CN117272329A - Distributed virtualization vulnerability-based scanning method and system - Google Patents
Distributed virtualization vulnerability-based scanning method and system Download PDFInfo
- Publication number
- CN117272329A CN117272329A CN202311550364.2A CN202311550364A CN117272329A CN 117272329 A CN117272329 A CN 117272329A CN 202311550364 A CN202311550364 A CN 202311550364A CN 117272329 A CN117272329 A CN 117272329A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- node
- workload
- utilization rate
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000004891 communication Methods 0.000 claims abstract description 12
- 238000012937 correction Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 6
- 230000010076 replication Effects 0.000 claims 1
- 230000001360 synchronised effect Effects 0.000 claims 1
- 238000001514 detection method Methods 0.000 abstract description 9
- 206010000117 Abnormal behaviour Diseases 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 239000000047 product Substances 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 239000013065 commercial product Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
- G06F9/505—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering the load
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a distributed virtualization vulnerability-based scanning method and system, wherein the system comprises a master Node, slave nodes, multi-link load balancing equipment and a distributed storage cluster, wherein virtual machine groups are deployed in the slave nodes, openSCAP nodes are deployed in each virtual machine in the virtual machine groups, and an operating system of the virtual machine is at least compatible with the openSCAP nodes; the master node is respectively in communication connection with the slave node and the distributed storage cluster through the multilink load balancing equipment, and the slave node is in communication connection with the distributed storage cluster through the multilink load balancing equipment; wherein each slave node has a node name, cluster name, management port, log file path, log record level, and TSL certificate. The method can complete massive vulnerability scanning detection tasks more quickly, more accurately, and with high concurrency and high throughput, and identify potential vulnerability threats and abnormal behaviors.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a distributed virtualization vulnerability-based scanning method and system.
Background
Software vulnerabilities are flaws in the security of a computer system, and are the vulnerability of software, which may be caused by program errors or logic errors. Computer systems are very complex and no software is perfect, meaning that all software has a vulnerability that can be exploited by a hacker, once a malicious hacker discovers a vulnerability, he can remotely exploit the vulnerability to control the target computer, acquire or destroy all its private information, so detecting and discovering vulnerabilities is of great importance at present. At present, some conventional vulnerability detection is only used for detecting website vulnerabilities, in fact, websites are only a small branch in software, even if the detection is used for detecting the software, the detection is also used for detecting single files, the efficiency is relatively low, and the network security still has high risks. The distributed virtualization vulnerability detection tool can effectively perform a large number of reliable scanning tasks, and improves scanning efficiency and flexibility.
There are some technical solutions most similar to the present invention, but they have some limitations and disadvantages. The following are several common technical schemes:
1. OpenVAS (Open Source Vulnerability Assessment System): the OpenVAS is a global leading vulnerability assessment product, has rich functions and wide vulnerability sources, and can carry out large-scale vulnerability assessment on traditional endpoints and networks. But OpenVAS is relatively complex to configure and operate and is not user friendly. There is a certain unknowns in the deployment of the distributed virtual technology, and when scanning is performed, more system resources, such as memory, CPU, etc., may be consumed. These problems are not present in the scanning method used in the present invention.
2. Nessus: nessus is a well-known open source network security vulnerability scanner and audit product developed by company Tenable Network Security. Nessus can scan multiple types of network devices and applications, helping businesses identify and eliminate potential security vulnerabilities. Nessus provides rich functionality. Nessus suffers from low performance when dealing with large networks and numerous hosts. And Nessus is relatively slow to develop and update, new security technologies and standards may not be able to be followed and supported in time.
There are some other vulnerability scanning solutions on the market, such as qualyguard. Qualyguard is a commercial network security vulnerability management and compliance solution developed and offered by Qualys corporation. The tool aims to help enterprises quickly identify and repair security holes in a network and ensure network security compliance of the enterprises. Qualyguard provides a wide range of functions, but its drawbacks are also apparent, firstly qualyguard is a commercial product that requires payment for purchase. Second, qualyguard is a cloud service-based security scanning product, and therefore requires a stable network connection and good network quality. If the network connection is unstable or the network quality is poor, the accuracy and the integrity of the scanning result can be affected.
Disclosure of Invention
Therefore, the technical problem to be solved by the invention is to provide the distributed virtualization vulnerability scanning method and system, which can complete massive vulnerability scanning detection tasks more quickly, more accurately, and with high concurrency and high throughput, and identify potential vulnerability threats and abnormal behaviors.
In order to solve the technical problems, the invention provides the following technical scheme:
a scanning system based on distributed virtualization vulnerabilities comprises a master Node, slave nodes, a multi-link load balancing device and a distributed storage cluster, wherein virtual machine groups are deployed in the slave nodes, an openSCAP Node is deployed in each virtual machine in the virtual machine groups, and an operating system of the virtual machine is at least compatible with the openSCAP Node; the master node is respectively in communication connection with the slave node and the distributed storage cluster through the multilink load balancing equipment, and the slave node is in communication connection with the distributed storage cluster through the multilink load balancing equipment; wherein each slave node has a node name, cluster name, management port, log file path, log record level, and TSL certificate.
The system is characterized in that the main node is in communication connection with the multilink load balancing equipment through more than two Internet access links.
In the system, each virtual machine group is provided with a label for identification.
According to the system, the data synchronization mode of the master node and the slave node is a master-slave copy mode.
The system is characterized in that two openSCAP nodes are connected in series in a communication mode.
By using the method for performing vulnerability scanning based on the distributed virtualization vulnerability scanning system, the main Node issues vulnerability scanning tasks to corresponding virtual machine groups according to vulnerability scanning requests and performs vulnerability scanning by openSCAP nodes in the virtual machines.
The method comprises the following steps:
s1) a main node receives a vulnerability scanning request and issues a vulnerability scanning task to a corresponding virtual machine group;
s2) the corresponding virtual machine group scans corresponding data according to the vulnerability scanning task, and stores suspicious data or data with vulnerability threat in an isolated mode, wherein the suspicious data or the data with vulnerability threat and normal data are stored in different storage devices; when one virtual machine in the virtual machine group fails, the workload of the failed virtual machine is automatically transferred to other virtual machines for execution.
In the above method, in step S2), when the virtual machine group receives a new vulnerability scanning task when executing the vulnerability scanning task, the new vulnerability scanning task is allocated to the virtual machine according to the virtual machine load condition in the virtual machine group.
In the above method, in step S2), during the running period of the virtual machine group, a certain workload is allocated to a certain virtual machine in the virtual machine group according to the virtual machine load condition, and when the virtual machine does not meet the allocation requirement, the workload is allocated to a virtual machine meeting the allocation requirement in the virtual machine group for execution; wherein, the allocation requirement is that after the workload is allocated, the virtual machine satisfies the following requirements:
wherein the CPU utilization of the virtual machine after being assigned the workloadMemory usage->Disc usage->And network bandwidth utilization->The method is calculated by the following formulas:
in the method, in the process of the invention,the CPU average utilization rate of the virtual machine in the T period is calculated; />Predicted CPU usage when running the workload for the virtual machine; />The average utilization rate of the memory of the virtual machine in the T period is given; />The expected memory usage when running the workload for the virtual machine; />The average utilization rate of the disk of the virtual machine in the T period is given; />Running the work for the virtual machineAnticipated disk usage when loaded; />The average utilization rate of network bandwidth of the virtual machine in the T period is given;the network bandwidth usage expected when running the workload for the virtual machine.
When a certain workload is allocated to a certain virtual machine in the virtual machine group, the method is based on the influence factor of CPU utilization rate, memory utilization rate, disk utilization rate and network bandwidth utilization rate of the virtual machine on the execution efficiency of the workload、/>、/>And->Correction is made in which ∈>、/>、/>And->The correction of (2) is performed according to the following formula:
in the method, in the process of the invention,、/>、/>and->The CPU utilization rate, the memory utilization rate, the disk utilization rate and the network bandwidth utilization rate of the corrected virtual machine are respectively +.>、/>、/>And->The method comprises the steps of (1) respectively influencing factors of CPU utilization rate, memory utilization rate, disk utilization rate and network bandwidth utilization rate of a virtual machine on workload execution efficiency, +.>、/>、/>And->The value ranges of the two are 10% -35%.
The technical scheme of the invention has the following beneficial technical effects:
1. the invention improves the single technology of the vulnerability scanning tool so as to adapt to the high complexity of the detection of the vulnerability scanning large-batch clusters. The scanning tool can complete massive vulnerability scanning detection tasks more quickly, more accurately, and with high concurrency and high throughput, and identify potential vulnerability threats and abnormal behaviors. The agile scanning detection capability can more timely cope with a large number of vulnerability scanning tasks.
2. A technique based on multilink load balancing is another advantage of the present invention. By the technology, the fault tolerance of scanning can be greatly improved. Effectively improves the processing capability and shortens the response time. Different load balancing strategies, such as polling, minimum connection number, fastest response time and the like, can be set according to actual requirements, and requirements under different scenes are met. And the expansibility and maintenance cost of the whole framework are greatly improved. By distributing the scanning traffic over multiple links or servers, the risk of attack by a single link or server can be reduced, improving the security of the system.
3. The invention provides high performance and flexible configuration management. By optimizing the architecture and adopting the technical means of parallel and distributed processing, the performance and response speed of the system are improved. In addition, the system also provides flexible configuration management, and can customize the scanning strategy and rules according to the requirement. This high performance and flexible configuration management allows the system to be more adaptable to a variety of complex scanning environments and requirements.
4. Full scan coverage capability: the invention can scan many types of systems including Linux, windows, mac OS X, solaris, freeBSD, etc. A number of scanning modules are provided for checking different types of security issues. You can select the scan module to be run, and can also customize the scan module.
5. Powerful network group functions: after the virtual machine joins the network group, the invention can automatically find other virtual machines and establish connection. The network group can be configured by itself, so that data and resources can be automatically shared between virtual machines. The network group virtual machines can automatically distribute loads and distribute work loads to a plurality of virtual machines so as to improve the scanning performance and reliability. If a failure is detected, the workload on the failed virtual machine is transferred to the other virtual machine. This helps to ensure proper operation of the scanning program and improves usability of the system.
Drawings
FIG. 1 is a schematic diagram of a distributed virtual vulnerability-based scanning system;
FIG. 2 is a diagram illustrating a data synchronization scheme between a master node and a slave node according to the present invention;
FIG. 3 is a distributed virtualization vulnerability scanning flow chart.
Detailed Description
The invention is further described below with reference to examples.
As shown in fig. 1, in the invention, a distributed virtualization vulnerability scanning system is based, which comprises a master Node, slave nodes, a multi-link load balancing device and a distributed storage cluster, wherein virtual machine groups are deployed in the slave nodes, an openSCAP Node is deployed in each virtual machine in the virtual machine groups, and an operating system of the virtual machine is at least compatible with the openSCAP Node; the master node is respectively in communication connection with the slave node and the distributed storage cluster through the multilink load balancing equipment, and the slave node is in communication connection with the distributed storage cluster through the multilink load balancing equipment; wherein each slave node has a node name, cluster name, management port, log file path, log record level, and TSL certificate.
The main node is in communication connection with the multilink load balancing equipment through more than two Internet access links; each virtual machine group has an identification tag; the data synchronization mode of the master node and the slave node is a master-slave copy mode, as shown in fig. 2, namely, data is input through the master node, and when the slave node calls the data, the corresponding data is obtained through a copy mode; the two openSCAP nodes are connected in series in communication.
In this embodiment, the master node is a WEB server, the slave node may use an application server, a database server or a computer, and then a virtual machine group is built on the slave node by using VMware, where the number of virtual machines in the virtual machine group and the resources used by the virtual machines are set according to specific service requirements and application types, such as a CPU, a memory, a storage (disk), and a network bandwidth required by the virtual machines. In order to facilitate management and maintenance and improve the utilization rate of virtual machine resources, a vSphere Client is used to set a corresponding label for each virtual machine group owner, and these labels can be classified according to different factors, for example: application type, performance requirements, security policies, etc. The virtual machines are uniformly managed and monitored by setting the labels for the virtual machine groups, and reasonable allocation and scheduling of resources are facilitated. In addition, advanced functions provided by VMware, such as Distributed Resource Scheduling (DRS) and High Availability (HA), may also be utilized to improve the reliability, availability, and performance of the virtualized environment.
After the virtual machine group is built, the openSCAP Node is installed for each virtual machine through a packet manager or a software warehouse of the slave Node operating system. After the openSCAP Node is installed, the openSCAP Node is configured in detail, wherein the configuration includes, but is not limited to, setting a Node name, a cluster name, a management port and the like. These configurations will directly impact the operating state and performance of the openSCAPNode. When the Node name is configured, the uniqueness of the name is ensured, and the uniqueness is used as the identification of the openSCAP Node in the cluster. When the cluster names are configured, a name capable of reflecting cluster characteristics, such as a data center, a server group and the like, should be selected. When configuring the management port, an open, secure port needs to be selected for receiving the management request from the openSCAP Manager.
In addition, other options such as log file path, log record level, TLS certificates, etc. need to be configured. These configurations will affect the logging, security and stability of the openSCAP Node. After all the configurations are completed, the openSCAP Node should be started and its running state should be verified. If any problem is encountered, debugging and elimination should be performed according to the log and error information of the openSCAP Node.
And the main node is connected with the multilink load balancing equipment through a plurality of links, so that the system can provide 7/24 vulnerability scanning service, the usability of the system is improved, and meanwhile, the multilink increases the network bandwidth, and better performance can be provided for the system. If a single link is used, an ISP cannot guarantee the continued availability of the Internet link it provides, which may lead to interruption of the scanning task WAN access, which in turn means interruption of the scanning tool cluster. A multilink solution is employed to avoid the loss of Internet access disruption.
When the distributed virtualization vulnerability scanning system is utilized to perform vulnerability scanning, the main Node issues vulnerability scanning tasks to corresponding virtual machine groups according to vulnerability scanning requests and the vulnerability scanning is performed by openSCAP nodes in the virtual machines.
As shown in fig. 3, the steps of performing vulnerability scanning by using the distributed virtualization vulnerability scanning system are as follows:
s1) a main node receives a vulnerability scanning request and issues a vulnerability scanning task to a corresponding virtual machine group;
s2) the corresponding virtual machine group scans corresponding data according to the vulnerability scanning task, and stores suspicious data or data with vulnerability threat in an isolated mode, wherein the suspicious data or the data with vulnerability threat and normal data are stored in different storage devices; when one virtual machine in the virtual machine group fails, the workload of the failed virtual machine is automatically transferred to other virtual machines for execution.
In step S2), when the virtual machine group receives a new vulnerability scanning task when executing the vulnerability scanning task, when the virtual machine group receives the new vulnerability scanning task when executing the vulnerability scanning task, the virtual machine group allocates the new vulnerability scanning task to the virtual machine according to the virtual machine load condition in the virtual machine group. The vulnerability scanning task is the workload of the virtual machine.
Since the CPU, memory, disk and network bandwidth of the virtual machine in the virtual machine group are all occupied during the operation of the virtual machine group, if the workload is allocated to the virtual machine, the utilization rate of the virtual CPU, memory, disk and network bandwidth is further increased, and when the utilization rate of any one of the CPU, memory, disk and network bandwidth of the virtual machine reaches a certain level, the efficiency of the virtual processing workload is improved, so that when a certain workload is allocated to a certain virtual machine, the utilization rate of the CPU, memory, disk and network bandwidth of the virtual machine after the workload is allocated should be considered. When the virtual machine does not meet the allocation requirement, the workload is allocated to the virtual machine meeting the allocation requirement in the virtual machine group for execution; wherein, the allocation requirement is that after the workload is allocated, the virtual machine satisfies the following requirements:
wherein the CPU utilization of the virtual machine after being assigned the workloadMemory usage->Disc usage->And network bandwidth utilization->The method is calculated by the following formulas:
in the method, in the process of the invention,the CPU average utilization rate of the virtual machine in the T period is calculated; />Predicted CPU usage when running the workload for the virtual machine; />The average utilization rate of the memory of the virtual machine in the T period is given; />Running the virtual machine for the virtual machineExpected memory usage at term workload; />The average utilization rate of the disk of the virtual machine in the T period is given; />The predicted disk usage when running the workload for the virtual machine; />The average utilization rate of network bandwidth of the virtual machine in the T period is given; />The network bandwidth usage expected when running the workload for the virtual machine.
To avoid the situation that CPU usage, memory usage, disk usage and network bandwidth usage occur more than 100% for a virtual machine after a certain workload is allocated to the virtual machine, when a certain workload is allocated to a certain virtual machine in a virtual machine group, the CPU usage, memory usage, disk usage and network bandwidth usage of the virtual machine are influenced by the factors of the CPU usage, memory usage, disk usage and network bandwidth usage of the virtual machine on the execution efficiency of the workload、/>、/>And->Correction is made in which ∈>、/>、/>And->The correction of (2) is performed according to the following formula:
in the method, in the process of the invention,、/>、/>and->The CPU utilization rate, the memory utilization rate, the disk utilization rate and the network bandwidth utilization rate of the corrected virtual machine are respectively +.>、/>、/>And->The method comprises the steps of (1) respectively influencing factors of CPU utilization rate, memory utilization rate, disk utilization rate and network bandwidth utilization rate of a virtual machine on workload execution efficiency, +.>、/>、/>And->The values of (2) are 10% -35%, preferably->35% of (herba) Barbatae>25% of (I/O)>20%, ->10%.
By the aid of the policy for balancing the virtual machine load, the virtual machines in the virtual machine group can be operated efficiently for a long time, vulnerability scanning can be performed efficiently, vulnerability scanning can be continuously performed, downtime caused by overlong long-time load is avoided, and compared with a virtual machine group without the policy for balancing the virtual machine load, the virtual machine group working efficiency adopting the policy for balancing the virtual machine load is improved obviously.
It is apparent that the above examples are given by way of illustration only and are not limiting of the embodiments. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. While the obvious variations or modifications which are extended therefrom remain within the scope of the claims of this patent application.
Claims (10)
1. The distributed virtualization vulnerability scanning system is characterized by comprising a master Node, slave nodes, a multi-link load balancing device and a distributed storage cluster, wherein virtual machine groups are deployed in the slave nodes, each virtual machine in the virtual machine groups is provided with an openSCAP Node, and an operating system of the virtual machine is at least compatible with the openSCAP Node; the master node is respectively in communication connection with the slave node and the distributed storage cluster through the multilink load balancing equipment, and the slave node is in communication connection with the distributed storage cluster through the multilink load balancing equipment; wherein each slave node has a node name, cluster name, management port, log file path, log record level, and TSL certificate.
2. The system of claim 1, wherein the master node is communicatively coupled to the multilink load balancing device via more than two Internet access links.
3. The system of claim 1, wherein each virtual machine group has a tag for identification.
4. The system of claim 1, wherein the master node and the slave node are synchronized in a master-slave replication mode.
5. The system of claim 1, wherein two openSCAP nodes are communicatively coupled in series.
6. The method for performing vulnerability scanning based on the distributed virtualization vulnerability scanning system as set forth in claim 1, wherein the master Node issues the vulnerability scanning task to the corresponding virtual machine group according to the vulnerability scanning request and performs vulnerability scanning by the openSCAP Node in the virtual machine.
