CN103747011A - High-bandwidth network safety system - Google Patents
High-bandwidth network safety system Download PDFInfo
- Publication number
- CN103747011A CN103747011A CN201410031530.2A CN201410031530A CN103747011A CN 103747011 A CN103747011 A CN 103747011A CN 201410031530 A CN201410031530 A CN 201410031530A CN 103747011 A CN103747011 A CN 103747011A
- Authority
- CN
- China
- Prior art keywords
- server
- management
- load
- security gateway
- safety system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 claims description 14
- 230000003993 interaction Effects 0.000 claims description 5
- 230000000284 resting effect Effects 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a high-bandwidth network safety system which comprises a management center, a security gateway, a core switch, a plurality of service switches, a plurality of load servers and a plurality of user terminals. The management center is connected with a wide area network sequentially by the security gateway and the core switch; the management center is used for implementing remote management on the plurality of load servers; each service switch is connected with the wide area network; each service switch is respectively connected with the load servers and the plurality of user terminals and is used for connecting the user terminal and the load server in each region to the wide area network; and the load servers are used for implementing management on the plurality of user terminals in the corresponding regions. The high-bandwidth network safety system has a multilevel management function, can implement load balancing and has high safety; the management center is provided with a center management master server and a center management secondary server so as to provide guarantee for continuous management ability of the load servers; and the multi-core security gateway can greatly improve data processing efficiency, promotes the system throughput, integrates with rich interfaces and has strong practicality.
Description
Technical field
The present invention relates to a kind of high bandwidth network safety system.
Background technology
Raising along with the penetration of information technology, enterprise, institutional settings or school all assembly internal network, network sets up, Information System configuration has brought a lot of facilities to these units, as resource-sharing, office automation and information transmission easily etc., has improved greatly operating efficiency.But along with the Opening degree of closed system improves, increasing information security issue is also appeared in one's mind out simultaneously.The features such as the opening that network has, sharing, make the information resources that are distributed in each server in a kind of high risk state, and these data are easy to be subject to the attack of the various malice such as illegal monitoring, bootlegging, unauthorized access.How effectively management information Internet resources, reasonably supervise their use, day by day become a major issue in information network application.
Existing network safety system is mainly by management server being set in control centre, by network, be connected to each user terminal, such system has the following disadvantages: once the management server of 1 network center breaks down, need to suspend management service, in use cannot reach the function of continuous service; 2, internal network does not generally arrange security gateway, and the safety in data exchange process can not get effective guarantee; 3, management server is directly connected to each user terminal by network, cannot realize multiple management.
Summary of the invention
The object of the invention is to overcome the deficiencies in the prior art, provide a kind of and there is multiple management function, can realize load balancing, safe high bandwidth network safety system, administrative center arranges centre management master server and centre management secondary server, for the sustainable management ability of load server provides guarantee; Security gateway adopts multinuclear security gateway, can increase substantially the treatment effeciency of data, elevator system throughput, and integrated abundant interface, practical.
The object of the invention is to be achieved through the following technical solutions: a kind of high bandwidth network safety system, it comprises administrative center, security gateway, core switch, a plurality of service switch, a plurality of load servers and a plurality of user terminal, administrative center is successively by security gateway and core switch connecting wan, administrative center is for realizing the telemanagement to a plurality of load servers, it is the control centre of whole network safety system, security gateway is for guaranteeing the safety of data interaction, core switch is for realizing being connected between administrative center and wide area network, complete exchanges data, each service switch connecting wan, each service switch is connected with a plurality of user terminals with load server respectively, each service switch is for being connected to wide area network by the user terminal in each region and load server, load server is for realizing the management of a plurality of user terminals of respective regions, user terminal is accepted the unified management of corresponding load server, receives strategy execution that corresponding load server issues.
A kind of high bandwidth network safety system also comprises a plurality of load management control desks, load management control desk is connected to service switch, interconnected between load management control desk and load server, coordinate with load server, realize the management of a plurality of user terminals of corresponding region.
Described administrative center comprises centre management master server and centre management secondary server, between centre management master server and centre management secondary server, interconnect, and be connected with security gateway respectively, centre management master server and centre management secondary server are all for a plurality of load servers of telemanagement, and centre management master server and centre management secondary server are when real work, only have a station server in running order, another is in resting state.
Described security gateway is multinuclear security gateway.Multinuclear security gateway comprises polycaryon processor, security module, ethernet controller, USB controller, serial communication interface, SPI interface and web search coprocessor, security module is connected with polycaryon processor, ethernet controller is connected with polycaryon processor by bus, by ethernet controller, expand a plurality of Ethernet interfaces, USB controller is connected with polycaryon processor by bus, by USB controller, expand a plurality of USB interface, web search coprocessor is connected with polycaryon processor by LA bus, be used for assisting polycaryon processor to complete needs real-time, the relatively-stationary operation of function, complete quick table lookup function, serial communication interface is connected with polycaryon processor respectively with SPI interface.
Described multinuclear security gateway also comprises wireless communication module, and wireless communication module is connected with polycaryon processor by bus.
The invention has the beneficial effects as follows:
(1) server comprises the center management server that is positioned at administrative center and the load server that is positioned at each region, meet a plurality of keepers in different location respectively the user terminal to different grouping manage, and realized the function of multiple management;
(2) be positioned at the server of administrative center as the management platform of other load servers, can carry out United Dispatching and management to load server, can carry out according to the loading condition of each load server the distribution of user terminal;
(3) administrative center is provided with two-server, be centre management master server and centre management secondary server, for the sustainable management ability of load server provides guarantee, once centre management master server breaks down, centre management secondary server can proceed to operating state from resting state automatically;
(4) be provided with security gateway, can effectively guarantee the safety of data interaction, improve the security performance of whole network safety system;
(5) security gateway adopts multinuclear security gateway, by polycaryon processor, realizes data processing, can increase substantially the treatment effeciency of data, elevator system throughput; Be provided with web search coprocessor, the work of tabling look-up is transferred to web search coprocessor and is completed from polycaryon processor, can significantly promote the performance of network safety system; Integrated abundant interface, practical.
Accompanying drawing explanation
Fig. 1 is theory diagram of the present invention;
Fig. 2 is the theory diagram of security gateway.
Embodiment
Below in conjunction with accompanying drawing, technical scheme of the present invention is described in further detail, but protection scope of the present invention is not limited to the following stated.
As shown in Figure 1, a kind of high bandwidth network safety system, it comprises administrative center, security gateway, core switch, a plurality of service switch, a plurality of load server and a plurality of user terminal, administrative center is successively by security gateway and core switch connecting wan, administrative center is for realizing the telemanagement to a plurality of load servers, it is the control centre of whole network safety system, security gateway is for guaranteeing the safety of data interaction, core switch, for realizing being connected between administrative center and wide area network, completes exchanges data; Each service switch is arranged on different regions, and difference connecting wan, each service switch is connected with a plurality of user terminals with load server respectively, each service switch is for being connected to wide area network by the user terminal in each region and load server, load server is for realizing the management of a plurality of user terminals of respective regions, user terminal is accepted the unified management of corresponding load server, receives strategy execution that corresponding load server issues.
A kind of high bandwidth network safety system also comprises a plurality of load management control desks, each load management control desk is arranged on different regions, load management control desk is connected to the service switch of respective regions, interconnected between load management control desk and load server, coordinate with load server, realize the management of a plurality of user terminals of corresponding region.Load management control desk provides good interface for man-machine interaction.
Described administrative center comprises centre management master server and centre management secondary server, between centre management master server and centre management secondary server, interconnect, and be connected with security gateway respectively, centre management master server and centre management secondary server are all for a plurality of load servers of telemanagement, and centre management master server and centre management secondary server are when real work, only have a station server in running order, another is in resting state.Between centre management master server and centre management secondary server, hold mode is communicated by letter, once centre management master server breaks down, centre management secondary server can initiatively proceed to operating state from resting state, load server is managed, thereby guaranteed the continuous and effective operation of network safety system.
Described security gateway is multinuclear security gateway.As shown in Figure 2, multinuclear security gateway comprises polycaryon processor, security module, wireless communication module, ethernet controller, USB controller, serial communication interface, SPI interface and web search coprocessor, and integrated SDRAM and NAND FLASH, security module is connected with polycaryon processor, realize enciphering and deciphering algorithm, ethernet controller is connected with polycaryon processor by bus, by ethernet controller, expand a plurality of Ethernet interfaces, USB controller is connected with polycaryon processor by bus, by USB controller, expand a plurality of USB interface, web search coprocessor is connected with polycaryon processor by LA bus, be used for assisting polycaryon processor to complete needs real-time, the relatively-stationary operation of function, complete quick table lookup function, serial communication interface is connected with polycaryon processor respectively with SPI interface, polycaryon processor connects external equipment by serial communication interface, SPI interface is used for realizing external 10GE ethernet port.Wireless communication module is connected with polycaryon processor by bus, realizes the function of radio communication.
