CN117834653A - Data network security system with synchronous and hierarchical node isolation - Google Patents
Data network security system with synchronous and hierarchical node isolation Download PDFInfo
- Publication number
- CN117834653A CN117834653A CN202311773570.XA CN202311773570A CN117834653A CN 117834653 A CN117834653 A CN 117834653A CN 202311773570 A CN202311773570 A CN 202311773570A CN 117834653 A CN117834653 A CN 117834653A
- Authority
- CN
- China
- Prior art keywords
- data
- node
- synchronization
- network management
- performance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000001360 synchronised effect Effects 0.000 title claims abstract description 119
- 238000002955 isolation Methods 0.000 title claims abstract description 63
- 238000007726 management method Methods 0.000 claims description 99
- 238000012545 processing Methods 0.000 claims description 58
- 238000004891 communication Methods 0.000 claims description 35
- 230000008859 change Effects 0.000 claims description 13
- 238000012544 monitoring process Methods 0.000 claims description 12
- 238000012800 visualization Methods 0.000 claims description 11
- 238000001914 filtration Methods 0.000 claims description 10
- 238000004140 cleaning Methods 0.000 claims description 9
- 238000012986 modification Methods 0.000 claims description 9
- 230000004048 modification Effects 0.000 claims description 9
- 238000013500 data storage Methods 0.000 claims description 7
- 210000001503 joint Anatomy 0.000 claims description 7
- 238000000926 separation method Methods 0.000 claims description 7
- 238000012216 screening Methods 0.000 claims description 4
- 230000002688 persistence Effects 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 6
- 238000000034 method Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 230000000007 visual effect Effects 0.000 description 3
- 230000002708 enhancing effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a data network security system of node synchronous hierarchical isolation, which comprises: the node isolation module is used for establishing a master node and a slave node corresponding to the master node based on a master service module and a master database of the data network, and establishing a synchronous hierarchical isolation sub-network management system; the data synchronization module is used for synchronizing the performance data corresponding to the master node into the slave node performance database based on the synchronization hierarchical isolation sub-network management system; the network management module is used for the upper network manager to acquire the performance data of the network element equipment through the slave nodes of the synchronous hierarchical isolation sub-network management system; the dynamic adjustment module is used for adjusting the synchronous data of the slave node according to the service customization information of the upper network manager. The master node acquires the performance data of the network element equipment and synchronizes the performance data to the slave node, and the upper-level network manager acquires the corresponding performance data from the slave node, so that the upper-level network manager is isolated from the master database of the network management system, and the performance and the safety of the master database are effectively improved.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a data network security system with synchronous and hierarchical node isolation.
Background
When the equipment provider network manager is in butt joint with the carrier upper network manager, the database view interface is generally adopted for butt joint, but the following problems exist in the method of butt joint of the database view interface: the customized view needs to make a database script, and the version period is long; the performance data scale can reach hundreds of millions, when the upper network manager performs complex association query on the database view, the occupation of resources on the network manager database is large, and the normal operation of other service modules such as alarms, resources and the like is influenced; in view of use efficiency, all performance counters cannot be opened to an upper-level network manager, namely, in the data management method of the existing network management system, as the upper-level network manager directly accesses the main database by adopting a view interface, the main database needs to occupy other main service resources for the upper-level network manager to access, so that the performance of the main database is reduced. Accordingly, a data network security system for node synchronization hierarchical isolation is provided.
Disclosure of Invention
The invention provides a data network security system with synchronous and hierarchical isolation of nodes, which is characterized in that a master node obtains service data and performance data of network element equipment and synchronizes the performance data to a slave node, an upper-level network manager can obtain the performance data from the slave node, the isolation between the upper-level network manager and a master database is realized, the master database does not need to occupy main service resources of the master database, and the access performance data of the upper-level network manager is effectively improved, and the view interface and the database performance are effectively improved. The invention can customize the needed product data at the slave node, the slave node synchronizes the performance data from the master node according to the customized content, and the independent slave node performance database can meet the high-load query operation of the upper network manager.
The invention provides a data network security system of node synchronous hierarchical isolation, which comprises:
the node isolation module is used for establishing a master node and a slave node corresponding to the master node based on the master service module and the master database of the data network, and establishing a synchronous hierarchical isolation sub-network management system;
the data synchronization module is used for synchronizing the performance data corresponding to the master node into the slave node performance database based on the synchronization hierarchical isolation sub-network management system;
the network management module is used for the upper network manager to acquire the performance data of the network element equipment through the slave nodes of the synchronous hierarchical isolation sub-network management system;
and the dynamic adjustment module is used for adjusting the synchronous data of the slave node according to the service customization information of the upper network manager.
Preferably, in a data network security system with synchronous and hierarchical node isolation, the node isolation module includes:
the node establishing unit is used for generating a master node based on a master service module and a master database of the data network, taking the service database as a reference, establishing a performance database with adjustable access rights, and establishing a slave node based on the performance database;
and the synchronous connection unit is used for setting the access rights of the master node and the slave node respectively, establishing a data synchronous communication channel between the master node and the slave node and generating a synchronous hierarchical isolation sub-network management system.
Preferably, in a data network security system with node synchronization and hierarchical isolation, a data synchronization module includes:
the device comprises an acquisition storage unit, a service main database and a service sub-network management system, wherein the acquisition storage unit is used for acquiring device performance data of network element devices through a main node of the synchronous hierarchical isolation sub-network management system and storing the performance data into the service main database;
the data synchronization unit is used for acquiring data to be synchronized of the main service database of the main node through the interface machine module based on the data synchronization communication channel, and updating the synchronous data of the performance database of the node based on the data to be synchronized.
Preferably, in a data network security system with node synchronization and hierarchical isolation, a data synchronization unit includes:
the data separation subunit is used for acquiring the current data synchronization authority of the data synchronization communication channel, and determining the data to be synchronized corresponding to the slave node and the storage positions corresponding to the data to be synchronized based on the current data synchronization authority;
positioning a storage file corresponding to the data to be synchronized based on a storage position, acquiring a data storage characteristic corresponding to the storage file, and determining storage logic between the data to be synchronized and associated data based on the data storage characteristic;
according to the storage logic, carrying out data separation on the multi-type data in the storage file to obtain data to be synchronized;
the data filtering subunit is used for identifying the data to be synchronized based on a preset model, extracting the characteristics of the data to be synchronized, comparing the characteristics of the data to be synchronized with the preset characteristics of the data to be synchronized, and judging that the data to be synchronized is qualified when the characteristics of the data to be synchronized are consistent with the characteristics of the preset data;
otherwise, carrying out visualization processing on the data to be synchronized, comparing the visualization result with a visualization template of the result to be processed, determining redundant data, eliminating the redundant data to obtain filtered data, and taking the filtered data as qualified data to be synchronized;
and storing the qualified data to be synchronized into a performance database of the slave node after persistence processing.
Preferably, in a data network security system with synchronous hierarchical isolation of nodes, a network management module includes:
the data receiving unit is used for receiving the access request of the upper network manager and butting the upper network manager with the slave node;
the data processing unit is used for acquiring the operation information of the upper network management after the butt joint is finished, acquiring data in the performance database based on the operation information to acquire target performance data, and processing the target performance data to acquire a processing result;
and the data display unit is used for displaying the processing result to the display page of the upper network manager.
Preferably, in a data network security system with synchronous hierarchical isolation of nodes, a data processing unit includes:
the operation analysis subunit is used for analyzing the operation information corresponding to the current operation of the upper network manager, determining the operation type of the upper network manager, determining expected operation data based on a preset operation list, and generating a retrieval tag according to the data information corresponding to the expected operation data;
the data acquisition subunit is used for searching in the performance database of the slave node based on the search label, judging whether expected operation data exist or not, and acquiring the expected operation data as target performance data if the expected operation data exist;
if the request does not exist, an acquisition application of expected operation data is generated, after the slave node receives the acquisition application, an authority change communication protocol is generated based on a communication rule between the master node and the slave node, the data synchronization communication channel verifies the authority change communication protocol, after verification is passed, the node authority of the data synchronization communication channel is changed based on the authority change communication protocol, the expected operation data is synchronously acquired to update a performance database, and the expected operation data is used as target performance data;
the data processing subunit is used for acquiring a data processing strategy corresponding to the current operation of the upper network management based on the preset operation list, and processing the target performance data according to the data processing strategy to acquire a processing result corresponding to the operation of the upper network management.
Preferably, in a data network security system with synchronous hierarchical isolation of nodes, the data processing unit further includes:
the operation filtering subunit is used for monitoring the real-time operation of the upper network management, judging whether the plurality of real-time operations are the same operation or not when the plurality of real-time operations exist in the preset time, and if yes, combining the plurality of real-time operations into one operation and sending the operation to the operation analyzing subunit;
otherwise, determining that the real-time multiple real-time operations are invalid operations.
Preferably, in a data network security system with synchronous hierarchical isolation of nodes, the data processing unit further includes:
the data cleaning subunit is used for acquiring target performance data, grouping the target performance data based on the data type of the target performance data to obtain a plurality of data groups, performing associated cleaning on the plurality of data groups based on the data internal logic of the preset target performance data to obtain effective target performance data, and sending the effective target performance data to the data processing subunit for processing.
Preferably, in a data network security system with synchronous hierarchical isolation of nodes, a dynamic adjustment module includes:
the service customizing unit is used for receiving service customizing information of the upper network manager, analyzing the service customizing information, determining monitoring items of the upper network manager on network element equipment, and determining data types corresponding to each monitoring item;
the synchronization adjustment unit is used for comparing the data type with original synchronization data of the slave node, judging whether a synchronization data difference exists, acquiring the synchronization data difference if the synchronization data difference exists, and generating a synchronization authority modification instruction based on the synchronization data difference;
and the permission adjustment unit is used for modifying the data synchronization permission of the data synchronization communication channel based on the synchronization permission modification instruction.