7. The method according to claim 6, comprising the steps of:
s1) a main node receives a vulnerability scanning request and issues a vulnerability scanning task to a corresponding virtual machine group;
s2) the corresponding virtual machine group scans corresponding data according to the vulnerability scanning task, and stores suspicious data or data with vulnerability threat in an isolated mode, wherein the suspicious data or the data with vulnerability threat and normal data are stored in different storage devices; when one virtual machine in the virtual machine group fails, the workload of the failed virtual machine is automatically transferred to other virtual machines for execution.
8. The method of claim 6, wherein in step S2), when the virtual machine group receives a new vulnerability scanning task while executing the vulnerability scanning task, the new vulnerability scanning task is allocated to the virtual machine according to the virtual machine load condition in the virtual machine group.
9. The method according to claim 7, wherein in step S2), during the running period of the virtual machine group, a workload is allocated to a certain virtual machine in the virtual machine group according to the load condition of the virtual machine, and when the virtual machine does not meet the allocation requirement, the workload is allocated to a virtual machine meeting the allocation requirement in the virtual machine group for execution; wherein, the allocation requirement is that after the workload is allocated, the virtual machine satisfies the following requirements:
Req=Max(,/>,/>,/>)≤100%
wherein the CPU utilization of the virtual machine after being assigned the workloadMemory usage->Disc usage->And network bandwidth utilization->The method is calculated by the following formulas:
in the method, in the process of the invention,the CPU average utilization rate of the virtual machine in the T period is calculated; />Predicted CPU usage when running the workload for the virtual machine; />The average utilization rate of the memory of the virtual machine in the T period is given; />The expected memory usage when running the workload for the virtual machine; />The average utilization rate of the disk of the virtual machine in the T period is given; />The predicted disk usage when running the workload for the virtual machine; />The average utilization rate of network bandwidth of the virtual machine in the T period is given; />The network bandwidth usage expected when running the workload for the virtual machine.
10. The method of claim 9, wherein when assigning a workload to a virtual machine in a virtual machine group, the workload execution efficiency is affected by virtual machine CPU utilization, memory utilization, disk utilization, and network bandwidth utilization by a factor of magnitude、/>、/>And->Correction is made in which ∈>、/>、/>And->The correction of (2) is performed according to the following formula:
in the method, in the process of the invention,、/>、/>and->The CPU utilization rate, the memory utilization rate, the disk utilization rate and the network bandwidth utilization rate of the corrected virtual machine are respectively +.>、/>、/>And->The method comprises the steps of (1) respectively influencing factors of CPU utilization rate, memory utilization rate, disk utilization rate and network bandwidth utilization rate of a virtual machine on workload execution efficiency, +.>、/>、/>And->The value ranges of the two are 10% -35%.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311550364.2A CN117272329A (en) | 2023-11-21 | 2023-11-21 | Distributed virtualization vulnerability-based scanning method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311550364.2A CN117272329A (en) | 2023-11-21 | 2023-11-21 | Distributed virtualization vulnerability-based scanning method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117272329A true CN117272329A (en) | 2023-12-22 |
Family
ID=89202905
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311550364.2A Pending CN117272329A (en) | 2023-11-21 | 2023-11-21 | Distributed virtualization vulnerability-based scanning method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117272329A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120204176A1 (en) * | 2010-10-29 | 2012-08-09 | Huawei Technologies Co., Ltd. | Method and device for implementing load balance of data center resources |
