusters to Enable Software Communication Services |
| KR20160136489A (en) * | 2015-05-19 | 2016-11-30 | (주)나누미넷 | Method for Resource Management base of Virtualization for cloud service |
| CN107769938A (en) * | 2016-08-16 | 2018-03-06 | 北京金山云网络技术有限公司 | The system and method that a kind of Openstack platforms support Multi net voting region |
| US20180241642A1 (en) * | 2017-02-21 | 2018-08-23 | Dell Products L.P. | Consistent placement between private and public cloud deployments of application services |
| CN110830546A (en) * | 2019-09-20 | 2020-02-21 | 平安科技(深圳)有限公司 | Available domain construction method, device and equipment based on container cloud platform |
| CN112099913A (en) * | 2020-09-01 | 2020-12-18 | 北京思特奇信息技术股份有限公司 | Method for realizing safety isolation of virtual machine based on OpenStack |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116112512A (en) * | 2022-12-28 | 2023-05-12 | 中国人寿保险股份有限公司上海数据中心 | Distributed storage system based on fault domain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11044310B2 (en) | Automatic scaling of resource instance groups within compute clusters | |
| WO2021017279A1 (en) | Cluster security management method and apparatus based on kubernetes and network domain, and storage medium | |
| US10694402B2 (en) | Security orchestration and network immune system deployment framework | |
| US10061665B2 (en) | Preserving management services with self-contained metadata through the disaster recovery life cycle | |
| CN113949702B (en) | Multi-layer network protocol processing method and device for service grid | |
| CN107809383A (en) | A kind of map paths method and device based on MVC | |
| CN110673941A (en) | Migration method of micro-services in multiple computer rooms, electronic equipment and storage medium | |
| US8756701B2 (en) | Data security in a multi-nodal environment | |
| CN105095103A (en) | Storage device management method and device used for cloud environment | |
| CN106406980B (en) | A kind of dispositions method and device of virtual machine | |
| US20070271208A1 (en) | Method, system and program product for automated testing of changes to exernalized rules | |
| CN115134367A (en) | Cloud platform and service processing method | |
| US9389991B1 (en) | Methods, systems, and computer readable mediums for generating instruction data to update components in a converged infrastructure system | |
| US20210344701A1 (en) | System and method for detection promotion | |
| CN116016028B (en) | Method, system, medium and equipment for creating multiple network interfaces for Pod based on IPvlan | |
| CN107463638A (en) | File sharing method and equipment between offline virtual machine | |
| Ceccarelli et al. | A service discovery approach for testing dynamic SOAs | |
| CN115604103A (en) | Configuration method and device of cloud computing system, storage medium and electronic equipment | |
| CN114996955A (en) | Target range environment construction method and device for cloud-originated chaotic engineering experiment | |
| CN115485677A (en) | Secure data replication in a distributed data storage environment | |
| US10606714B2 (en) | Stopping central processing units for data collection based on event categories of events | |
| CN112637232A (en) | Cloud platform resource isolation framework implementation method and device supporting multiple strategies | |
| CN111488306A (en) | Attack and defense architecture system and construction method thereof | |
| CN109254863A (en) | A kind of method, apparatus and controlled terminal recording System Event Log | |
| US20190073157A1 (en) | Stopping a plurality of central processing units for data collection based on attributes of tasks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |