A proxy deployment system and method based on openstack

Abstract

An openstack-based agent deployment system and method, related to the field of cloud computing, including a server, a first management access switch, a second management access switch, a management core switch and at least one computing node, the server through the second The management access switch is connected to the management core switch, and the management core switch is connected to the first management access switch. It is characterized in that: each computing node includes a proxy virtual machine and a management virtual switch, and the proxy management network card of the proxy virtual machine is bound to the management A virtual switch: each computing node corresponds to a computing node management network card, the computing node management network card is connected to the port of the first management access switch, and the management virtual switch is bound to the computing node management network card. The invention meets the requirements of the third-level security guarantee, reduces the forwarding path, improves the network forwarding performance, and reduces the workload of operation and maintenance personnel in the later stage.

Description

technical field [0001] The invention relates to the field of cloud computing, in particular to an openstack-based agent deployment system and method. Background technique [0002] When building a cloud computing IAAS (Infrastructure as a Service) based on openstack, some agents, such as monitoring agents, antivirus agents, and database auditing, need to be deployed if the Class III security requirements are met. In general, when deploying a cloud computing IaaS platform that meets the Class III security requirements, the network must be divided into three networks: management network, business network, and storage network, and the three networks must be isolated from each other. [0003] Such as figure 1 As shown, in a cloud data center that meets the third-level security guarantee, the operation and maintenance monitoring management system, database audit system, and cloud anti-virus system must be deployed in the operation and maintenance management area, and these system...

AI Technical Summary

Problems solved by technology

[0004] (1) if figure 1 As shown, due to the design of the openstack architecture, the virtual machine can only communicate with the outside world through the business network, but the business network and the management network cannot communicate with each other, so the agent cannot communicate with the server, because the server is deployed in the operation and maintenance management area

If the system is to work normally, it is necessary to connect the management plane and the business plane, such as figure 2 As shown in the figure, a network cable is connected between the management firewall and the service firewall; however, this will leave potential safety hazards and does not meet the requirements of the third-level security protection

[0005] (2) if figure 2 As shown, in the case of forcibly connecting the management network and the business network, the proxy communicates with the server, and the data flow path becomes: proxy → business virtual switch → business access switch → business core switch → business firewall → management firewall → management Core switch → management access switch → server; the forwarding path is very long, which reduces the proxy efficiency and affects the network forwarding performance of the proxy virtual machine

[0006] (3) In the case of forcibly opening up the management network and the business network, it is necessary to set up corresponding firewall security policies to isolate the corresponding network segments, which increases additional configuration work. As the number of tenants increases, the policies also increase; Greatly increase the workload of operation and maintenance personnel in the later stage

Images