Preferably, in a data network security system with synchronous hierarchical isolation of nodes, the dynamic adjustment module further includes:
the customized screening unit is used for acquiring the network management grade corresponding to the upper network management, determining the performance data query authority corresponding to the upper network management according to the network management grade, and judging whether the service customized contents corresponding to the upper network management in real time all meet the corresponding performance data query authority;
if yes, judging that the customized service of the upper network manager is legal, and sending the service customized information of the upper network manager to the service customized unit;
if not, illegal customized services are removed, unqualified notification is generated and sent to the superior network manager, and service customized information corresponding to the residual customized services is obtained and sent to the service customized unit.
Compared with the prior art, the invention has at least the following beneficial effects:
the invention establishes the master node and the corresponding slave node based on the master service module and the master database of the data network through the node isolation module, establishes the synchronous hierarchical isolation sub-network management system, and realizes the isolation between the master database of the upper-level network management and the network management system; synchronizing performance data corresponding to a master node into a slave node performance database based on a synchronous hierarchical isolation sub-network management system through a data synchronization module, ensuring that the performance data obtained by a superior network management is consistent with real-time performance data of network element equipment, and effectively ensuring timeliness of the data obtained by the superior network management; the slave node synchronizes the performance data according to the master node according to the operation of the slave node, and the independent slave node performance database obtains the query operation meeting the high load of the upper network manager, thereby enhancing the use experience of users, completing the access of the upper network manager on the premise of not occupying the master service resource of the master database, and effectively improving the performance of the master database. The invention can realize the customization of the service content of the upper network management by adjusting the synchronous data of the slave nodes according to the service customization information of the upper network management by the dynamic adjustment module, so that the master node can selectively synchronize the data of the slave nodes, thereby effectively improving the data query efficiency of the upper network management. The superior network manager can flexibly customize the required product data at the slave node, the slave node synchronizes the performance data according to the superior network manager customized service content from the master node, and the independent slave node performance database can meet the high-load query operation of the superior network manager.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objects and other advantages of the invention may be realized and obtained by means of the instrumentalities particularly pointed out in the specification.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
FIG. 1 is a schematic diagram of a data network security system with synchronous hierarchical isolation of nodes according to the present invention;
FIG. 2 is a schematic diagram of the connections between devices;
FIG. 3 is a schematic diagram of a node isolation module of a data network security system for node synchronization hierarchical isolation according to the present invention;
FIG. 4 is a schematic diagram of a data synchronization module of a data network security system with node synchronization and hierarchical isolation according to the present invention;
FIG. 5 is a schematic diagram of a network management module of a data network security system with synchronous hierarchical isolation of nodes according to the present invention;
fig. 6 is a schematic diagram of a dynamic adjustment module of a data network security system with synchronous and hierarchical node isolation according to the present invention.
Detailed Description
The preferred embodiments of the present invention will be described below with reference to the accompanying drawings, it being understood that the preferred embodiments described herein are for illustration and explanation of the present invention only, and are not intended to limit the present invention.
Example 1:
the invention provides a data network security system with synchronous and hierarchical isolation nodes, as shown in figure 1, comprising:
the node isolation module is used for establishing a master node and a slave node corresponding to the master node based on the master service module and the master database of the data network, and establishing a synchronous hierarchical isolation sub-network management system;
the data synchronization module is used for synchronizing the performance data corresponding to the master node into the slave node performance database based on the synchronization hierarchical isolation sub-network management system;
the network management module is used for the upper network manager to acquire the performance data of the network element equipment through the slave nodes of the synchronous hierarchical isolation sub-network management system;
and the dynamic adjustment module is used for adjusting the synchronous data of the slave node according to the service customization information of the upper network manager.
In this embodiment, the synchronization hierarchical isolation sub-network management system is composed of a master node and a slave node, where the master node obtains service data and performance data of the network element device, and the slave node is in data synchronization with the master node, and the upper network management can obtain the performance data from the slave node, as shown in fig. 2.
In this embodiment, the service customization information refers to customization of performance data that an upper network manager needs to view.
The beneficial effects of the technical scheme are that: the invention establishes the master node and the corresponding slave node based on the master service module and the master database of the data network through the node isolation module, establishes the synchronous hierarchical isolation sub-network management system, and realizes the isolation between the master database of the upper-level network management and the network management system; synchronizing performance data corresponding to a master node into a slave node performance database based on a synchronous hierarchical isolation sub-network management system through a data synchronization module, ensuring that the performance data obtained by a superior network management is consistent with real-time performance data of network element equipment, and effectively ensuring timeliness of the data obtained by the superior network management; the slave node synchronizes the performance data according to the master node according to the operation of the slave node, and the independent slave node performance database obtains the query operation meeting the high load of the upper network manager, thereby enhancing the use experience of users, completing the access of the upper network manager on the premise of not occupying the master service resource of the master database, and effectively improving the performance of the master database. The invention can realize the customization of the service content of the upper network management by adjusting the synchronous data of the slave nodes according to the service customization information of the upper network management by the dynamic adjustment module, so that the master node can selectively synchronize the data of the slave nodes, thereby effectively improving the data query efficiency of the upper network management. The superior network manager can flexibly customize the required product data at the slave node, the slave node synchronizes the performance data according to the superior network manager customized service content from the master node, and the independent slave node performance database can meet the high-load query operation of the superior network manager.
Example 2:
on the basis of embodiment 1, the node isolation module, as shown in fig. 3, includes:
the node establishing unit is used for generating a master node based on a master service module and a master database of the data network, taking the service database as a reference, establishing a performance database with adjustable access rights, and establishing a slave node based on the performance database;
and the synchronous connection unit is used for setting the access rights of the master node and the slave node respectively, establishing a data synchronous communication channel between the master node and the slave node and generating a synchronous hierarchical isolation sub-network management system.
In this embodiment, the performance database is a database corresponding to the slave node.
In this embodiment, setting access rights of the master node and the slave node respectively means that the master node obtains service data and performance data of the network element device, and the slave node can only obtain synchronous performance data from the master node and cannot access the network element device.
The beneficial effects of the technical scheme are that: the invention establishes the master node and the slave node through the node establishing unit and the synchronous connecting unit, and directly establishes the data synchronous communication channel between the master node and the slave node to generate the synchronous hierarchical isolation sub-network management system, thereby realizing the collection and storage of the performance data and the service data of the corresponding network element equipment, realizing the isolation between the upper network management and the master database, and effectively improving the safety of the master database.
Example 3:
on the basis of embodiment 1, the data synchronization module, as shown in fig. 4, includes:
the device comprises an acquisition storage unit, a service main database and a service sub-network management system, wherein the acquisition storage unit is used for acquiring device performance data of network element devices through a main node of the synchronous hierarchical isolation sub-network management system and storing the performance data into the service main database;
the data synchronization unit is used for acquiring data to be synchronized of the main service database of the main node through the interface machine module based on the data synchronization communication channel, and updating the synchronous data of the performance database of the node based on the data to be synchronized.
In this embodiment, the data to be synchronized refers to the latest updated performance data related to the upper network management customized service in the master node.
The beneficial effects of the technical scheme are that: according to the invention, the acquisition and storage of the performance data of the network element equipment are realized through the acquisition storage unit and the data synchronization unit, and the latest relevant performance data is synchronized to the slave node according to the customized service information of the upper network management, so that the update of the slave node performance database is realized, the timeliness of the data obtained by the upper network management is effectively improved while the consistency of the performance data obtained by the upper network management and the real-time performance data of the network element equipment is ensured, the latest performance data of the network element equipment is ensured, and the accuracy of network security monitoring and evaluation is improved.
Example 4:
on the basis of embodiment 3, the data synchronization unit includes:
the data separation subunit is used for acquiring the current data synchronization authority of the data synchronization communication channel, and determining the data to be synchronized corresponding to the slave node and the storage positions corresponding to the data to be synchronized based on the current data synchronization authority;
positioning a storage file corresponding to the data to be synchronized based on a storage position, acquiring a data storage characteristic corresponding to the storage file, and determining storage logic between the data to be synchronized and associated data based on the data storage characteristic;
according to the storage logic, carrying out data separation on the multi-type data in the storage file to obtain data to be synchronized;
the data filtering subunit is used for identifying the data to be synchronized based on a preset model, extracting the characteristics of the data to be synchronized, comparing the characteristics of the data to be synchronized with the preset characteristics of the data to be synchronized, and judging that the data to be synchronized is qualified when the characteristics of the data to be synchronized are consistent with the characteristics of the preset data;
otherwise, carrying out visualization processing on the data to be synchronized, comparing the visualization result with a visualization template of the result to be processed, determining redundant data, eliminating the redundant data to obtain filtered data, and taking the filtered data as qualified data to be synchronized;
and storing the qualified data to be synchronized into a performance database of the slave node after persistence processing.
In this embodiment, the current data synchronization authority refers to a range of performance data that can be synchronized by the current slave node from the master node.
In this embodiment, the storage file refers to a file in the main database that includes data to be synchronized and other related data of the data to be synchronized.
In this embodiment, the data storage feature refers to a storage association relationship between data in a storage file and other kinds of data.
In this embodiment, the synchronous data feature refers to a data feature of data to be synchronized.
In this embodiment, the redundant data refers to data that is not in the effective area when the visualization result is compared with the visualization template after the data to be synchronized is visualized. The visual template is a standard template after data of a data type corresponding to the data to be synchronized is visualized, effective data corresponding to the template is distributed in an effective area of the visual template, and ineffective data (redundant data) is distributed in an ineffective area of the visual template.
In this embodiment, filtering data refers to extracting data to be synchronized of redundant data.
The beneficial effects of the technical scheme are that: according to the invention, the data to be synchronized in the master node is separated from other types of data by the data separation unit, so that the data to be synchronized with only performance data is obtained, and then the data with synchronization is subjected to further comparison and filtration by the data filtration subunit, so that the interference of other data in the process of synchronizing the data to the slave node is avoided, the data security of the master database is improved, and the leakage of non-performance data is avoided.
Example 5:
on the basis of embodiment 1, the network management module, as shown in fig. 5, includes:
the data receiving unit is used for receiving the access request of the upper network manager and butting the upper network manager with the slave node;
the data processing unit is used for acquiring the operation information of the upper network management after the butt joint is finished, acquiring data in the performance database based on the operation information to acquire target performance data, and processing the target performance data to acquire a processing result;
and the data display unit is used for displaying the processing result to the display page of the upper network manager.
In this embodiment, the target performance data refers to data that needs to be invoked by the upper network operation.
The beneficial effects of the technical scheme are that: the invention receives the access request of the upper network manager through the data receiving unit, and the upper network manager is in butt joint with the slave node, so that the upper network manager can successfully acquire the response performance data under the condition of isolated from the main data path, then the data processing unit can screen the data in the slave node performance database, the performance data required by the current operation of the upper network manager can be ensured to be acquired, the performance data can be displayed after automatic processing, and the intelligent degree of the system can be effectively improved.
Example 6:
on the basis of embodiment 5, the data processing unit includes:
the operation analysis subunit is used for analyzing the operation information corresponding to the current operation of the upper network manager, determining the operation type of the upper network manager, determining expected operation data based on a preset operation list, and generating a retrieval tag according to the data information corresponding to the expected operation data;
the data acquisition subunit is used for searching in the performance database of the slave node based on the search label, judging whether expected operation data exist or not, and acquiring the expected operation data as target performance data if the expected operation data exist;
if the request does not exist, an acquisition application of expected operation data is generated, after the slave node receives the acquisition application, an authority change communication protocol is generated based on a communication rule between the master node and the slave node, the data synchronization communication channel verifies the authority change communication protocol, after verification is passed, the node authority of the data synchronization communication channel is changed based on the authority change communication protocol, the expected operation data is synchronously acquired to update a performance database, and the expected operation data is used as target performance data;
the data processing subunit is used for acquiring a data processing strategy corresponding to the current operation of the upper network management based on the preset operation list, and processing the target performance data according to the data processing strategy to acquire a processing result corresponding to the operation of the upper network management.
In this embodiment, the operation information refers to the operation content corresponding to the upper network management operation instruction.
In this embodiment, the preset operation list refers to a list including all operations of the upper network manager and corresponding operations to implement data types and data processing policies.
In this embodiment, the expected operation data refers to performance data required for completing the operation of the upper network management.
In the present embodiment, the search tag refers to a tag for searching in the performance database.
In this embodiment, the acquiring application refers to an application for synchronizing performance data of a certain type of network element device sent by the slave node from the master node.
In this embodiment, the permission change communication protocol refers to a change protocol for synchronizing data contents between a master node and a slave node.
In this embodiment, the network management level of the current upper network management needs to be verified while generating the permission change communication protocol, and when the access permission corresponding to the network management level of the current network management includes the expected operation data, the permission change communication protocol is sent to the data synchronous communication channel;
otherwise, sending an unauthorized operation notification to the upper network manager.
The beneficial effects of the technical scheme are that: the invention analyzes the operation information of the upper network management after receiving the operation of the upper network management, determines the operation type of the upper network management, determines expected operation data based on a preset operation list, generates a search label to search in a performance database, judges whether the performance data corresponding to the upper network management operation exists in the performance data path of the slave node, automatically updates the synchronous authority between the master node and the slave node when the performance data corresponding to the upper network management operation does not exist in the performance data path of the slave node, ensures the successful completion of the current operation under the condition that the access authority of the upper network management is legal, acquires a data processing strategy corresponding to the current operation of the upper network management based on the preset operation list, processes the target performance data according to the data processing strategy to acquire a processing result corresponding to the upper network management operation, and realizes the automatic processing of the target performance data.
Example 7:
on the basis of embodiment 6, the data processing unit further includes:
the operation filtering subunit is used for monitoring the real-time operation of the upper network management, judging whether the plurality of real-time operations are the same operation or not when the plurality of real-time operations exist in the preset time, and if yes, combining the plurality of real-time operations into one operation and sending the operation to the operation analyzing subunit;
otherwise, determining that the real-time multiple real-time operations are invalid operations.
The beneficial effects of the technical scheme are that: the invention monitors the real-time operation of the upper network management through the operation filtering subunit, when a plurality of real-time operations exist in preset time, whether the plurality of real-time operations are the same operation is judged, if yes, the plurality of real-time operations are combined into one operation to be sent to the operation analysis subunit; otherwise, judging that the real-time multiple real-time operations are invalid operations, and avoiding the system memory pressure caused by frequent view expansion in a short time due to the operations.
Example 8:
on the basis of embodiment 6, the data processing unit further includes:
the data cleaning subunit is used for acquiring target performance data, grouping the target performance data based on the data type of the target performance data to obtain a plurality of data groups, performing associated cleaning on the plurality of data groups based on the data internal logic of the preset target performance data to obtain effective target performance data, and sending the effective target performance data to the data processing subunit for processing.
In this embodiment, the data internal logic refers to a logic relationship between different kinds of performance data.
In this embodiment, the association cleaning means that when a certain data in a certain data set has a missing data and needs to be removed, the data in the other data sets and the data in the data internal logic (i.e. association relation) of the data have also need to be removed.
The beneficial effects of the technical scheme are that: the invention groups the target performance data through the data cleaning subunit, carries out associated cleaning on a plurality of data groups according to the data internal logic of the preset target performance data, obtains effective target performance data, and sends the effective target performance data to the data processing subunit for processing, thereby ensuring the integrity and the effectiveness of the target data in the data processing process.
Example 9:
on the basis of embodiment 1, the dynamic adjustment module, as shown in fig. 6, includes:
the service customizing unit is used for receiving service customizing information of the upper network manager, analyzing the service customizing information, determining monitoring items of the upper network manager on network element equipment, and determining data types corresponding to each monitoring item;
the synchronization adjustment unit is used for comparing the data type with original synchronization data of the slave node, judging whether a synchronization data difference exists, acquiring the synchronization data difference if the synchronization data difference exists, and generating a synchronization authority modification instruction based on the synchronization data difference;
and the permission adjustment unit is used for modifying the data synchronization permission of the data synchronization communication channel based on the synchronization permission modification instruction.
In this embodiment, the monitoring item refers to a network monitoring item of the upper network manager on the network element device.
In this embodiment, the synchronization data difference refers to a difference between the performance data currently synchronized by the slave node and the master node and the data type corresponding to the current customization of the upper network manager.
In this embodiment, the synchronization authority modification instruction refers to modifying a data range corresponding to synchronization between a master node and a slave node.
The beneficial effects of the technical scheme are that: the invention realizes the customization of the upper network management through the service customization unit, the synchronization adjustment unit and the authority adjustment unit, so that the master node selectively performs data synchronization on the slave nodes, and the data query efficiency of the upper network management is effectively improved.
Example 10:
on the basis of embodiment 9, the dynamic adjustment module, as shown in fig. 6, further includes:
the customized screening unit is used for acquiring the network management grade corresponding to the upper network management, determining the performance data query authority corresponding to the upper network management according to the network management grade, and judging whether the service customized contents corresponding to the upper network management in real time all meet the corresponding performance data query authority;
if yes, judging that the customized service of the upper network manager is legal, and sending the service customized information of the upper network manager to the service customized unit;
if not, illegal customized services are removed, unqualified notification is generated and sent to the superior network manager, and service customized information corresponding to the residual customized services is obtained and sent to the service customized unit.
In this embodiment, the network management level refers to the level of the upper network management currently operating. Different network management levels have performance data query authorities of different network element devices.
In this embodiment, the remaining customized services refer to all customized services except the non-customized service in the upper network manager.
In this embodiment, the unqualified notification refers to that some services customized by the upper network manager are not matched with the query authority of the service.
The beneficial effects of the technical scheme are that: the invention judges the validity of the customized service of the upper network manager through the customized screening unit, ensures that the customized service of the user is matched with the corresponding query authority, avoids the user from acquiring the data which is not matched with the query authority from the slave node, and effectively improves the safety of the master database.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. A data network security system for synchronous hierarchical isolation of nodes, comprising:
the node isolation module is used for establishing a master node and a slave node corresponding to the master node based on the master service module and the master database of the data network, and establishing a synchronous hierarchical isolation sub-network management system;
the data synchronization module is used for synchronizing the performance data corresponding to the master node into the slave node performance database based on the synchronization hierarchical isolation sub-network management system;
the network management module is used for the upper network manager to acquire the performance data of the network element equipment through the slave nodes of the synchronous hierarchical isolation sub-network management system;
and the dynamic adjustment module is used for adjusting the synchronous data of the slave node according to the service customization information of the upper network manager.
2. The data network security system of claim 1, wherein the node isolation module comprises:
the node establishing unit is used for generating a master node based on a master service module and a master database of the data network, taking the service database as a reference, establishing a performance database with adjustable access rights, and establishing a slave node based on the performance database;
and the synchronous connection unit is used for setting the access rights of the master node and the slave node respectively, establishing a data synchronous communication channel between the master node and the slave node and generating a synchronous hierarchical isolation sub-network management system.
3. The data network security system of claim 1, wherein the data synchronization module comprises:
the device comprises an acquisition storage unit, a service main database and a service sub-network management system, wherein the acquisition storage unit is used for acquiring device performance data of network element devices through a main node of the synchronous hierarchical isolation sub-network management system and storing the performance data into the service main database;
the data synchronization unit is used for acquiring data to be synchronized of the main service database of the main node through the interface machine module based on the data synchronization communication channel, and updating the synchronous data of the performance database of the node based on the data to be synchronized.
4. A data network security system of a node synchronization hierarchical isolation according to claim 3, characterized by a data synchronization unit comprising:
the data separation subunit is used for acquiring the current data synchronization authority of the data synchronization communication channel, and determining the data to be synchronized corresponding to the slave node and the storage positions corresponding to the data to be synchronized based on the current data synchronization authority;
positioning a storage file corresponding to the data to be synchronized based on a storage position, acquiring a data storage characteristic corresponding to the storage file, and determining storage logic between the data to be synchronized and associated data based on the data storage characteristic;
according to the storage logic, carrying out data separation on the multi-type data in the storage file to obtain data to be synchronized;
the data filtering subunit is used for identifying the data to be synchronized based on a preset model, extracting the characteristics of the data to be synchronized, comparing the characteristics of the data to be synchronized with the preset characteristics of the data to be synchronized, and judging that the data to be synchronized is qualified when the characteristics of the data to be synchronized are consistent with the characteristics of the preset data;
otherwise, carrying out visualization processing on the data to be synchronized, comparing the visualization result with a visualization template of the result to be processed, determining redundant data, eliminating the redundant data to obtain filtered data, and taking the filtered data as qualified data to be synchronized;
and storing the qualified data to be synchronized into a performance database of the slave node after persistence processing.
5. The data network security system of claim 1, wherein the network management module comprises:
the data receiving unit is used for receiving the access request of the upper network manager and butting the upper network manager with the slave node;
the data processing unit is used for acquiring the operation information of the upper network management after the butt joint is finished, acquiring data in the performance database based on the operation information to acquire target performance data, and processing the target performance data to acquire a processing result;
and the data display unit is used for displaying the processing result to the display page of the upper network manager.
6. A data network security system of node synchronous hierarchical isolation as claimed in claim 5, wherein the data processing unit comprises:
the operation analysis subunit is used for analyzing the operation information corresponding to the current operation of the upper network manager, determining the operation type of the upper network manager, determining expected operation data based on a preset operation list, and generating a retrieval tag according to the data information corresponding to the expected operation data;
the data acquisition subunit is used for searching in the performance database of the slave node based on the search label, judging whether expected operation data exist or not, and acquiring the expected operation data as target performance data if the expected operation data exist;
if the request does not exist, an acquisition application of expected operation data is generated, after the slave node receives the acquisition application, an authority change communication protocol is generated based on a communication rule between the master node and the slave node, the data synchronization communication channel verifies the authority change communication protocol, after verification is passed, the node authority of the data synchronization communication channel is changed based on the authority change communication protocol, the expected operation data is synchronously acquired to update a performance database, and the expected operation data is used as target performance data;
the data processing subunit is used for acquiring a data processing strategy corresponding to the current operation of the upper network management based on the preset operation list, and processing the target performance data according to the data processing strategy to acquire a processing result corresponding to the operation of the upper network management.
7. The data network security system of claim 6, wherein the data processing unit further comprises:
the operation filtering subunit is used for monitoring the real-time operation of the upper network management, judging whether the plurality of real-time operations are the same operation or not when the plurality of real-time operations exist in the preset time, and if yes, combining the plurality of real-time operations into one operation and sending the operation to the operation analyzing subunit;
otherwise, determining that the real-time multiple real-time operations are invalid operations.
8. The data network security system of claim 6, wherein the data processing unit further comprises:
the data cleaning subunit is used for acquiring target performance data, grouping the target performance data based on the data type of the target performance data to obtain a plurality of data groups, performing associated cleaning on the plurality of data groups based on the data internal logic of the preset target performance data to obtain effective target performance data, and sending the effective target performance data to the data processing subunit for processing.
9. The data network security system of claim 1, wherein the dynamic adjustment module comprises:
the service customizing unit is used for receiving service customizing information of the upper network manager, analyzing the service customizing information, determining monitoring items of the upper network manager on network element equipment, and determining data types corresponding to each monitoring item;
the synchronization adjustment unit is used for comparing the data type with original synchronization data of the slave node, judging whether a synchronization data difference exists, acquiring the synchronization data difference if the synchronization data difference exists, and generating a synchronization authority modification instruction based on the synchronization data difference;
and the permission adjustment unit is used for modifying the data synchronization permission of the data synchronization communication channel based on the synchronization permission modification instruction.