Claims (6)
1. a high bandwidth network safety system, it is characterized in that: it comprises administrative center, security gateway, core switch, a plurality of service switch, a plurality of load server and a plurality of user terminal, administrative center is successively by security gateway and core switch connecting wan, administrative center is for realizing the telemanagement to a plurality of load servers, it is the control centre of whole network safety system, security gateway is for guaranteeing the safety of data interaction, core switch, for realizing being connected between administrative center and wide area network, completes exchanges data; Each service switch connecting wan, each service switch is connected with a plurality of user terminals with load server respectively, each service switch is for being connected to wide area network by the user terminal in each region and load server, load server is for realizing the management of a plurality of user terminals of respective regions, user terminal is accepted the unified management of corresponding load server, receives strategy execution that corresponding load server issues.
2. a kind of high bandwidth network safety system according to claim 1, it is characterized in that: it also comprises a plurality of load management control desks, load management control desk is connected to service switch, interconnected between load management control desk and load server, coordinate with load server, realize the management of a plurality of user terminals of corresponding region.
3. a kind of high bandwidth network safety system according to claim 1, it is characterized in that: described administrative center comprises centre management master server and centre management secondary server, between centre management master server and centre management secondary server, interconnect, and be connected with security gateway respectively, centre management master server and centre management secondary server are all for a plurality of load servers of telemanagement, and centre management master server and centre management secondary server are when real work, only have a station server in running order, another is in resting state.
4. a kind of high bandwidth network safety system according to claim 1, is characterized in that: described security gateway is multinuclear security gateway.
5. a kind of high bandwidth network safety system according to claim 4, it is characterized in that: described multinuclear security gateway comprises polycaryon processor, security module, ethernet controller, USB controller, serial communication interface, SPI interface and web search coprocessor, security module is connected with polycaryon processor, ethernet controller is connected with polycaryon processor by bus, by ethernet controller, expand a plurality of Ethernet interfaces, USB controller is connected with polycaryon processor by bus, by USB controller, expand a plurality of USB interface, web search coprocessor is connected with polycaryon processor by LA bus, be used for assisting polycaryon processor to complete needs real-time, the relatively-stationary operation of function, complete quick table lookup function, serial communication interface is connected with polycaryon processor respectively with SPI interface.
6. according to a kind of high bandwidth network safety system described in claim 4 or 5, it is characterized in that: described multinuclear security gateway also comprises wireless communication module, and wireless communication module is connected with polycaryon processor by bus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410031530.2A CN103747011A (en) | 2014-01-23 | 2014-01-23 | High-bandwidth network safety system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410031530.2A CN103747011A (en) | 2014-01-23 | 2014-01-23 | High-bandwidth network safety system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103747011A true CN103747011A (en) | 2014-04-23 |
Family
ID=50503998
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410031530.2A Pending CN103747011A (en) | 2014-01-23 | 2014-01-23 | High-bandwidth network safety system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103747011A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109862553A (en) * | 2017-11-30 | 2019-06-07 | 华为技术有限公司 | terminal and communication method |
| CN110505115A (en) * | 2019-07-30 | 2019-11-26 | 网宿科技股份有限公司 | A method and device for monitoring the high risk of switch running |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1728663A (en) * | 2004-07-30 | 2006-02-01 | 神州亿品科技(北京)有限公司 | Mobile access controller, mobile locak area network and metropolitan area network, and access method |
| CN101136778A (en) * | 2006-08-02 | 2008-03-05 | 美国凹凸微系有限公司 | Policy based vpn configuration for firewall/vpn security gateway appliance |
| US20090006602A1 (en) * | 2007-06-27 | 2009-01-01 | Shinya Takeuchi | Multi-host management server in storage system, program for the same and path information management method |
| CN101500022A (en) * | 2009-03-09 | 2009-08-05 | 北大方正集团有限公司 | Data access resource allocation method, system and equipment therefor |
| CN101958937A (en) * | 2009-07-17 | 2011-01-26 | 中国移动通信集团公司 | A method for querying an analysis system, a number domain name system server, and a system |
| CN102331923A (en) * | 2011-10-13 | 2012-01-25 | 西安电子科技大学 | A Method for Implementing Function Macro Pipeline Based on Multi-core and Multi-thread Processor |
| CN103209119A (en) * | 2013-03-11 | 2013-07-17 | 苏州汉辰数字科技有限公司 | Low-power-consumption embedding type cloud intelligent gateway |
-
2014
- 2014-01-23 CN CN201410031530.2A patent/CN103747011A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1728663A (en) * | 2004-07-30 | 2006-02-01 | 神州亿品科技(北京)有限公司 | Mobile access controller, mobile locak area network and metropolitan area network, and access method |
| CN101136778A (en) * | 2006-08-02 | 2008-03-05 | 美国凹凸微系有限公司 | Policy based vpn configuration for firewall/vpn security gateway appliance |
| US20090006602A1 (en) * | 2007-06-27 | 2009-01-01 | Shinya Takeuchi | Multi-host management server in storage system, program for the same and path information management method |
| CN101500022A (en) * | 2009-03-09 | 2009-08-05 | 北大方正集团有限公司 | Data access resource allocation method, system and equipment therefor |
| CN101958937A (en) * | 2009-07-17 | 2011-01-26 | 中国移动通信集团公司 | A method for querying an analysis system, a number domain name system server, and a system |
| CN102331923A (en) * | 2011-10-13 | 2012-01-25 | 西安电子科技大学 | A Method for Implementing Function Macro Pipeline Based on Multi-core and Multi-thread Processor |
| CN103209119A (en) * | 2013-03-11 | 2013-07-17 | 苏州汉辰数字科技有限公司 | Low-power-consumption embedding type cloud intelligent gateway |
Non-Patent Citations (1)
| Title |
|---|
| 宫彦婷 等: "《安全网关技术在医院内网安全中的研究与应用》", 《中国医学装备》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109862553A (en) * | 2017-11-30 | 2019-06-07 | 华为技术有限公司 | terminal and communication method |
| CN109862553B (en) * | 2017-11-30 | 2022-07-12 | 华为技术有限公司 | Terminal and Communication Method |
| US11487910B2 (en) | 2017-11-30 | 2022-11-01 | Huawei Technologies Co., Ltd. | Terminal and communication method |
| US12141335B2 (en) | 2017-11-30 | 2024-11-12 | Huawei Technologies Co., Ltd. | Terminal and communication method |
| CN110505115A (en) * | 2019-07-30 | 2019-11-26 | 网宿科技股份有限公司 | A method and device for monitoring the high risk of switch running |
| CN110505115B (en) * | 2019-07-30 | 2021-07-13 | 网宿科技股份有限公司 | A method and device for monitoring high risk of switch running |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104578422B (en) | Remote maintenance method for transformer substation telecontrol forwarding table | |
| CN105100252A (en) | Network topology structure of distributed power monitoring system | |
| CN110224977A (en) | A kind of composite defense policy conflict digestion procedure and system | |
| CN204808029U (en) | Intelligence house remote control system based on AC and VPN technique | |
| CN103973578A (en) | Virtual machine traffic redirection method and device | |
| CN107942724A (en) | A kind of industry critical infrastructures protecting information safety simulation and verification platform | |
| CN103747011A (en) | High-bandwidth network safety system | |
| CN104902031A (en) | Enterprise intelligent cloud system based on virtual desktop | |
| CN203225789U (en) | virtual desktop terminal system | |
| CN104113434B (en) | A kind of data center network redundancy control apparatus using multiple cases group system | |
| CN109214540A (en) | Reserve shared office management system | |
| CN208063238U (en) | Data encryption security ViGap | |
| CN204887029U (en) | A configuration system for connecting a new type of WIFI chip to a router | |
| CN106487718A (en) | A kind of independently controlled router controls exchange system | |
| CN206258875U (en) | A kind of encryption equipment | |
| CN202475483U (en) | Safety isolation system | |
| CN207354339U (en) | A kind of power station integrated data processing system | |
| CN205812076U (en) | A kind of Computer information network engineering system | |
| CN205812053U (en) | A kind of network admittance control system for switch management | |
| CN204859202U (en) | Information security type intelligence house gateway | |
| CN204390011U (en) | A kind of power information control of intelligent terminal | |
| CN103810553A (en) | Building construction enterprise project management system | |
| CN103336931A (en) | Computer-networking information-safety application system | |
| CN203166986U (en) | Data security system of data center | |
| CN103490510B (en) | Modeling method of intelligent distributed FA model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20180105 |