虚拟网络防护系统的设计与实现
发布时间:2018-11-28 19:40
【摘要】:近年来,随着互联网行业的快速发展,云计算技术应运而生,并且在全世界范围内得到广泛应用和推广,云计算作为网格计算的替代品,实现了数据的集中存储、管理和共享,提供快捷方便的服务、高效精确的运算,还能大幅降低运营成本,保证业务连续性。凡事皆有利有弊,云计算虽说功能强大,但技术尚未成熟,在云计算的应用过程中,国内外出现安全事故的消息也不绝于耳,云计算的安全风险逐渐引起人们的重视,从单一用户到多租户、可控的物理边界到虚拟的网络边界,云安全的威胁无处不在,云计算的核心技术为虚拟化,虚拟网络的安全直接关系到云的安全,为了实现真正意义上的数据安全,为了使用户完全信赖云计算,让云计算的作用得到更大限度的发挥,从而实现大规模的应用和部署,必须保证虚拟网络的安全。由此可见,对系统的需求十分迫切。 本文完成的主要工作包括: (1)调研了国内外云计算的发展状况,对比了当前主流的虚拟化平台,并分析了虚拟网络防护系统所需要的理论和技术,包括虚拟化技术Hypervisor、 ESX/ESXi和Libvirt,访问控制技术IPTABLES, Web通信技术Django、Web.py和REST API; (2)从功能需求和性能需求等方面论述了虚拟网络防护系统的需求,在此基础上对系统进行了整体设计。为了兼顾系统的高可用性、稳定性和可护展性,采用了B/S架构为基本框架,系统按逻辑结构划分为展示层、控制层、接口层、功能模块层和数据层;设计了用户界面,定义了系统的基本功能,并对所有的功能模块进行详细的阐述; (3)研究分析了各大网站使用的框架,对比了主要的页面开发语言,并由此确定了系统的开发框架。为了实现整体结构的松耦合、灵活性和可伸缩性,选择基于MVC(模型-视图-控制)的软件架构模式;详细阐述了展示层模块、数据采集模块、策略模块以及关键数据库的设计与实现过程; (4)对系统测试环境及部署环境进行了详细阐述,通过功能测试、性能测试和安全测试验证了系统的可用性。 本文设计和实现的虚拟网络防护系统已经在国家某市政府投入使用。系统针对虚拟网络边界模糊、多租户以及资源管理困难等问题,采取划分安全域的手段,以域策略来对虚拟网络进行隔离,从而保护用户数据的安全。经验证,系统运行稳定且具备高可用性,达到了预期目标。
[Abstract]:In recent years, with the rapid development of the Internet industry, cloud computing technology emerges as the times require, and is widely used and popularized in the world. Cloud computing, as a substitute for grid computing, realizes the centralized storage, management and sharing of data. Provide fast and convenient services, efficient and accurate operation, but also significantly reduce operating costs, to ensure business continuity. Cloud computing has its advantages and disadvantages. Although cloud computing is powerful, its technology is not yet mature. In the process of cloud computing application, the news of security accidents at home and abroad is heard, and the security risks of cloud computing gradually attract people's attention. From single user to multi-tenant, controllable physical boundary to virtual network boundary, cloud security threat is ubiquitous, the core technology of cloud computing is virtualization, the security of virtual network is directly related to cloud security. In order to realize the real data security, to make the user trust cloud computing completely, to make the cloud computing function more fully, and to realize the large-scale application and deployment, the security of the virtual network must be guaranteed. Thus, the demand for the system is very urgent. The main works of this paper are as follows: (1) the development of cloud computing at home and abroad is investigated, the current mainstream virtualization platform is compared, and the theory and technology of virtual network protection system are analyzed. Including virtualization technology Hypervisor, ESX/ESXi and Libvirt, access control technology IPTABLES, Web communication technology Django,Web.py and REST API; (2) the requirements of virtual network protection system are discussed from the aspects of function requirement and performance requirement, and the system is designed as a whole. In order to take into account the high availability, stability and expansibility of the system, B / S architecture is adopted as the basic framework. The system is divided into display layer, control layer, interface layer, functional module layer and data layer according to the logical structure. The user interface is designed, the basic functions of the system are defined, and all the functional modules are described in detail. (3) the frame of each website is analyzed, the main page development languages are compared, and the development framework of the system is determined. In order to realize the loose coupling, flexibility and scalability of the whole structure, the software architecture model based on MVC (Model-View-Control) is chosen. The design and implementation of display layer module, data acquisition module, strategy module and key database are described in detail. (4) the system test environment and deployment environment are described in detail. The usability of the system is verified by function test, performance test and security test. The virtual network protection system designed and implemented in this paper has been put into use in a city government. Aiming at the problems of fuzzy boundary of virtual network, multi-tenancy and difficulty of resource management, the system adopts the method of dividing the security domain and isolating the virtual network by domain strategy, so as to protect the security of user data. It is proved that the system runs stably and has high availability and achieves the expected goal.
【学位授予单位】:中国科学院大学(工程管理与信息技术学院)
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2364068
[Abstract]:In recent years, with the rapid development of the Internet industry, cloud computing technology emerges as the times require, and is widely used and popularized in the world. Cloud computing, as a substitute for grid computing, realizes the centralized storage, management and sharing of data. Provide fast and convenient services, efficient and accurate operation, but also significantly reduce operating costs, to ensure business continuity. Cloud computing has its advantages and disadvantages. Although cloud computing is powerful, its technology is not yet mature. In the process of cloud computing application, the news of security accidents at home and abroad is heard, and the security risks of cloud computing gradually attract people's attention. From single user to multi-tenant, controllable physical boundary to virtual network boundary, cloud security threat is ubiquitous, the core technology of cloud computing is virtualization, the security of virtual network is directly related to cloud security. In order to realize the real data security, to make the user trust cloud computing completely, to make the cloud computing function more fully, and to realize the large-scale application and deployment, the security of the virtual network must be guaranteed. Thus, the demand for the system is very urgent. The main works of this paper are as follows: (1) the development of cloud computing at home and abroad is investigated, the current mainstream virtualization platform is compared, and the theory and technology of virtual network protection system are analyzed. Including virtualization technology Hypervisor, ESX/ESXi and Libvirt, access control technology IPTABLES, Web communication technology Django,Web.py and REST API; (2) the requirements of virtual network protection system are discussed from the aspects of function requirement and performance requirement, and the system is designed as a whole. In order to take into account the high availability, stability and expansibility of the system, B / S architecture is adopted as the basic framework. The system is divided into display layer, control layer, interface layer, functional module layer and data layer according to the logical structure. The user interface is designed, the basic functions of the system are defined, and all the functional modules are described in detail. (3) the frame of each website is analyzed, the main page development languages are compared, and the development framework of the system is determined. In order to realize the loose coupling, flexibility and scalability of the whole structure, the software architecture model based on MVC (Model-View-Control) is chosen. The design and implementation of display layer module, data acquisition module, strategy module and key database are described in detail. (4) the system test environment and deployment environment are described in detail. The usability of the system is verified by function test, performance test and security test. The virtual network protection system designed and implemented in this paper has been put into use in a city government. Aiming at the problems of fuzzy boundary of virtual network, multi-tenancy and difficulty of resource management, the system adopts the method of dividing the security domain and isolating the virtual network by domain strategy, so as to protect the security of user data. It is proved that the system runs stably and has high availability and achieves the expected goal.
【学位授予单位】:中国科学院大学(工程管理与信息技术学院)
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前7条
1 张良银;;浅论C/S和B/S体系结构[J];工程地质计算机应用;2006年04期
2 Eric Schmidt;网络就是计算机[J];今日电子;1995年01期
3 DarleneYaplee;“网络就是计算机”[J];电子产品世界;1995年01期
4 陈乐;杨小虎;;MVC模式在分布式环境下的应用研究[J];计算机工程;2006年19期
5 任中方,张华,闫明松,陈世福;MVC模式研究的综述[J];计算机应用研究;2004年10期
6 古俐明;;集群服务器负载均衡技术研究[J];微计算机信息;2007年12期
7 潘冰;;面向资源的RESTful Web应用研究[J];微计算机应用;2010年07期
,本文编号:2364068
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2364068.html