10. The data network security system of claim 1, wherein the dynamic adjustment module further comprises:
the customized screening unit is used for acquiring the network management grade corresponding to the upper network management, determining the performance data query authority corresponding to the upper network management according to the network management grade, and judging whether the service customized contents corresponding to the upper network management in real time all meet the corresponding performance data query authority;
if yes, judging that the customized service of the upper network manager is legal, and sending the service customized information of the upper network manager to the service customized unit;
if not, illegal customized services are removed, unqualified notification is generated and sent to the superior network manager, and service customized information corresponding to the residual customized services is obtained and sent to the service customized unit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311773570.XA CN117834653B (en) | 2023-12-22 | 2023-12-22 | Data network security system with synchronous and hierarchical node isolation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311773570.XA CN117834653B (en) | 2023-12-22 | 2023-12-22 | Data network security system with synchronous and hierarchical node isolation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN117834653A true CN117834653A (en) | 2024-04-05 |
CN117834653B CN117834653B (en) | 2024-08-02 |
Family
ID=90510703
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311773570.XA Active CN117834653B (en) | 2023-12-22 | 2023-12-22 | Data network security system with synchronous and hierarchical node isolation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117834653B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103051478A (en) * | 2012-12-24 | 2013-04-17 | 中兴通讯股份有限公司 | Large-capacity telecommunication network management system as well as setting and application methods thereof |
WO2015196654A1 (en) * | 2014-06-26 | 2015-12-30 | 中兴通讯股份有限公司 | Distributed management method and device for network management |
CN105429805A (en) * | 2015-12-21 | 2016-03-23 | 熊猫电子集团有限公司 | Distributed network management system and information processing method |
CN106470113A (en) * | 2015-08-19 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of network management system and data managing method |
WO2017031866A1 (en) * | 2015-08-21 | 2017-03-02 | 中兴通讯股份有限公司 | Service processing method and apparatus suitable for wireless capacity expansion |
US20180052902A1 (en) * | 2016-08-16 | 2018-02-22 | Quintessencelabs Pty Ltd. | Network partition handling in fault-tolerant key management system |
US20180081956A1 (en) * | 2013-11-04 | 2018-03-22 | Guangdong Electronics Industry Institute Ltd. | Method for automatically synchronizing multi-source heterogeneous data resources |
CN110362628A (en) * | 2019-06-20 | 2019-10-22 | 视联动力信息技术股份有限公司 | A kind of synchronous method and device cascading file |
CN111259072A (en) * | 2020-01-08 | 2020-06-09 | 广州虎牙科技有限公司 | Data synchronization method and device, electronic equipment and computer readable storage medium |
CN111538590A (en) * | 2020-04-17 | 2020-08-14 | 姜海强 | Distributed data acquisition method and system based on CS framework |
-
2023
- 2023-12-22 CN CN202311773570.XA patent/CN117834653B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103051478A (en) * | 2012-12-24 | 2013-04-17 | 中兴通讯股份有限公司 | Large-capacity telecommunication network management system as well as setting and application methods thereof |
US20180081956A1 (en) * | 2013-11-04 | 2018-03-22 | Guangdong Electronics Industry Institute Ltd. | Method for automatically synchronizing multi-source heterogeneous data resources |
WO2015196654A1 (en) * | 2014-06-26 | 2015-12-30 | 中兴通讯股份有限公司 | Distributed management method and device for network management |
CN106470113A (en) * | 2015-08-19 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of network management system and data managing method |
WO2017031866A1 (en) * | 2015-08-21 | 2017-03-02 | 中兴通讯股份有限公司 | Service processing method and apparatus suitable for wireless capacity expansion |
CN105429805A (en) * | 2015-12-21 | 2016-03-23 | 熊猫电子集团有限公司 | Distributed network management system and information processing method |
US20180052902A1 (en) * | 2016-08-16 | 2018-02-22 | Quintessencelabs Pty Ltd. | Network partition handling in fault-tolerant key management system |
CN110362628A (en) * | 2019-06-20 | 2019-10-22 | 视联动力信息技术股份有限公司 | A kind of synchronous method and device cascading file |
CN111259072A (en) * | 2020-01-08 | 2020-06-09 | 广州虎牙科技有限公司 | Data synchronization method and device, electronic equipment and computer readable storage medium |
CN111538590A (en) * | 2020-04-17 | 2020-08-14 | 姜海强 | Distributed data acquisition method and system based on CS framework |
Also Published As
Publication number | Publication date |
---|---|
CN117834653B (en) | 2024-08-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5758077A (en) | Service-centric monitoring system and method for monitoring of distributed services in a computing network | |
US10212055B2 (en) | System and method for dynamically grouping devices based on present device conditions | |
CN101741615B (en) | Server-based alarm filtering system and method | |
AU645174B2 (en) | Centralized supervisory system for transmission network elements and method of supervising transmission network elements | |
CN111736875A (en) | Version updating monitoring method, device, equipment and computer storage medium | |
CN101095307A (en) | Network management appliance | |
CN108234170A (en) | The monitoring method and device of a kind of server cluster | |
CN109460307B (en) | Micro-service calling tracking method and system based on log embedded point | |
CN106161644A (en) | Distributed system for data processing and data processing method thereof | |
CN111190955B (en) | Management, distribution and dispatching through checking method based on knowledge graph | |
CN114020581A (en) | Alarm correlation method based on topological optimization FP-Growth algorithm | |
CN112714172A (en) | Data synchronization method and device based on block chain technology and computer equipment | |
CN106227727A (en) | Daily record update method, device and the system of a kind of distributed system | |
CN113065026A (en) | Intelligent abnormal event detection system, method and medium based on security micro-service architecture | |
CN117834653B (en) | Data network security system with synchronous and hierarchical node isolation | |
CN110599321B (en) | Tax data processing method and device, server and storage medium | |
CN113190571B (en) | System based on message acquisition and multidimensional distribution | |
CN103684841A (en) | Network management server and link discovery comparison method | |
CN113839991A (en) | Method and device for confirming equipment information, storage medium and electronic device | |
CN116361240B (en) | Cloud document processing method, cloud document processing system and server | |
CN114911511A (en) | Software technology state management system | |
CN102870117A (en) | Acquisition method and apparatus for service information | |
CN114385197A (en) | Method and system for creating intelligent service | |
KR950010834B1 (en) | Flexible service network for computer systems | |
WO2022107406A1 (en) | Information processing system, information processing method, and computer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |