CN105471840A - Terminal management system under large-scale enterprise network environment - Google Patents
Terminal management system under large-scale enterprise network environment Download PDFInfo
- Publication number
- CN105471840A CN105471840A CN201510776704.2A CN201510776704A CN105471840A CN 105471840 A CN105471840 A CN 105471840A CN 201510776704 A CN201510776704 A CN 201510776704A CN 105471840 A CN105471840 A CN 105471840A
- Authority
- CN
- China
- Prior art keywords
- security client
- strategy
- terminal
- server
- unified management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H04L67/125—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a terminal management system under a large-scale enterprise network environment. The terminal management system comprises a unified management server, an access control gateway and security clients, wherein the unified management server is used for saving terminal information of the security clients, grouping security clients according to business attributes and technical attributes and carrying out strategy distribution and task distribution on the grouped security clients; and the access control gateway is used for right control of accessible networks of the security clients. By adopting the terminal management system, the unified management on terminals under the large-scale enterprise network environment is realized.
Description
Technical field
The present invention relates to technical field of terminal management, particularly relate to a kind of Large enterprise network terminal under environment management system.
Background technology
Along with continuous progress and the development of IT application in enterprises degree, enterprises safety problem more and more comes into one's own, and the relevant issues of user terminal management also continue to bring out.At present, all ununified perfect Terminal Security Management system of most enterprise.Some Enterprises is based on some independently product simple realization terminal anti-virus, network admittance control, mobile device management etc., function expansibility is poor, what's new or carry out function adjustment and may need adjustment whole system framework, lacks unitized terminal management system.
Summary of the invention
The invention provides a kind of Large enterprise network terminal under environment management system, can realize carrying out unified management to terminal under Large enterprise network environment.
The invention provides a kind of Large enterprise network terminal under environment management system, comprising: unified management server, access control gateway and security client; Wherein:
Described unified management server, for preserving the end message of described security client, divides into groups according to service attribute and technical attributes to described security client, and carries out strategy distribution and task matching to the security client after grouping;
Described access control gateway, for the control of authority of described security client addressable network.
Preferably, described strategy comprises: whether whether operating system screen protection strategy, interface strategy and CD-ROM drive can read strategy.
Preferably, described task comprises: software propelling movement task and keeper are issued to the notice of described security client.
Preferably, described end message comprises: OS Type, software and hardware information, access network mode and terminal IP.
Preferably, described system also comprises: proxy server;
Described proxy server, for the end message in unified management server described in buffer memory, user profile, policy data and task data.
Preferably, described system, also comprises: log server;
Described log server, for collecting and showing the described security client strategy execution log information that described proxy server reports.
From such scheme, a kind of Large enterprise network terminal under environment management system provided by the invention, the end message of security client is preserved by unified management server, described security client is divided into groups according to service attribute and technical attributes, and strategy distribution and task matching are carried out to the security client after grouping; By the authority of access control gateway control security client addressable network, the actual service logic of Terminal Security Management framework with terminal security strategy execution can be separated, when needs are expanded security client function, without the need to adjusting the framework of whole safety management system, can realize carrying out unified management to terminal under Large enterprise network environment.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The structural representation of Fig. 1 a kind of Large enterprise network terminal under environment management system disclosed in the embodiment of the present invention one;
The structural representation of Fig. 2 a kind of Large enterprise network terminal under environment management system disclosed in the embodiment of the present invention two;
Fig. 3 is the structural representation of a kind of Large enterprise network terminal under environment management system that the embodiment of the present invention three is opened.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, a kind of Large enterprise network terminal under environment management system disclosed in the embodiment of the present invention one, comprising: unified management server 11, access control gateway 12 and security client 13; Wherein:
Unified management server 11, for preserving the end message of security client 13, divides into groups according to service attribute and technical attributes to security client 13, and carries out strategy distribution and task matching to the security client 13 after grouping;
Access control gateway 12, for the control of authority of security client 13 addressable network.
The operation principle of above-described embodiment is: when needing to manage the terminal under Large enterprise network environment, unified management server 11 pairs of end messages carry out unified management, unified management server 11 are preserved the end message of all mounted security clients 13.
Divided into groups according to service attribute and technical attributes by the 11 pairs of security clients 13 of the unified management server in management system, and strategy distribution and task matching are carried out to the security client 13 after grouping.
Security client 13 obtains user and end message, is implemented by the strategy that the unified management server 11 received is specified in terminal.
Simultaneously, the control of authority of terminal addressable network is also completed by access control gateway 12, when user logs in client, client completes the safety inspection of terminal automatically, the addressable network area of network access authority granting terminal that notice access control gateway 12 limits according to terminal strategy.
In sum, stating in embodiment, preserved the end message of security client by unified management server, described security client is divided into groups according to service attribute and technical attributes, and strategy distribution and task matching are being carried out to the security client after grouping; By the authority of access control gateway control security client addressable network, the actual service logic of Terminal Security Management framework with terminal security strategy execution can be separated, when needs are expanded security client function, without the need to adjusting the framework of whole safety management system, can realize carrying out unified management to terminal under Large enterprise network environment.
As shown in Figure 2, a kind of Large enterprise network terminal under environment management system disclosed in the embodiment of the present invention two, comprising: unified management server 21, access control gateway 22, security client 23 and proxy server 24; Wherein:
Unified management server 21, for preserving the end message of security client 23, divides into groups according to service attribute and technical attributes to security client 23, and carries out strategy distribution and task matching to the security client 23 after grouping;
Access control gateway 22, for the control of authority of security client 23 addressable network;
Proxy server 24, for the end message in buffer memory unified management server 21, user profile, policy data and task data.
The operation principle of above-described embodiment is: when needing to manage the terminal under Large enterprise network environment, unified management server 21 pairs of end messages carry out unified management, unified management server 21 are preserved the end message of all mounted security clients 23.
Divided into groups according to service attribute and technical attributes by the 21 pairs of security clients 23 of the unified management server in management system, and strategy distribution and task matching are carried out to the security client 23 after grouping.
Described strategy comprises: whether whether operating system screen protection strategy, interface strategy and CD-ROM drive can read strategy.Described task comprises: software propelling movement task and keeper are issued to the notice of described security client.
Security client 23 obtains user and end message, is implemented by the strategy that the unified management server 21 received is specified in terminal.Described end message comprises: OS Type, software and hardware information, access network mode and terminal IP.
End messages all in unified management server 21, user profile, policy data, task data etc. enter in proxy server 24 internal memory by Web service method of calling increment synchronization, and wherein the method for synchronization of data is not limited only to application layer Web service method of calling.
The all end messages received, user profile, policy data, task data are carried out buffer memory by proxy server 24, and provide terminal strategy information to security client 23, and issue terminal task.
Simultaneously, the control of authority of terminal addressable network is also completed by access control gateway 22, when user logs in client, client completes the safety inspection of terminal automatically, the addressable network area of network access authority granting terminal that notice access control gateway 22 limits according to terminal strategy.
As shown in Figure 3, a kind of Large enterprise network terminal under environment management system disclosed in the embodiment of the present invention three, comprising: unified management server 31, access control gateway 32, security client 33, proxy server 34 and log server 35; Wherein:
Unified management server 31, for preserving the end message of security client 33, divides into groups according to service attribute and technical attributes to security client 33, and carries out strategy distribution and task matching to the security client 33 after grouping;
Access control gateway 32, for the control of authority of security client 33 addressable network;
Proxy server 34, for the end message in buffer memory unified management server 31, user profile, policy data and task data;
Log server 35, for collecting the security client 33 strategy execution log information that also display proxy server 34 reports.
The operation principle of above-described embodiment is: when needing to manage the terminal under Large enterprise network environment, unified management server 31 pairs of end messages carry out unified management, unified management server 31 are preserved the end message of all mounted security clients 33.
Divided into groups according to service attribute and technical attributes by the 31 pairs of security clients 33 of the unified management server in management system, and strategy distribution and task matching are carried out to the security client 33 after grouping.
Described strategy comprises: whether whether operating system screen protection strategy, interface strategy and CD-ROM drive can read strategy.Described task comprises: software propelling movement task and keeper are issued to the notice of described security client.
Security client 33 obtains user and end message, is implemented by the strategy that the unified management server 31 received is specified in terminal, and result of implementation daily record tactful in terminal is fed back to log server 35 by proxy server 34.
Described end message comprises: OS Type, software and hardware information, access network mode and terminal IP.
End messages all in unified management server 31, user profile, policy data, task data etc. enter in proxy server 34 internal memory by Web service method of calling increment synchronization, and wherein the method for synchronization of data is not limited only to application layer Web service method of calling.
The all end messages received, user profile, policy data, task data are carried out buffer memory by proxy server 34, and provide terminal strategy information to security client 33, and issue terminal task, and the daily record of collection terminal strategy execution is aggregated in log server 35.
Log server 35, for collecting the terminal log information gathering each proxy server 34 and report, and shows keeper by log information and form.
Simultaneously, the control of authority of terminal addressable network is also completed by access control gateway 32, when user logs in client, client completes the safety inspection of terminal automatically, the addressable network area of network access authority granting terminal that notice access control gateway 32 limits according to terminal strategy.
Concrete, during terminal access enterprise network internal applications server, access control gateway 32 intercepts and captures network traffics, and inquires whether proxy server 34 allows terminal access application server;
Proxy server 34 provides security client to install to terminal and downloads interface, or on notification terminal, mounted security client 33 carries out safety inspection.
Judge whether to allow terminal access application server according to the check result of security client 33;
After security client 33 receives Different Strategies, call disparate modules implementation strategy, carry out strategy and check and feed back check result to proxy server 34;
Proxy server 34 is by terminal log information feedback log server 35;
Log server 35 gathers all terminal inspection result data and analyzes, and forms data sheet, carries out the actions such as security alarm in time when finding security risk.
In sum, unified terminal safety management framework can be separated with the actual service logic of terminal security strategy execution by the present invention, as expanded security client function, whole Terminal Security Management system architecture, without the need to adjustment, only needs to expand on client modules and Unified Policy administration interface.Meanwhile, by controlling network insertion, terminal security implements the anti-uninstall not relying on security client software.Tactical management point is separated with policy enforcement point, managed by unified management service, and access control gateway and proxy server can be distributed in each key node of enterprise network.
If the function described in the present embodiment method using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computing equipment read/write memory medium.Based on such understanding, the part of the part that the embodiment of the present invention contributes to prior art or this technical scheme can embody with the form of software product, this software product is stored in a storage medium, comprising some instructions in order to make a computing equipment (can be personal computer, server, mobile computing device or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-OnlyMemory), random access memory (RAM, RandomAccessMemory), magnetic disc or CD etc. various can be program code stored medium.
In this specification, each embodiment adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiment, between each embodiment same or similar part mutually see.
To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the present invention.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein can without departing from the spirit or scope of the present invention, realize in other embodiments.Therefore, the present invention can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (6)
1. a Large enterprise network terminal under environment management system, is characterized in that, comprising: unified management server, access control gateway and security client; Wherein:
Described unified management server, for preserving the end message of described security client, divides into groups according to service attribute and technical attributes to described security client, and carries out strategy distribution and task matching to the security client after grouping;
Described access control gateway, for the control of authority of described security client addressable network.
2. system according to claim 1, is characterized in that, described strategy comprises: whether whether operating system screen protection strategy, interface strategy and CD-ROM drive can read strategy.
3. system according to claim 1, is characterized in that, described task comprises: software propelling movement task and keeper are issued to the notice of described security client.
4. system according to claim 1, is characterized in that, described end message comprises: OS Type, software and hardware information, access network mode and terminal IP.
5. system according to claim 1, is characterized in that, also comprises: proxy server;
Described proxy server, for the end message in unified management server described in buffer memory, user profile, policy data and task data.
6. system according to claim 5, is characterized in that, also comprises: log server;
Described log server, for collecting and showing the described security client strategy execution log information that described proxy server reports.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510776704.2A CN105471840A (en) | 2015-11-12 | 2015-11-12 | Terminal management system under large-scale enterprise network environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510776704.2A CN105471840A (en) | 2015-11-12 | 2015-11-12 | Terminal management system under large-scale enterprise network environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105471840A true CN105471840A (en) | 2016-04-06 |
Family
ID=55609111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510776704.2A Pending CN105471840A (en) | 2015-11-12 | 2015-11-12 | Terminal management system under large-scale enterprise network environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105471840A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959152A (en) * | 2016-06-23 | 2016-09-21 | 北京北信源软件股份有限公司 | Terminal management method and system |
| CN106131033A (en) * | 2016-07-20 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | Strategy management method of SSR centralized management platform |
| CN106357455A (en) * | 2016-10-11 | 2017-01-25 | 北京元心科技有限公司 | Method and system for controlling application access network |
| CN108833566A (en) * | 2018-06-26 | 2018-11-16 | 北京明朝万达科技股份有限公司 | A kind of the cross-region data distributing method and system of anti-data-leakage system |
| CN113794717A (en) * | 2021-09-14 | 2021-12-14 | 京东科技信息技术有限公司 | Safety scheduling method, device and related equipment |
| CN114422542A (en) * | 2021-12-11 | 2022-04-29 | 麒麟软件有限公司 | Terminal domain management system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101588575A (en) * | 2009-04-29 | 2009-11-25 | 候万春 | System and method for providing Internet information encryption transmission service to group customer |
| CN101741817A (en) * | 2008-11-21 | 2010-06-16 | 中国移动通信集团安徽有限公司 | System, device and method for multi-network integration |
| US20110040829A1 (en) * | 2009-08-17 | 2011-02-17 | Samsung Electronics Co., Ltd. | Method and apparatus for remote management of device |
| CN102195991A (en) * | 2011-06-28 | 2011-09-21 | 辽宁国兴科技有限公司 | Terminal security management and authentication method and system |
-
2015
- 2015-11-12 CN CN201510776704.2A patent/CN105471840A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741817A (en) * | 2008-11-21 | 2010-06-16 | 中国移动通信集团安徽有限公司 | System, device and method for multi-network integration |
| CN101588575A (en) * | 2009-04-29 | 2009-11-25 | 候万春 | System and method for providing Internet information encryption transmission service to group customer |
| US20110040829A1 (en) * | 2009-08-17 | 2011-02-17 | Samsung Electronics Co., Ltd. | Method and apparatus for remote management of device |
| CN102195991A (en) * | 2011-06-28 | 2011-09-21 | 辽宁国兴科技有限公司 | Terminal security management and authentication method and system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959152A (en) * | 2016-06-23 | 2016-09-21 | 北京北信源软件股份有限公司 | Terminal management method and system |
| CN106131033A (en) * | 2016-07-20 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | Strategy management method of SSR centralized management platform |
| CN106357455A (en) * | 2016-10-11 | 2017-01-25 | 北京元心科技有限公司 | Method and system for controlling application access network |
| CN106357455B (en) * | 2016-10-11 | 2019-10-25 | 北京元心科技有限公司 | A kind of method and system controlling application access network |
| CN108833566A (en) * | 2018-06-26 | 2018-11-16 | 北京明朝万达科技股份有限公司 | A kind of the cross-region data distributing method and system of anti-data-leakage system |
| CN108833566B (en) * | 2018-06-26 | 2021-01-19 | 北京明朝万达科技股份有限公司 | Cross-region data distribution method and system of data leakage prevention system |
| CN113794717A (en) * | 2021-09-14 | 2021-12-14 | 京东科技信息技术有限公司 | Safety scheduling method, device and related equipment |
| CN114422542A (en) * | 2021-12-11 | 2022-04-29 | 麒麟软件有限公司 | Terminal domain management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105471840A (en) | Terminal management system under large-scale enterprise network environment | |
| US12132784B1 (en) | Distributed data analysis for streaming data sources | |
| US8812342B2 (en) | Managing and monitoring continuous improvement in detection of compliance violations | |
| US11750627B2 (en) | Insider threat detection utilizing user group to data object and/or resource group access analysis | |
| US11563764B1 (en) | Risk scoring based on compliance verification test results in a local network | |
| US11468195B1 (en) | Multiple cloud and region data clean rooms | |
| US10904216B2 (en) | Intelligent firewall access rules | |
| US11809600B2 (en) | Data clean room | |
| AU2015270950A1 (en) | Real-time model of states of monitored devices | |
| US11411993B2 (en) | Ratio-based management of honeypot fleets | |
| US20170068963A1 (en) | System and a method for lean methodology implementation in information technology | |
| US10838830B1 (en) | Distributed log collector and report generation | |
| WO2013088212A1 (en) | System and method for work monitoring | |
| CN116545678A (en) | Network security protection method, device, computer equipment and storage medium | |
| CN113434312A (en) | Data blood relationship processing method and device | |
| CN107451469A (en) | A kind of process management system and method | |
| US11651287B1 (en) | Privacy-preserving multi-party machine learning using a database cleanroom | |
| CN105117280A (en) | Virtual machine migration device and method | |
| US10289616B2 (en) | Virtual datacenter private sublets for quarantined access to data | |
| CN109508226B (en) | Openstack-based virtual machine life cycle management method | |
| US12067005B2 (en) | Data clean room using defined access via native applications | |
| CN110460577B (en) | Intrusion detection system based on improved computer viruses | |
| CN111654537A (en) | Enterprise data cloud storage device and equipment | |
| US20240281526A1 (en) | Adversary alerting and processing system (alps) | |
| US11880281B1 (en) | Intelligent destination target selection for remote backups |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160406 |
|
| RJ01 | Rejection of invention patent application after publication |