虛擬網(wǎng)絡(luò)防護(hù)系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)
發(fā)布時(shí)間:2018-11-28 19:40
【摘要】:近年來,隨著互聯(lián)網(wǎng)行業(yè)的快速發(fā)展,云計(jì)算技術(shù)應(yīng)運(yùn)而生,并且在全世界范圍內(nèi)得到廣泛應(yīng)用和推廣,云計(jì)算作為網(wǎng)格計(jì)算的替代品,實(shí)現(xiàn)了數(shù)據(jù)的集中存儲(chǔ)、管理和共享,提供快捷方便的服務(wù)、高效精確的運(yùn)算,還能大幅降低運(yùn)營(yíng)成本,保證業(yè)務(wù)連續(xù)性。凡事皆有利有弊,云計(jì)算雖說功能強(qiáng)大,但技術(shù)尚未成熟,在云計(jì)算的應(yīng)用過程中,國(guó)內(nèi)外出現(xiàn)安全事故的消息也不絕于耳,云計(jì)算的安全風(fēng)險(xiǎn)逐漸引起人們的重視,從單一用戶到多租戶、可控的物理邊界到虛擬的網(wǎng)絡(luò)邊界,云安全的威脅無處不在,云計(jì)算的核心技術(shù)為虛擬化,虛擬網(wǎng)絡(luò)的安全直接關(guān)系到云的安全,為了實(shí)現(xiàn)真正意義上的數(shù)據(jù)安全,為了使用戶完全信賴云計(jì)算,讓云計(jì)算的作用得到更大限度的發(fā)揮,從而實(shí)現(xiàn)大規(guī)模的應(yīng)用和部署,必須保證虛擬網(wǎng)絡(luò)的安全。由此可見,對(duì)系統(tǒng)的需求十分迫切。 本文完成的主要工作包括: (1)調(diào)研了國(guó)內(nèi)外云計(jì)算的發(fā)展?fàn)顩r,對(duì)比了當(dāng)前主流的虛擬化平臺(tái),并分析了虛擬網(wǎng)絡(luò)防護(hù)系統(tǒng)所需要的理論和技術(shù),包括虛擬化技術(shù)Hypervisor、 ESX/ESXi和Libvirt,訪問控制技術(shù)IPTABLES, Web通信技術(shù)Django、Web.py和REST API; (2)從功能需求和性能需求等方面論述了虛擬網(wǎng)絡(luò)防護(hù)系統(tǒng)的需求,在此基礎(chǔ)上對(duì)系統(tǒng)進(jìn)行了整體設(shè)計(jì)。為了兼顧系統(tǒng)的高可用性、穩(wěn)定性和可護(hù)展性,采用了B/S架構(gòu)為基本框架,系統(tǒng)按邏輯結(jié)構(gòu)劃分為展示層、控制層、接口層、功能模塊層和數(shù)據(jù)層;設(shè)計(jì)了用戶界面,定義了系統(tǒng)的基本功能,并對(duì)所有的功能模塊進(jìn)行詳細(xì)的闡述; (3)研究分析了各大網(wǎng)站使用的框架,對(duì)比了主要的頁面開發(fā)語言,并由此確定了系統(tǒng)的開發(fā)框架。為了實(shí)現(xiàn)整體結(jié)構(gòu)的松耦合、靈活性和可伸縮性,選擇基于MVC(模型-視圖-控制)的軟件架構(gòu)模式;詳細(xì)闡述了展示層模塊、數(shù)據(jù)采集模塊、策略模塊以及關(guān)鍵數(shù)據(jù)庫(kù)的設(shè)計(jì)與實(shí)現(xiàn)過程; (4)對(duì)系統(tǒng)測(cè)試環(huán)境及部署環(huán)境進(jìn)行了詳細(xì)闡述,通過功能測(cè)試、性能測(cè)試和安全測(cè)試驗(yàn)證了系統(tǒng)的可用性。 本文設(shè)計(jì)和實(shí)現(xiàn)的虛擬網(wǎng)絡(luò)防護(hù)系統(tǒng)已經(jīng)在國(guó)家某市政府投入使用。系統(tǒng)針對(duì)虛擬網(wǎng)絡(luò)邊界模糊、多租戶以及資源管理困難等問題,采取劃分安全域的手段,以域策略來對(duì)虛擬網(wǎng)絡(luò)進(jìn)行隔離,從而保護(hù)用戶數(shù)據(jù)的安全。經(jīng)驗(yàn)證,系統(tǒng)運(yùn)行穩(wěn)定且具備高可用性,達(dá)到了預(yù)期目標(biāo)。
[Abstract]:In recent years, with the rapid development of the Internet industry, cloud computing technology emerges as the times require, and is widely used and popularized in the world. Cloud computing, as a substitute for grid computing, realizes the centralized storage, management and sharing of data. Provide fast and convenient services, efficient and accurate operation, but also significantly reduce operating costs, to ensure business continuity. Cloud computing has its advantages and disadvantages. Although cloud computing is powerful, its technology is not yet mature. In the process of cloud computing application, the news of security accidents at home and abroad is heard, and the security risks of cloud computing gradually attract people's attention. From single user to multi-tenant, controllable physical boundary to virtual network boundary, cloud security threat is ubiquitous, the core technology of cloud computing is virtualization, the security of virtual network is directly related to cloud security. In order to realize the real data security, to make the user trust cloud computing completely, to make the cloud computing function more fully, and to realize the large-scale application and deployment, the security of the virtual network must be guaranteed. Thus, the demand for the system is very urgent. The main works of this paper are as follows: (1) the development of cloud computing at home and abroad is investigated, the current mainstream virtualization platform is compared, and the theory and technology of virtual network protection system are analyzed. Including virtualization technology Hypervisor, ESX/ESXi and Libvirt, access control technology IPTABLES, Web communication technology Django,Web.py and REST API; (2) the requirements of virtual network protection system are discussed from the aspects of function requirement and performance requirement, and the system is designed as a whole. In order to take into account the high availability, stability and expansibility of the system, B / S architecture is adopted as the basic framework. The system is divided into display layer, control layer, interface layer, functional module layer and data layer according to the logical structure. The user interface is designed, the basic functions of the system are defined, and all the functional modules are described in detail. (3) the frame of each website is analyzed, the main page development languages are compared, and the development framework of the system is determined. In order to realize the loose coupling, flexibility and scalability of the whole structure, the software architecture model based on MVC (Model-View-Control) is chosen. The design and implementation of display layer module, data acquisition module, strategy module and key database are described in detail. (4) the system test environment and deployment environment are described in detail. The usability of the system is verified by function test, performance test and security test. The virtual network protection system designed and implemented in this paper has been put into use in a city government. Aiming at the problems of fuzzy boundary of virtual network, multi-tenancy and difficulty of resource management, the system adopts the method of dividing the security domain and isolating the virtual network by domain strategy, so as to protect the security of user data. It is proved that the system runs stably and has high availability and achieves the expected goal.
【學(xué)位授予單位】:中國(guó)科學(xué)院大學(xué)(工程管理與信息技術(shù)學(xué)院)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
本文編號(hào):2364068
[Abstract]:In recent years, with the rapid development of the Internet industry, cloud computing technology emerges as the times require, and is widely used and popularized in the world. Cloud computing, as a substitute for grid computing, realizes the centralized storage, management and sharing of data. Provide fast and convenient services, efficient and accurate operation, but also significantly reduce operating costs, to ensure business continuity. Cloud computing has its advantages and disadvantages. Although cloud computing is powerful, its technology is not yet mature. In the process of cloud computing application, the news of security accidents at home and abroad is heard, and the security risks of cloud computing gradually attract people's attention. From single user to multi-tenant, controllable physical boundary to virtual network boundary, cloud security threat is ubiquitous, the core technology of cloud computing is virtualization, the security of virtual network is directly related to cloud security. In order to realize the real data security, to make the user trust cloud computing completely, to make the cloud computing function more fully, and to realize the large-scale application and deployment, the security of the virtual network must be guaranteed. Thus, the demand for the system is very urgent. The main works of this paper are as follows: (1) the development of cloud computing at home and abroad is investigated, the current mainstream virtualization platform is compared, and the theory and technology of virtual network protection system are analyzed. Including virtualization technology Hypervisor, ESX/ESXi and Libvirt, access control technology IPTABLES, Web communication technology Django,Web.py and REST API; (2) the requirements of virtual network protection system are discussed from the aspects of function requirement and performance requirement, and the system is designed as a whole. In order to take into account the high availability, stability and expansibility of the system, B / S architecture is adopted as the basic framework. The system is divided into display layer, control layer, interface layer, functional module layer and data layer according to the logical structure. The user interface is designed, the basic functions of the system are defined, and all the functional modules are described in detail. (3) the frame of each website is analyzed, the main page development languages are compared, and the development framework of the system is determined. In order to realize the loose coupling, flexibility and scalability of the whole structure, the software architecture model based on MVC (Model-View-Control) is chosen. The design and implementation of display layer module, data acquisition module, strategy module and key database are described in detail. (4) the system test environment and deployment environment are described in detail. The usability of the system is verified by function test, performance test and security test. The virtual network protection system designed and implemented in this paper has been put into use in a city government. Aiming at the problems of fuzzy boundary of virtual network, multi-tenancy and difficulty of resource management, the system adopts the method of dividing the security domain and isolating the virtual network by domain strategy, so as to protect the security of user data. It is proved that the system runs stably and has high availability and achieves the expected goal.
【學(xué)位授予單位】:中國(guó)科學(xué)院大學(xué)(工程管理與信息技術(shù)學(xué)院)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前7條
1 張良銀;;淺論C/S和B/S體系結(jié)構(gòu)[J];工程地質(zhì)計(jì)算機(jī)應(yīng)用;2006年04期
2 Eric Schmidt;網(wǎng)絡(luò)就是計(jì)算機(jī)[J];今日電子;1995年01期
3 DarleneYaplee;“網(wǎng)絡(luò)就是計(jì)算機(jī)”[J];電子產(chǎn)品世界;1995年01期
4 陳樂;楊小虎;;MVC模式在分布式環(huán)境下的應(yīng)用研究[J];計(jì)算機(jī)工程;2006年19期
5 任中方,張華,閆明松,陳世福;MVC模式研究的綜述[J];計(jì)算機(jī)應(yīng)用研究;2004年10期
6 古俐明;;集群服務(wù)器負(fù)載均衡技術(shù)研究[J];微計(jì)算機(jī)信息;2007年12期
7 潘冰;;面向資源的RESTful Web應(yīng)用研究[J];微計(jì)算機(jī)應(yīng)用;2010年07期
,本文編號(hào):2364068
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2364068.html
最近更新
教材專著
