CN202127422U - Fire wall virtualization treatment device - Google Patents

Fire wall virtualization treatment device Download PDF

Info

Publication number
CN202127422U
CN202127422U CN201120226770XU CN201120226770U CN202127422U CN 202127422 U CN202127422 U CN 202127422U CN 201120226770X U CN201120226770X U CN 201120226770XU CN 201120226770 U CN201120226770 U CN 201120226770U CN 202127422 U CN202127422 U CN 202127422U
Authority
CN
China
Prior art keywords
fire compartment
compartment wall
physical
physical server
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201120226770XU
Other languages
Chinese (zh)
Inventor
赵昕
张玲丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHANGHAI DMT INFORMATION NETWORK CO Ltd
Original Assignee
SHANGHAI DMT INFORMATION NETWORK CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHANGHAI DMT INFORMATION NETWORK CO Ltd filed Critical SHANGHAI DMT INFORMATION NETWORK CO Ltd
Priority to CN201120226770XU priority Critical patent/CN202127422U/en
Application granted granted Critical
Publication of CN202127422U publication Critical patent/CN202127422U/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The utility model relates to a fire wall virtualization treatment device which comprises a physical fire wall and a plurality of physical servers. The physical fire wall is respectively connected with a plurality of physical servers. The physical fire wall is provided with Xen virtual machine software. Three physical servers are arranged and are respectively a first physical server, a second physical server and a third physical server. Each physical server is provided with a virtualization background program. Compared with the prior art, the fire wall virtualization treatment device has the advantages that the physical fire wall is logically divided into a plurality of logic fire walls by a virtualization technology; and the like.

Description

A kind of fire compartment wall virtualization process device
Technical field
The utility model relates to a kind of internet security correlation technique, especially relates to a kind of fire compartment wall virtualization process device.
Background technology
Be referred to as " the cloud computing development first year " in 2010, cloud computing is considered to the third technical revolution of the Internet.According to the development of cloud computing, on market, emerge a lot of cloud computing products, " cloud main frame " and " cloud storage " is the core product of cloud computing IaaS (architecture is promptly served), also is the core architecture basic-level support of cloud computing development.Its core technology is an Intel Virtualization Technology; Virtually can make the traditional server hardware device; Fictionalize many cover logic hardware, the many covers of operation operating system makes the traditional hardware utilization rate rise to 50%-70% from 5%-30% on virtual unit; The centralized stores pattern of cloud storage, the information centralization that also is.For the interconnected application that brings has been contained, resilient expansion, resource optimization, mass memory, high stability, multiple advantage such as use as required.
But its defective is also particularly evident, and cloud computing be unable to do without the Internet, does not have the Internet, and cloud computing is not known where to begin.The cloud computing basis is the extension of Internet technology so, and network security problem is undoubtedly key application property problem.But because hardware is virtual, physical network card is also by virtual.Come the on-premise network framework according to the conventional architectures theory, fire compartment wall originally, because virtual increase and cause the quantity of fire compartment wall to explode, security protection, the neither one client can be ready the mechanism accepting to share, basic demand must be fully independently to control.So the value that the virtual value of fire compartment wall embodies is thus well imagined.
The cloud computing technology is greatly developed; Will certainly cause conventional I DC trustship professional transition. my company is along with network technology is reformed, response fast, in October, 2010; The IaaS cloud host service of reaching the standard grade; Find that in the operation process cloud computing product that architecture is promptly served can substitute traditional I DC trusteeship service really.The work that all hardware server can be accomplished, the cloud main frame can be competent at, and also more reliable than traditional physical server on stability.But network security problem is one of key problem of internet, applications.Because the change of the network architecture makes that the legacy network security architecture is difficult to realize on the cloud main frame.The quick emergence of cloud computing also makes provides the enterprise of IaaS service to get more and more, how to lead over the industry average level in the IaaS field? The network security problem that solves the cloud host application becomes the core work of research and development department of company.
According to the cloud computing technological core: virtual main points, make virtualized server hardware obtain the legacy network security architecture, must realize the virtual of hardware firewall.
The utility model content
The purpose of the utility model is exactly for the defective that overcomes above-mentioned prior art existence a kind of fire compartment wall virtualization process device to be provided.
The purpose of the utility model can realize through following technical scheme:
A kind of fire compartment wall virtualization process device is characterized in that, comprises physics fire compartment wall, many physical servers, and described physics fire compartment wall is connected with many physical servers respectively.
Described physics fire compartment wall is provided with 2~100 network interfaces.
Described network interface is the gigabit networking interface.
Described physics fire compartment wall is the physics fire compartment wall that the Xen software virtual machine is housed.
Described physical server is provided with three, is respectively first physical server, second physical server, tertium quid reason server, and every physical server is the server that virtual background program is housed.
Described first physical server is the physical server that the Xen software virtual machine is housed; Described second physical server is the physical server that the VMware software virtual machine is housed, and described tertium quid reason server is the physical server that the Hyper software virtual machine is housed.
Every physical server all can fictionalize 2~10 virtual machines.
Compared with prior art; The utlity model has a physics fire compartment wall and pass through Intel Virtualization Technology; Reach a firewall logic and be divided into many logic fire compartment walls, and each virtual firewall independence control, independent architecture, independently satisfy each item network safety prevention demand.
Description of drawings
Fig. 1 is the structural representation of the utility model.
Embodiment
Below in conjunction with accompanying drawing and specific embodiment the utility model is elaborated.
Embodiment
As shown in Figure 1, a kind of fire compartment wall virtualization process device comprises physics fire compartment wall 1, many physical servers, and described physics fire compartment wall 1 is connected with many physical servers respectively.Described physics fire compartment wall 1 is provided with 3 network interfaces, and described network interface is the gigabit networking interface.Described physics fire compartment wall is the physics fire compartment wall that the Xen software virtual machine is housed.
Described physical server is provided with three, is respectively first physical server 2, second physical server 3, tertium quid reason server 4, and every physical server is the server that virtual background program is housed.Described first physical server 2 is for being equipped with the physical server of Xen software virtual machine; Described second physical server 3 is for being equipped with the physical server of VMware software virtual machine, and described tertium quid reason server 4 is the physical server that the Hyper software virtual machine is housed.Every physical server all can fictionalize 3 virtual machines.Realize the network safety prevention of virtual firewall to virtual machine.
Implementation step
A) physical topology connects: according to accompanying drawing 1, accomplish physical topology and connect.
B) the physics fire compartment wall imports the Xen software virtual machine: the fire compartment wall root backstage of entering earlier, and among Xen software virtual machine importing fire compartment wall FLASH memory device.
C) carry out the Xen software virtual machine: under fire compartment wall root pattern, carrying out the Xen software virtual machine, is a plurality of virtual machines with the firewall hardware logical partitioning.And with wall port, logical partitioning is among each virtual machine.
D) fire compartment wall IOS is imported in the virtual machine: in the virtual machine FLASH memory space of last step generation, import fire compartment wall ios program, and operation fire compartment wall IOS program, make virtual machine become virtual firewall.
E) revise fire compartment wall IOS program: revise fire compartment wall IOS program, make virtual machine in the IOS program, exist, convenient centralized configuration with the vdom form at fire compartment wall.
F) checking virtual machine logic is connected under each virtual firewall: the checking hardware server generates many virtual machines and operation system on various different virtuals backstage.In the virtual firewall of accomplishing before logic is connected to.
G) the virtual realization of checking fire compartment wall: whether the checking virtual firewall is relatively independent, and whether the checking virtual firewall can reach the network safety prevention effect of virtual machine.
Professional term is explained:
1.IaaS---(Infrastructure as a Service) infrastructure is promptly served one of developing direction of cloud computing.The consumer can obtain service from perfect computer based Infrastructure through Internet.This type service be called infrastructure promptly serve (Infrastructure asaService, IaaS).Service (like storage and database) based on Internet is the part of IaaS.
2.PaaS---(Platform-as-a-Service) platform is promptly served, one of cloud computing developing direction.The business model that server platform provides as a kind of service, corresponding server platform of cloud computing epoch or development environment provide as service just becomes PaaS (Platform as a Service).
3.SaaS---the meaning (Software-as-a-service) is that software is promptly served, and the Chinese of SaaS is soft battalion or software operation.SaaS is based on the software application pattern that the Internet provides software service.As a kind of software application pattern of the innovation that begins to rise in 21 century, SaaS is the recent tendency of software development in science and technology.

Claims (6)

1. a fire compartment wall virtualization process device is characterized in that, comprises physics fire compartment wall, many physical servers, and described physics fire compartment wall is connected with many physical servers respectively.
2. a kind of fire compartment wall virtualization process device according to claim 1 is characterized in that described physics fire compartment wall is provided with 2~100 network interfaces.
3. a kind of fire compartment wall virtualization process device according to claim 2 is characterized in that described network interface is the gigabit networking interface.
4. a kind of fire compartment wall virtualization process device according to claim 1 is characterized in that described physics fire compartment wall is the physics fire compartment wall that the Xen software virtual machine is housed.
5. a kind of fire compartment wall virtualization process device according to claim 1; It is characterized in that; Described physical server is provided with three; Be respectively first physical server, second physical server, tertium quid reason server, every physical server is the server that virtual background program is housed.
6. a kind of fire compartment wall virtualization process device according to claim 5; It is characterized in that; Described first physical server is the physical server that the Xen software virtual machine is housed; Described second physical server is the physical server that the VMware software virtual machine is housed, and described tertium quid reason server is the physical server that the Hyper software virtual machine is housed.
CN201120226770XU 2011-06-29 2011-06-29 Fire wall virtualization treatment device Expired - Fee Related CN202127422U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201120226770XU CN202127422U (en) 2011-06-29 2011-06-29 Fire wall virtualization treatment device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201120226770XU CN202127422U (en) 2011-06-29 2011-06-29 Fire wall virtualization treatment device

Publications (1)

Publication Number Publication Date
CN202127422U true CN202127422U (en) 2012-01-25

Family

ID=45490482

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201120226770XU Expired - Fee Related CN202127422U (en) 2011-06-29 2011-06-29 Fire wall virtualization treatment device

Country Status (1)

Country Link
CN (1) CN202127422U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685235A (en) * 2013-11-18 2014-03-26 汉柏科技有限公司 Three-tier network virtualization realization method and system on the basis of firewall

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685235A (en) * 2013-11-18 2014-03-26 汉柏科技有限公司 Three-tier network virtualization realization method and system on the basis of firewall

Similar Documents

Publication Publication Date Title
CN102857475A (en) Firewall virtualization processing system
US20180331896A1 (en) Creating new cloud resource instruction set architecture
Zhang et al. Cloud computing: state-of-the-art and research challenges
US9933956B2 (en) Systems and methods for implementing stretch clusters in a virtualization environment
CN105940378B (en) For distributing the technology of configurable computing resource
US10756979B2 (en) Performing cross-layer orchestration of resources in data center having multi-layer architecture
US9292316B2 (en) Cloud of virtual clouds for increasing isolation among execution domains
Hsu et al. Smoothoperator: Reducing power fragmentation and improving power utilization in large-scale datacenters
CN102638566B (en) BLOG system running method based on cloud storage
CN103281359A (en) Cloud desktop system and operating method
KR20150030332A (en) Distributed and parallel processing system on data and method of operating the same
WO2017080257A1 (en) Data processing method and system based on key-value pair
US20160182320A1 (en) Techniques to generate a graph model for cloud infrastructure elements
CN103561061A (en) Flexible cloud data mining platform deploying method
CN109254836B (en) Deadline constraint cost optimization scheduling method for priority dependent tasks of cloud computing system
CN103067501B (en) The large data processing method of PaaS platform
WO2016054995A1 (en) Virtual machine migration method
WO2015032201A1 (en) Virtual machine placing method and device
CN104008012A (en) High-performance MapReduce realization mechanism based on dynamic migration of virtual machine
Salapura Cloud computing: Virtualization and resiliency for data center computing
CN104156257A (en) Quick and efficient cloud service disk mirroring management method
CN203301532U (en) Cloud desktop system
WO2020108536A1 (en) Virtual network resource allocation method and system and electronic device
CN202127422U (en) Fire wall virtualization treatment device
CN104484221A (en) Method for taking over existing vCenter cluster by CloudStack

Legal Events

Date Code Title Description
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120125

Termination date: 20180629