| CN103634293A (en) * | 2013-10-29 | 2014-03-12 | 暨南大学 | Secure data transmission method based dual hardware and secure data transmission system based dual hardware |
| CN103916438A (en) * | 2013-01-06 | 2014-07-09 | 上海计算机软件技术开发中心 | Cloud testing environment scheduling method and system based on load forecast |
| US20200127937A1 (en) * | 2018-10-20 | 2020-04-23 | Netapp Inc. | Load balancing for ip failover |
| CN115878384A (en) * | 2022-12-27 | 2023-03-31 | 南京壹进制信息科技有限公司 | Distributed cluster based on backup disaster recovery system and construction method |
| CN116541128A (en) * | 2023-04-06 | 2023-08-04 | ***股份有限公司 | Load adjusting method, device, computing equipment and storage medium |
-
2023
- 2023-11-21 CN CN202311550364.2A patent/CN117272329A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120204176A1 (en) * | 2010-10-29 | 2012-08-09 | Huawei Technologies Co., Ltd. | Method and device for implementing load balance of data center resources |
| CN103916438A (en) * | 2013-01-06 | 2014-07-09 | 上海计算机软件技术开发中心 | Cloud testing environment scheduling method and system based on load forecast |
| CN103634293A (en) * | 2013-10-29 | 2014-03-12 | 暨南大学 | Secure data transmission method based dual hardware and secure data transmission system based dual hardware |
| US20200127937A1 (en) * | 2018-10-20 | 2020-04-23 | Netapp Inc. | Load balancing for ip failover |
| CN115878384A (en) * | 2022-12-27 | 2023-03-31 | 南京壹进制信息科技有限公司 | Distributed cluster based on backup disaster recovery system and construction method |
| CN116541128A (en) * | 2023-04-06 | 2023-08-04 | ***股份有限公司 | Load adjusting method, device, computing equipment and storage medium |
Non-Patent Citations (5)
| Title |
|---|
| 康承昆;刘晓洁;: "一种基于多衡量指标的HDFS负载均衡算法", 四川大学学报(自然科学版), no. 06 * |
| 曹江华;: "OpenSCAP管理主机安全", 网络安全和信息化, no. 06, pages 1 - 4 * |
| 王璇文;张署翔;: "基于SCAP的Linux终端配置核查", 机电产品开发与创新, no. 03 * |
| 王萍;付晓聪;许海洋;: "云计算中基于负载预测的虚拟资源调度策略", 青岛农业大学学报(自然科学版), no. 01 * |
| 陈志涛;张宇辉;: "面向云计算的漏洞扫描管理***的设计", 信息技术与信息化, no. 07 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10474508B2 (en) | Replication management for hyper-converged infrastructures | |
| US11336567B2 (en) | Service aware virtual private network for optimized forwarding in cloud native environment | |
| US10860311B2 (en) | Method and apparatus for drift management in clustered environments | |
| CN110752961B (en) | Techniques for secure personalization of secure monitoring of virtual network functions | |
| US9094309B2 (en) | Detecting transparent network communication interception appliances | |
| US8910129B1 (en) | Scalable control system for test execution and monitoring utilizing multiple processors | |
| US9450700B1 (en) | Efficient network fleet monitoring | |
| EP3353952B1 (en) | Managing groups of servers | |
| US20070260721A1 (en) | Physical server discovery and correlation | |
| EP3074872A1 (en) | System and method for a security asset manager | |
| WO2018137520A1 (en) | Service recovery method and apparatus | |
| CN111835685B (en) | Method and server for monitoring running state of Nginx network isolation space | |
| US11824716B2 (en) | Systems and methods for controlling the deployment of network configuration changes based on weighted impact | |
| Handoko et al. | High availability analysis with database cluster, load balancer and virtual router redudancy protocol | |
| WO2023076371A1 (en) | Automatic encryption for cloud-native workloads | |
| CN108600156B (en) | Server and security authentication method | |
| CN114760192A (en) | Container switching method and node equipment | |
| CN112073499A (en) | Dynamic service method of multi-machine type cloud physical server | |
| Smart | The big picture | |
| CN117272329A (en) | Distributed virtualization vulnerability-based scanning method and system | |
| CN112003726B (en) | High-availability configuration method for rapidly deploying Beegfs management service nodes | |
| CN117678208A (en) | Automatic provisioning of endpoint devices using management connections | |
| US11151199B2 (en) | Query result overlap detection using unique identifiers | |
| CN113691608A (en) | Traffic distribution method, traffic distribution device, electronic equipment and media | |
| CN113535359B (en) | Method and device for scheduling service requests in multi-tenant cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |