CN116545784B - Data center operation control method and system for multi-user scene - Google Patents
Data center operation control method and system for multi-user scene Download PDFInfo
- Publication number
- CN116545784B CN116545784B CN202310828315.4A CN202310828315A CN116545784B CN 116545784 B CN116545784 B CN 116545784B CN 202310828315 A CN202310828315 A CN 202310828315A CN 116545784 B CN116545784 B CN 116545784B
- Authority
- CN
- China
- Prior art keywords
- data
- data transmission
- transmission channel
- data center
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/101—Server selection for load balancing based on network conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/143—Termination or inactivation of sessions, e.g. event-controlled end of session
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明涉及数据管理技术领域,提供了多用户场景的数据中心运行控制方法和系统,其对用户终端进行认证,向认证成功的用户终端指定数据传输通道,并调整用户终端对数据传输通道的使用权限,实现不同用户终端同时独立访问数据中心;调用数据缓存空间作为数据访问的中转站,用于完整存储用户终端所需数据,提高向用户终端返回数据的效率,有效缩短用户终端对数据中心的访问占用时间;还在数据中心处于超负荷连接状态时,二次认证用户终端和变更与用户终端的连接模式,有效释放数据中心的连接带宽资源,加快与用户终端的数据交互效率;以及发生数据传输安全事件时,对数据传输通道进行数据检查和确定是否关闭数据传输通道,保证数据中心的数据安全。
The present invention relates to the field of data management technology and provides a data center operation control method and system in a multi-user scenario, which authenticates user terminals, designates data transmission channels to successfully authenticated user terminals, and adjusts the use of data transmission channels by user terminals. permissions to enable different user terminals to access the data center independently at the same time; the data cache space is called as a transfer station for data access to completely store the data required by the user terminal, improve the efficiency of returning data to the user terminal, and effectively shorten the user terminal's access to the data center. The time occupied by access; when the data center is in an overloaded connection state, secondary authentication of the user terminal and changing the connection mode with the user terminal effectively releases the connection bandwidth resources of the data center and speeds up the efficiency of data interaction with the user terminal; and the occurrence of data When transmitting security events, perform data inspection on the data transmission channel and determine whether to close the data transmission channel to ensure data security in the data center.
Description
技术领域Technical field
本发明涉及数据管理的技术领域,尤其涉及多用户场景的数据中心运行控制方法和系统。The present invention relates to the technical field of data management, and in particular to a data center operation control method and system in a multi-user scenario.
背景技术Background technique
数据中心作为数据存储集成平台,其用于存储不同类型数据。数据中心是面向多用户提供数据存储与读取服务的,现有的数据中心通常采用时分方式来安排不同用户与数据中心的连接,即在同一时间只允许一个用户与数据中心进行数据存储与读取,当用户完成与数据中心的互动后才允许另一个用户与数据中心交互,上述方式能够避免不同用户同时访问数据中心而产生串扰的情况,但是同一时间只允许一个用户访问数据中心会降低用户的访问效率,特别是当请求访问的用户数量较多或者用户访问数据中心的耗时较长时,容易导致数据中心访问堵塞的问题,同时也未能充分利用数据中心的访问带宽,无法在多用户场景下实现数据中心的高效快速访问和不同用户的访问独立性。As a data storage integration platform, the data center is used to store different types of data. Data centers provide data storage and reading services for multiple users. Existing data centers usually use time division to arrange the connections between different users and the data center, that is, only one user is allowed to store and read data with the data center at the same time. After the user completes the interaction with the data center, another user is allowed to interact with the data center. The above method can avoid crosstalk caused by different users accessing the data center at the same time. However, allowing only one user to access the data center at the same time will reduce the user's Access efficiency, especially when the number of users requesting access is large or users take a long time to access the data center, can easily lead to the problem of data center access congestion. At the same time, the access bandwidth of the data center cannot be fully utilized and cannot be used in multiple locations. Achieve efficient and fast access to the data center and access independence for different users in user scenarios.
发明内容Contents of the invention
针对上述现有技术存在的缺陷,本发明提供了一种多用户场景的数据中心运行控制方法和系统,其对用户终端进行认证,并向认证成功的用户终端指定与数据中心的数据传输通道,并调整用户终端对数据传输通道的使用权限,实现不同用户终端同时独立访问数据中心;还调用数据缓存空间作为数据访问的中转站,用于完整存储用户终端所需数据,提高向用户终端返回数据的效率,有效缩短用户终端对数据中心的访问占用时间;还在数据中心处于超负荷连接状态时,二次认证用户终端和变更与用户终端的连接模式,有效释放数据中心的连接带宽资源,加快与用户终端的数据交互效率;以及发生数据传输安全事件时,对数据传输通道进行数据检查和确定是否关闭数据传输通道,避免用户终端窃取篡改数据,保证数据中心的数据安全。In view of the shortcomings of the above-mentioned existing technologies, the present invention provides a data center operation control method and system in a multi-user scenario, which authenticates user terminals and designates a data transmission channel with the data center to the successfully authenticated user terminal. It also adjusts the usage rights of user terminals on data transmission channels to enable different user terminals to access the data center independently at the same time; it also calls the data cache space as a transfer station for data access to completely store the data required by user terminals and improve the return of data to user terminals. efficiency, effectively shortening the time occupied by user terminals accessing the data center; when the data center is in an overloaded connection state, secondary authentication of user terminals and changing the connection mode with the user terminal effectively releases the connection bandwidth resources of the data center, speeding up Data interaction efficiency with user terminals; and when a data transmission security incident occurs, the data transmission channel is inspected and determined whether to close the data transmission channel to prevent user terminals from stealing and tampering with data and ensure data security in the data center.
本发明提供的多用户场景的数据中心运行控制方法,包括如下步骤:The data center operation control method in a multi-user scenario provided by the present invention includes the following steps:
步骤S1,对请求连接的若干用户终端进行认证后,基于数据中心的网络连接状态,向认证成功的所有用户终端指定相应数据传输通道;基于所述数据传输通道的实时数据状态,调整用户终端对相应数据传输通道的使用权限;Step S1: After authenticating several user terminals requesting connection, based on the network connection status of the data center, assign corresponding data transmission channels to all user terminals that have successfully authenticated; based on the real-time data status of the data transmission channel, adjust the user terminals to Permission to use the corresponding data transmission channel;
步骤S2,基于所述用户终端的数据获取请求,在所述数据中心调用数据缓存空间,并将从所述数据中心查找得到的数据存储至所述数据缓存空间;基于所述用户终端对数据传输通道的使用权限,将所述数据从所述数据缓存空间转移至所述数据传输通道;Step S2: Based on the data acquisition request of the user terminal, call the data cache space in the data center, and store the data found from the data center in the data cache space; transmit the data based on the user terminal The usage rights of the channel are used to transfer the data from the data cache space to the data transmission channel;
步骤S3,基于所述数据中心当前的用户终端连接状态,判断所述数据中心是否处于超负荷连接状态;并当处于超负荷连接状态时,对所有用户终端进行二次认证后,变更所述数据中心与用户终端的连接模式;Step S3: Based on the current user terminal connection status of the data center, determine whether the data center is in an overloaded connection state; and when it is in an overloaded connection state, perform secondary authentication on all user terminals, and then change the data The connection mode between the center and user terminals;
步骤S4,基于所述数据中心的数据传输日志,判断是否发生数据传输安全事件,并对数据传输通道进行数据检查,以此确定是否关闭数据传输通道。Step S4: Based on the data transmission log of the data center, determine whether a data transmission security event occurs, and perform data inspection on the data transmission channel to determine whether to close the data transmission channel.
进一步,在所述步骤S1中,对请求连接的若干用户终端进行认证后,基于数据中心的网络连接状态,向认证成功的所有用户终端指定相应数据传输通道;基于所述数据传输通道的实时数据状态,调整用户终端对相应数据传输通道的使用权限,包括:Further, in step S1, after authenticating several user terminals requesting connection, based on the network connection status of the data center, corresponding data transmission channels are assigned to all user terminals that have been successfully authenticated; real-time data based on the data transmission channel Status, adjust the user terminal’s usage rights for the corresponding data transmission channel, including:
分别从来自若干用户终端的连接请求中提取终端身份信息,将所述终端身份信息与预设终端名单进行对比,若所述终端身份信息存在于预设终端名单,则对用户终端认证成功;否则,对用户终端认证失败;Terminal identity information is extracted from connection requests from several user terminals respectively, and the terminal identity information is compared with the preset terminal list. If the terminal identity information exists in the preset terminal list, the user terminal is authenticated successfully; otherwise , failed to authenticate the user terminal;
基于数据中心下属的可用网关,向认证成功的所有用户终端指定相应数据传输通道;Based on the available gateways under the data center, the corresponding data transmission channels are assigned to all user terminals that have been successfully authenticated;
获取每个数据传输通道在预定时间长度范围内的数据传输速率,若所述数据传输速率大于或等于预设速率阈值,则保持用户终端对相应数据传输通道的使用权限不变;若所述数据传输速率小于预设速率阈值,则暂停用户终端对相应数据传输通道的使用权限。Obtain the data transmission rate of each data transmission channel within a predetermined time length range. If the data transmission rate is greater than or equal to the preset rate threshold, the user terminal's permission to use the corresponding data transmission channel remains unchanged; if the data transmission rate If the transmission rate is less than the preset rate threshold, the user terminal's permission to use the corresponding data transmission channel is suspended.
进一步,在所述步骤S2中,基于所述用户终端的数据获取请求,在所述数据中心调用数据缓存空间,并将从所述数据中心查找得到的数据存储至所述数据缓存空间;基于所述用户终端对数据传输通道的使用权限,将所述数据从所述数据缓存空间转移至所述数据传输通道,包括:Further, in step S2, based on the data acquisition request of the user terminal, the data cache space is called in the data center, and the data retrieved from the data center is stored in the data cache space; based on the The user terminal has the right to use the data transmission channel to transfer the data from the data cache space to the data transmission channel, including:
从所述用户终端的数据获取请求中提取期望获取的数据关键词,基于所述数据关键词,在所述数据中心进行数据查找,以此确定所述用户终端期望获取数据的数据量;Extract the data keywords expected to be acquired from the data acquisition request of the user terminal, and perform a data search in the data center based on the data keywords to determine the amount of data the user terminal expects to acquire;
基于所述数据量,在所述数据中心调用至少一个处于空闲状态的数据缓存空间;其中,调用的所有数据缓存空间的总空间量不小于所述数据量;Based on the data amount, call at least one idle data cache space in the data center; wherein the total space amount of all the data cache spaces called is not less than the data amount;
将从所述数据中心查找得到的数据进行拆分后,分别存储至调用的数据缓存空间;After splitting the data retrieved from the data center, they are stored in the called data cache space respectively;
当所述用户终端具有对相应数据传输通道的使用权限时,将所述数据从所述数据缓存空间转移至所述数据传输通道,以此将所述数据发送至所述用户终端。When the user terminal has the right to use the corresponding data transmission channel, the data is transferred from the data cache space to the data transmission channel, thereby sending the data to the user terminal.
进一步,在所述步骤S3中,基于所述数据中心当前的用户终端连接状态,判断所述数据中心是否处于超负荷连接状态;并当处于超负荷连接状态时,对所有用户终端进行二次认证后,变更所述数据中心与用户终端的连接模式,包括:Further, in step S3, based on the current user terminal connection status of the data center, it is determined whether the data center is in an overloaded connection state; and when it is in an overloaded connection state, secondary authentication is performed on all user terminals. Then, change the connection mode between the data center and the user terminal, including:
获取所述数据中心当前连接的用户终端数量,若所述用户终端数量大于或等于预设数量阈值,则判断所述数据中心处于超负荷连接状态;Obtain the number of user terminals currently connected to the data center. If the number of user terminals is greater than or equal to the preset number threshold, it is determined that the data center is in an overloaded connection state;
当处于超负荷连接状态时,对所有用户终端进行二次认证,识别其中存在的活跃用户终端;其中所述活跃用户终端是指与所述数据中心实时进行数据交互的用户终端;再断开所述数据中心与非活跃用户终端的连接关系。When in an overloaded connection state, secondary authentication is performed on all user terminals to identify active user terminals that exist among them; where the active user terminals refer to user terminals that interact with the data center in real time; and then disconnect all user terminals. Describe the connection relationship between the data center and inactive user terminals.
进一步,在所述步骤S4中,基于所述数据中心的数据传输日志,判断是否发生数据传输安全事件,并对数据传输通道进行数据检查,以此确定是否关闭数据传输通道,包括:Further, in step S4, based on the data transmission log of the data center, determine whether a data transmission security event occurs, and perform data inspection on the data transmission channel to determine whether to close the data transmission channel, including:
从所述数据中心的数据传输日志中提取对用户终端发送数据的进程记录,对所述进程记录进行分析,判断是否发生数据传输流量异常的安全事件;若存在,则对相应数据传输通道进行数据抽样检查,判断数据传输通道是否被非法劫持;若被非法劫持,则关闭相应数据传输通道。Extract the process record of sending data to the user terminal from the data transmission log of the data center, analyze the process record, and determine whether a security event with abnormal data transmission traffic occurs; if so, perform data processing on the corresponding data transmission channel. Conduct random inspections to determine whether the data transmission channel has been illegally hijacked; if so, close the corresponding data transmission channel.
本发明还提供多用户场景的数据中心运行控制系统,包括:The present invention also provides a data center operation control system for multi-user scenarios, including:
数据传输通道分配模块,用于对请求连接的若干用户终端进行认证后,基于数据中心的网络连接状态,向认证成功的所有用户终端指定相应数据传输通道;The data transmission channel allocation module is used to authenticate several user terminals requesting connection, and designate corresponding data transmission channels to all user terminals that have successfully authenticated based on the network connection status of the data center;
数据传输通道使用调整模块,用于基于所述数据传输通道的实时数据状态,调整用户终端对相应数据传输通道的使用权限;The data transmission channel usage adjustment module is used to adjust the user terminal's usage rights for the corresponding data transmission channel based on the real-time data status of the data transmission channel;
数据查找与存储模块,用于基于所述用户终端的数据获取请求,在所述数据中心调用数据缓存空间,并将从所述数据中心查找得到的数据存储至所述数据缓存空间;A data search and storage module, configured to call the data cache space in the data center based on the data acquisition request of the user terminal, and store the data searched from the data center into the data cache space;
数据转移模块,用于基于所述用户终端对数据传输通道的使用权限,将所述数据从所述数据缓存空间转移至所述数据传输通道;A data transfer module, configured to transfer the data from the data cache space to the data transmission channel based on the user terminal's permission to use the data transmission channel;
连接模式变更模块,用于基于所述数据中心当前的用户终端连接状态,判断所述数据中心是否处于超负荷连接状态;并当处于超负荷连接状态时,对所有用户终端进行二次认证后,变更所述数据中心与用户终端的连接模式;The connection mode changing module is used to determine whether the data center is in an overloaded connection state based on the current user terminal connection status of the data center; and when it is in an overloaded connection state, perform secondary authentication on all user terminals, Change the connection mode between the data center and the user terminal;
数据传输通道检查模块,用于基于所述数据中心的数据传输日志,判断是否发生数据传输安全事件,并对数据传输通道进行数据检查,以此确定是否关闭数据传输通道。The data transmission channel inspection module is used to determine whether a data transmission security event occurs based on the data transmission log of the data center, and performs data inspection on the data transmission channel to determine whether to close the data transmission channel.
进一步,所述数据传输通道分配模块用于对请求连接的若干用户终端进行认证后,基于数据中心的网络连接状态,向认证成功的所有用户终端指定相应数据传输通道,包括:Further, the data transmission channel allocation module is used to authenticate several user terminals requesting connection, and designate corresponding data transmission channels to all user terminals that have been successfully authenticated based on the network connection status of the data center, including:
分别从来自若干用户终端的连接请求中提取终端身份信息,将所述终端身份信息与预设终端名单进行对比,若所述终端身份信息存在于预设终端名单,则对用户终端认证成功;否则,对用户终端认证失败;Terminal identity information is extracted from connection requests from several user terminals respectively, and the terminal identity information is compared with the preset terminal list. If the terminal identity information exists in the preset terminal list, the user terminal is authenticated successfully; otherwise , failed to authenticate the user terminal;
基于数据中心下属的可用网关,向认证成功的所有用户终端指定相应数据传输通道;Based on the available gateways under the data center, the corresponding data transmission channels are assigned to all user terminals that have been successfully authenticated;
所述数据传输通道使用调整模块用于基于所述数据传输通道的实时数据状态,调整用户终端对相应数据传输通道的使用权限,包括:The data transmission channel usage adjustment module is used to adjust the user terminal's usage rights for the corresponding data transmission channel based on the real-time data status of the data transmission channel, including:
获取每个数据传输通道在预定时间长度范围内的数据传输速率,若所述数据传输速率大于或等于预设速率阈值,则保持用户终端对相应数据传输通道的使用权限不变;若所述数据传输速率小于预设速率阈值,则暂停用户终端对相应数据传输通道的使用权限。Obtain the data transmission rate of each data transmission channel within a predetermined time length range. If the data transmission rate is greater than or equal to the preset rate threshold, the user terminal's permission to use the corresponding data transmission channel remains unchanged; if the data transmission rate If the transmission rate is less than the preset rate threshold, the user terminal's permission to use the corresponding data transmission channel is suspended.
进一步,所述数据查找与存储模块用于基于所述用户终端的数据获取请求,在所述数据中心调用数据缓存空间,并将从所述数据中心查找得到的数据存储至所述数据缓存空间,包括:Further, the data search and storage module is used to call the data cache space in the data center based on the data acquisition request of the user terminal, and store the data searched from the data center into the data cache space, include:
从所述用户终端的数据获取请求中提取期望获取的数据关键词,基于所述数据关键词,在所述数据中心进行数据查找,以此确定所述用户终端期望获取数据的数据量;Extract the data keywords expected to be acquired from the data acquisition request of the user terminal, and perform a data search in the data center based on the data keywords to determine the amount of data the user terminal expects to acquire;
基于所述数据量,在所述数据中心调用至少一个处于空闲状态的数据缓存空间;其中,调用的所有数据缓存空间的总空间量不小于所述数据量;Based on the data amount, call at least one idle data cache space in the data center; wherein the total space amount of all the data cache spaces called is not less than the data amount;
将从所述数据中心查找得到的数据进行拆分后,分别存储至调用的数据缓存空间;After splitting the data retrieved from the data center, they are stored in the called data cache space respectively;
所述数据转移模块用于基于所述用户终端对数据传输通道的使用权限,将所述数据从所述数据缓存空间转移至所述数据传输通道,包括:The data transfer module is used to transfer the data from the data cache space to the data transmission channel based on the user terminal's permission to use the data transmission channel, including:
当所述用户终端具有对相应数据传输通道的使用权限时,将所述数据从所述数据缓存空间转移至所述数据传输通道,以此将所述数据发送至所述用户终端。When the user terminal has the right to use the corresponding data transmission channel, the data is transferred from the data cache space to the data transmission channel, thereby sending the data to the user terminal.
进一步,所述连接模式变更模块用于基于所述数据中心当前的用户终端连接状态,判断所述数据中心是否处于超负荷连接状态;并当处于超负荷连接状态时,对所有用户终端进行二次认证后,变更所述数据中心与用户终端的连接模式,包括:Further, the connection mode changing module is configured to determine whether the data center is in an overloaded connection state based on the current user terminal connection status of the data center; and when it is in an overloaded connection state, perform a secondary check on all user terminals. After authentication, change the connection mode between the data center and the user terminal, including:
获取所述数据中心当前连接的用户终端数量,若所述用户终端数量大于或等于预设数量阈值,则判断所述数据中心处于超负荷连接状态;Obtain the number of user terminals currently connected to the data center. If the number of user terminals is greater than or equal to the preset number threshold, it is determined that the data center is in an overloaded connection state;
当处于超负荷连接状态时,对所有用户终端进行二次认证,识别其中存在的活跃用户终端;其中所述活跃用户终端是指与所述数据中心实时进行数据交互的用户终端;再断开所述数据中心与非活跃用户终端的连接关系。When in an overloaded connection state, secondary authentication is performed on all user terminals to identify active user terminals that exist among them; where the active user terminals refer to user terminals that interact with the data center in real time; and then disconnect all user terminals. Describe the connection relationship between the data center and inactive user terminals.
进一步,所述数据传输通道检查模块用于基于所述数据中心的数据传输日志,判断是否发生数据传输安全事件,并对数据传输通道进行数据检查,以此确定是否关闭数据传输通道,包括:Further, the data transmission channel inspection module is used to determine whether a data transmission security event occurs based on the data transmission log of the data center, and perform data inspection on the data transmission channel to determine whether to close the data transmission channel, including:
从所述数据中心的数据传输日志中提取对用户终端发送数据的进程记录,对所述进程记录进行分析,判断是否发生数据传输流量异常的安全事件;若存在,则对相应数据传输通道进行数据抽样检查,判断数据传输通道是否被非法劫持;若被非法劫持,则关闭相应数据传输通道。Extract the process record of sending data to the user terminal from the data transmission log of the data center, analyze the process record, and determine whether a security event with abnormal data transmission traffic occurs; if so, perform data processing on the corresponding data transmission channel. Conduct random inspections to determine whether the data transmission channel has been illegally hijacked; if so, close the corresponding data transmission channel.
相比于现有技术,本发明的多用户场景的数据中心运行控制方法和系统对用户终端进行认证,并向认证成功的用户终端指定与数据中心的数据传输通道,并调整用户终端对数据传输通道的使用权限,实现不同用户终端同时独立访问数据中心;还调用数据缓存空间作为数据访问的中转站,用于完整存储用户终端所需数据,提高向用户终端返回数据的效率,有效缩短用户终端对数据中心的访问占用时间;还在数据中心处于超负荷连接状态时,二次认证用户终端和变更与用户终端的连接模式,有效释放数据中心的连接带宽资源,加快与用户终端的数据交互效率;以及发生数据传输安全事件时,对数据传输通道进行数据检查和确定是否关闭数据传输通道,避免用户终端窃取篡改数据,保证数据中心的数据安全。Compared with the existing technology, the data center operation control method and system in the multi-user scenario of the present invention authenticates user terminals, designates data transmission channels with the data center to successfully authenticated user terminals, and adjusts the data transmission of user terminals. The usage rights of the channel enable different user terminals to access the data center independently at the same time; the data cache space is also called as a transfer station for data access to completely store the data required by the user terminal, improve the efficiency of returning data to the user terminal, and effectively shorten the user terminal time. Access to the data center takes time; when the data center is in an overloaded connection state, secondary authentication of the user terminal and changing the connection mode with the user terminal effectively releases the connection bandwidth resources of the data center and speeds up the efficiency of data interaction with the user terminal. ; And when a data transmission security incident occurs, perform data inspection on the data transmission channel and determine whether to close the data transmission channel to prevent user terminals from stealing and tampering with data and ensure data security in the data center.
附图说明Description of the drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are only For some embodiments of the present application, those of ordinary skill in the art can also obtain other drawings based on these drawings without exerting creative efforts.
图1为本发明提供的多用户场景的数据中心运行控制方法的流程示意图。Figure 1 is a schematic flowchart of a data center operation control method in a multi-user scenario provided by the present invention.
图2为本发明提供的多用户场景的数据中心运行控制系统的结构示意图。Figure 2 is a schematic structural diagram of a data center operation control system in a multi-user scenario provided by the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without making creative efforts fall within the scope of protection of the present invention.
参阅图1,为本发明提供的多用户场景的数据中心运行控制方法的流程示意图。该多用户场景的数据中心运行控制方法包括如下步骤:Refer to Figure 1, which is a schematic flow chart of a data center operation control method in a multi-user scenario provided by the present invention. The data center operation control method in the multi-user scenario includes the following steps:
步骤S1,对请求连接的若干用户终端进行认证后,基于数据中心的网络连接状态,向认证成功的所有用户终端指定相应数据传输通道;基于数据传输通道的实时数据状态,调整用户终端对相应数据传输通道的使用权限;Step S1: After authenticating several user terminals requesting connection, based on the network connection status of the data center, assign corresponding data transmission channels to all user terminals that have successfully authenticated; based on the real-time data status of the data transmission channel, adjust the user terminals to the corresponding data Permission to use the transmission channel;
步骤S2,基于用户终端的数据获取请求,在数据中心调用数据缓存空间,并将从数据中心查找得到的数据存储至数据缓存空间;基于用户终端对数据传输通道的使用权限,将数据从数据缓存空间转移至数据传输通道;Step S2: Based on the user terminal's data acquisition request, the data cache space is called in the data center and the data retrieved from the data center is stored in the data cache space; based on the user terminal's permission to use the data transmission channel, the data is retrieved from the data cache The space is transferred to the data transmission channel;
步骤S3,基于数据中心当前的用户终端连接状态,判断数据中心是否处于超负荷连接状态;并当处于超负荷连接状态时,对所有用户终端进行二次认证后,变更数据中心与用户终端的连接模式;Step S3: Based on the current user terminal connection status of the data center, determine whether the data center is in an overloaded connection state; and when it is in an overloaded connection state, perform secondary authentication on all user terminals, and then change the connection between the data center and the user terminals. model;
步骤S4,基于数据中心的数据传输日志,判断是否发生数据传输安全事件,并对数据传输通道进行数据检查,以此确定是否关闭数据传输通道。Step S4: Based on the data transmission log of the data center, determine whether a data transmission security event occurs, and perform a data check on the data transmission channel to determine whether to close the data transmission channel.
上述技术方案的有益效果为:该多用户场景的数据中心运行控制方法对用户终端进行认证,并向认证成功的用户终端指定与数据中心的数据传输通道,并调整用户终端对数据传输通道的使用权限,实现不同用户终端同时独立访问数据中心;还调用数据缓存空间作为数据访问的中转站,用于完整存储用户终端所需数据,提高向用户终端返回数据的效率,有效缩短用户终端对数据中心的访问占用时间;还在数据中心处于超负荷连接状态时,二次认证用户终端和变更与用户终端的连接模式,有效释放数据中心的连接带宽资源,加快与用户终端的数据交互效率;以及发生数据传输安全事件时,对数据传输通道进行数据检查和确定是否关闭数据传输通道,避免用户终端窃取篡改数据,保证数据中心的数据安全。The beneficial effects of the above technical solution are: the data center operation control method in multi-user scenarios authenticates user terminals, designates data transmission channels with the data center to successfully authenticated user terminals, and adjusts the use of data transmission channels by user terminals permissions to enable different user terminals to access the data center independently at the same time; it also calls the data cache space as a transfer station for data access to completely store the data required by the user terminal, improve the efficiency of returning data to the user terminal, and effectively shorten the user terminal's access to the data center. The access time occupied; when the data center is in an overloaded connection state, secondary authentication of the user terminal and changing the connection mode with the user terminal effectively releases the connection bandwidth resources of the data center and speeds up the efficiency of data interaction with the user terminal; and occurrence In the event of a data transmission security incident, perform data inspection on the data transmission channel and determine whether to close the data transmission channel to prevent user terminals from stealing and tampering with data and ensure data security in the data center.
优选地,在步骤S1中,对请求连接的若干用户终端进行认证后,基于数据中心的网络连接状态,向认证成功的所有用户终端指定相应数据传输通道;基于数据传输通道的实时数据状态,调整用户终端对相应数据传输通道的使用权限,包括:Preferably, in step S1, after authenticating several user terminals requesting connection, based on the network connection status of the data center, corresponding data transmission channels are assigned to all user terminals that have been successfully authenticated; based on the real-time data status of the data transmission channel, adjust The user terminal’s permission to use the corresponding data transmission channel includes:
分别从来自若干用户终端的连接请求中提取终端身份信息,将终端身份信息与预设终端名单进行对比,若终端身份信息存在于预设终端名单,则对用户终端认证成功;否则,对用户终端认证失败;Extract terminal identity information from connection requests from several user terminals respectively, and compare the terminal identity information with the preset terminal list. If the terminal identity information exists in the preset terminal list, the user terminal is authenticated successfully; otherwise, the user terminal is authenticated successfully. Authentication failed;
基于数据中心下属的可用网关,向认证成功的所有用户终端指定相应数据传输通道;Based on the available gateways under the data center, the corresponding data transmission channels are assigned to all user terminals that have been successfully authenticated;
获取每个数据传输通道在预定时间长度范围内的数据传输速率,若数据传输速率大于或等于预设速率阈值,则保持用户终端对相应数据传输通道的使用权限不变;若数据传输速率小于预设速率阈值,则暂停用户终端对相应数据传输通道的使用权限。Obtain the data transmission rate of each data transmission channel within a predetermined time length range. If the data transmission rate is greater than or equal to the preset rate threshold, the user terminal's permission to use the corresponding data transmission channel remains unchanged; if the data transmission rate is less than the preset rate threshold, If the rate threshold is set, the user terminal's permission to use the corresponding data transmission channel will be suspended.
上述技术方案的有益效果为:当用户所持智能手机等终端需要访问数据中心,以从数据中心获取相应数据时,需要将用户所持终端连接至数据中心,此时用户所持终端向数据中心发起连接请求,数据中心接收到连接请求后,从中提取终端身份信息,并将终端身份信息与数据中心的预设终端名单进行对比,判断用户所持终端是否属于已经认证的终端,将所有认证成功的终端进行标记。再基于数据中心所处网络的可用网关以及所有认证成功的终端当前在网络已接入的网关,向所有认证成功的终端指定相应数据传输通道,每个认证成功的终端具有对指定相应数据传输通道的最优先使用权限,这样能够保证认证成功的终端具有独立访问数据中心的条件,避免与其他终端发生访问串扰。此外,以每个数据传输通道在预定时间长度范围内的数据传输速率为基准,若数据传输速率大于或等于预设速率阈值,表明数据传输通道始终保持活跃工作状态,即需要继续维持用户终端对数据传输通道的使用权限不变,保证用户终端对数据中心的持续访问;若数据传输速率小于预设速率阈值,表明数据传输通道处于空闲状态,此时暂停用户终端对相应数据传输通道的使用权限,并赋予其他用户终端对数据传输通道的使用权限,可以提高数据传输通道在不同用户终端之间的流通使用效率。The beneficial effect of the above technical solution is: when the terminal held by the user, such as a smartphone, needs to access the data center to obtain corresponding data from the data center, the terminal held by the user needs to be connected to the data center. At this time, the terminal held by the user initiates a connection request to the data center. After receiving the connection request, the data center extracts the terminal identity information from it, compares the terminal identity information with the preset terminal list of the data center, determines whether the terminal held by the user is an authenticated terminal, and marks all successfully authenticated terminals. . Based on the available gateways of the network where the data center is located and the gateways currently connected to the network of all successfully authenticated terminals, corresponding data transmission channels are assigned to all successfully authenticated terminals. Each successfully authenticated terminal has the right to specify the corresponding data transmission channel. This ensures that successfully authenticated terminals have independent access to the data center and avoids access crosstalk with other terminals. In addition, based on the data transmission rate of each data transmission channel within a predetermined time range, if the data transmission rate is greater than or equal to the preset rate threshold, it indicates that the data transmission channel always remains in an active working state, that is, the user terminal needs to continue to maintain The usage rights of the data transmission channel remain unchanged, ensuring that the user terminal has continuous access to the data center; if the data transmission rate is less than the preset rate threshold, it indicates that the data transmission channel is idle, and the user terminal's usage rights of the corresponding data transmission channel are suspended at this time. , and granting other user terminals the right to use the data transmission channel, which can improve the efficiency of the circulation and use of the data transmission channel between different user terminals.
优选地,在步骤S2中,基于用户终端的数据获取请求,在数据中心调用数据缓存空间,并将从数据中心查找得到的数据存储至数据缓存空间;基于用户终端对数据传输通道的使用权限,将数据从数据缓存空间转移至数据传输通道,包括:Preferably, in step S2, based on the user terminal's data acquisition request, the data cache space is called in the data center, and the data found from the data center is stored in the data cache space; based on the user terminal's permission to use the data transmission channel, Move data from the data cache space to the data transmission channel, including:
从用户终端的数据获取请求中提取期望获取的数据关键词,基于数据关键词,在数据中心进行数据查找,以此确定用户终端期望获取数据的数据量;Extract the desired data keywords from the user terminal's data acquisition request, and perform data search in the data center based on the data keywords to determine the amount of data the user terminal expects to obtain;
基于数据量,在数据中心调用至少一个处于空闲状态的数据缓存空间;其中,调用的所有数据缓存空间的总空间量不小于数据量;Based on the amount of data, call at least one idle data cache space in the data center; where the total space amount of all data cache spaces called is not less than the amount of data;
将从数据中心查找得到的数据进行拆分后,分别存储至调用的数据缓存空间;The data retrieved from the data center is split and stored separately in the called data cache space;
当用户终端具有对相应数据传输通道的使用权限时,将数据从数据缓存空间转移至数据传输通道,以此将数据发送至用户终端。When the user terminal has the right to use the corresponding data transmission channel, the data is transferred from the data cache space to the data transmission channel, thereby sending the data to the user terminal.
上述技术方案的有益效果为:对用户终端发出的数据获取请求进行识别,提取用户终端期望获取的数据关键词,再将数据关键词与数据中心的数据存储目录进行对比,在数据中心查找定位出期望获取的数据所在位置,并且进一步确定用户终端期望获取的数据的数据量大小。数据中心内部预先设定有若干数据缓存空间,每个数据缓存空间用于对从数据中心查找定位的数据对应的数据副本进行缓存,直到完成所有数据的查找定位后,再将全部数据副本转移到数据传输通道并进一步发送至用户终端,数据缓存空间作为数据中心的数据中转站,使得只有所有数据完成查找定位后才统一将数据副本进行发送,避免同时进行数据查找定位和发送导致数据发送紊乱的情况。每个数据缓存空间的大小是有限的,不一定能够满足将查找定位的所有数据整体进行缓存的需求,此时基于期望获取的数据的数据量大小,在数据中心调用至少一个处于空闲状态的数据缓存空间,并且使调用的所有数据缓存空间的总空间量不小于数据量,从而保证对所有数据的完整缓存,再将从数据中心查找得到的数据进行拆分后,分别存储至调用的数据缓存空间,这样后续可以快速将数据从数据缓存空间转移至数据传输通道,提高数据向用户终端的发送速度。The beneficial effects of the above technical solution are: identifying the data acquisition request issued by the user terminal, extracting the data keywords that the user terminal expects to obtain, and then comparing the data keywords with the data storage directory of the data center, and searching and locating the data in the data center. The location of the data expected to be obtained is located, and the amount of data expected to be obtained by the user terminal is further determined. There are several data cache spaces preset inside the data center. Each data cache space is used to cache the data copies corresponding to the data searched and located from the data center. After the search and positioning of all data is completed, all data copies are transferred to The data transmission channel is further sent to the user terminal. The data cache space serves as the data transfer station of the data center, so that only after all the data has completed the search and positioning, the data copies are sent uniformly. This avoids the simultaneous data search, positioning and sending, which leads to chaotic data sending. Condition. The size of each data cache space is limited and may not be able to meet the need to cache all the searched and located data. At this time, based on the amount of data expected to be obtained, at least one idle data is called in the data center. Cache space, and make the total space of all data cache spaces called not less than the amount of data, thereby ensuring complete caching of all data, and then split the data retrieved from the data center and store them in the called data cache respectively. space, so that the data can be quickly transferred from the data cache space to the data transmission channel and the speed of sending data to the user terminal can be improved.
优选地,在步骤S3中,基于数据中心当前的用户终端连接状态,判断数据中心是否处于超负荷连接状态;并当处于超负荷连接状态时,对所有用户终端进行二次认证后,变更数据中心与用户终端的连接模式,包括:Preferably, in step S3, based on the current user terminal connection status of the data center, determine whether the data center is in an overload connection state; and when it is in an overload connection state, perform secondary authentication on all user terminals, and then change the data center Connection modes with user terminals, including:
获取数据中心当前连接的用户终端数量,若用户终端数量大于或等于预设数量阈值,则判断数据中心处于超负荷连接状态;Obtain the number of user terminals currently connected to the data center. If the number of user terminals is greater than or equal to the preset number threshold, it is determined that the data center is in an overloaded connection state;
当处于超负荷连接状态时,对所有用户终端进行二次认证,识别其中存在的活跃用户终端;其中活跃用户终端是指与数据中心实时进行数据交互的用户终端;再断开数据中心与非活跃用户终端的连接关系。When in an overloaded connection state, perform secondary authentication on all user terminals to identify active user terminals among them; active user terminals refer to user terminals that interact with the data center in real time; then disconnect the data center from the inactive ones. The connection relationship of the user terminal.
上述技术方案的有益效果为:当数据中心当前连接的用户终端数量过多,数据中心自身的数据传输带宽将无法保证对所有用户终端进行及时高效的数据传输。以数据中心当前连接的用户终端数量为基准,判断数据中心是否处于超负荷连接状态,并进一步对所有用户终端进行二次认证,及时断开数据中心与非活跃用户终端的连接关系,有效将非活跃用户终端原先占用的数据传输带宽释放。The beneficial effect of the above technical solution is: when there are too many user terminals currently connected to the data center, the data transmission bandwidth of the data center itself will not be able to guarantee timely and efficient data transmission to all user terminals. Based on the number of user terminals currently connected to the data center, it is judged whether the data center is in an overloaded connection state, and further performs secondary authentication on all user terminals, promptly disconnects the data center from inactive user terminals, and effectively removes inactive users. The data transmission bandwidth originally occupied by active user terminals is released.
优选地,在步骤S4中,基于数据中心的数据传输日志,判断是否发生数据传输安全事件,并对数据传输通道进行数据检查,以此确定是否关闭数据传输通道,包括:Preferably, in step S4, based on the data transmission log of the data center, determine whether a data transmission security event occurs, and conduct a data check on the data transmission channel to determine whether to close the data transmission channel, including:
从数据中心的数据传输日志中提取对用户终端发送数据的进程记录,对进程记录进行分析,判断是否发生数据传输流量异常的安全事件;若存在,则对相应数据传输通道进行数据抽样检查,判断数据传输通道是否被非法劫持;若被非法劫持,则关闭相应数据传输通道。Extract the process record of sending data to the user terminal from the data transmission log in the data center, analyze the process record, and determine whether a security event with abnormal data transmission traffic has occurred; if so, perform a data sampling inspection on the corresponding data transmission channel to determine Whether the data transmission channel has been illegally hijacked; if it has been illegally hijacked, close the corresponding data transmission channel.
上述技术方案的有益效果为:从数据中心的数据传输日志中提取对用户终端发送数据的进程记录,从进程记录中识别对用户终端发送数据过程中的数据流量变化情况,若数据流量变化情况表明对用户终端存在发送数据流量过大时,即判断发生数据传输流量异常的安全事件,此时对相应数据传输通道进行数据抽样检查,分析采集的数据样本中是否存在非法代码,若存在,则表明数据传输通道被非法劫持,此时关闭相应数据传输通道,避免数据中心受到波及,有效提高数据中心的数据安全性。The beneficial effect of the above technical solution is: extract the process record of sending data to the user terminal from the data transmission log of the data center, and identify the data flow changes in the process of sending data to the user terminal from the process records. If the data flow changes indicate When there is excessive data traffic sent by the user terminal, it is determined that a security event occurs with abnormal data transmission traffic. At this time, a data sampling inspection is performed on the corresponding data transmission channel to analyze whether there is illegal code in the collected data samples. If it exists, it indicates The data transmission channel is illegally hijacked. At this time, the corresponding data transmission channel is closed to prevent the data center from being affected and effectively improve the data security of the data center.
参阅图2,为本发明提供的多用户场景的数据中心运行控制系统的结构示意图。该多用户场景的数据中心运行控制系统,包括:Refer to Figure 2, which is a schematic structural diagram of a data center operation control system in a multi-user scenario provided by the present invention. The data center operation control system for this multi-user scenario includes:
数据传输通道分配模块,用于对请求连接的若干用户终端进行认证后,基于数据中心的网络连接状态,向认证成功的所有用户终端指定相应数据传输通道;The data transmission channel allocation module is used to authenticate several user terminals requesting connection, and designate corresponding data transmission channels to all user terminals that have successfully authenticated based on the network connection status of the data center;
数据传输通道使用调整模块,用于基于数据传输通道的实时数据状态,调整用户终端对相应数据传输通道的使用权限;The data transmission channel usage adjustment module is used to adjust the user terminal's usage rights for the corresponding data transmission channel based on the real-time data status of the data transmission channel;
数据查找与存储模块,用于基于用户终端的数据获取请求,在数据中心调用数据缓存空间,并将从数据中心查找得到的数据存储至数据缓存空间;The data search and storage module is used to call the data cache space in the data center based on the data acquisition request from the user terminal, and store the data retrieved from the data center into the data cache space;
数据转移模块,用于基于用户终端对数据传输通道的使用权限,将数据从数据缓存空间转移至数据传输通道;The data transfer module is used to transfer data from the data cache space to the data transmission channel based on the user terminal's permission to use the data transmission channel;
连接模式变更模块,用于基于数据中心当前的用户终端连接状态,判断数据中心是否处于超负荷连接状态;并当处于超负荷连接状态时,对所有用户终端进行二次认证后,变更数据中心与用户终端的连接模式;The connection mode change module is used to determine whether the data center is in an overloaded connection state based on the current user terminal connection status of the data center; and when it is in an overloaded connection state, after secondary authentication of all user terminals, change the data center and The connection mode of the user terminal;
数据传输通道检查模块,用于基于数据中心的数据传输日志,判断是否发生数据传输安全事件,并对数据传输通道进行数据检查,以此确定是否关闭数据传输通道。The data transmission channel inspection module is used to determine whether a data transmission security event occurs based on the data transmission log of the data center, and performs data inspection on the data transmission channel to determine whether to close the data transmission channel.
上述技术方案的有益效果为:该多用户场景的数据中心运行控制系统对用户终端进行认证,并向认证成功的用户终端指定与数据中心的数据传输通道,并调整用户终端对数据传输通道的使用权限,实现不同用户终端同时独立访问数据中心;还调用数据缓存空间作为数据访问的中转站,用于完整存储用户终端所需数据,提高向用户终端返回数据的效率,有效缩短用户终端对数据中心的访问占用时间;还在数据中心处于超负荷连接状态时,二次认证用户终端和变更与用户终端的连接模式,有效释放数据中心的连接带宽资源,加快与用户终端的数据交互效率;以及发生数据传输安全事件时,对数据传输通道进行数据检查和确定是否关闭数据传输通道,避免用户终端窃取篡改数据,保证数据中心的数据安全。The beneficial effects of the above technical solution are: the multi-user scenario data center operation control system authenticates user terminals, designates data transmission channels with the data center to successfully authenticated user terminals, and adjusts the use of data transmission channels by user terminals permissions to enable different user terminals to access the data center independently at the same time; it also calls the data cache space as a transfer station for data access to completely store the data required by the user terminal, improve the efficiency of returning data to the user terminal, and effectively shorten the user terminal's access to the data center. The access time occupied; when the data center is in an overloaded connection state, secondary authentication of the user terminal and changing the connection mode with the user terminal effectively releases the connection bandwidth resources of the data center and speeds up the efficiency of data interaction with the user terminal; and occurrence In the event of a data transmission security incident, perform data inspection on the data transmission channel and determine whether to close the data transmission channel to prevent user terminals from stealing and tampering with data and ensure data security in the data center.
优选地,数据传输通道分配模块用于对请求连接的若干用户终端进行认证后,基于数据中心的网络连接状态,向认证成功的所有用户终端指定相应数据传输通道,包括:Preferably, the data transmission channel allocation module is used to authenticate several user terminals requesting connection, and then designate corresponding data transmission channels to all user terminals that have been successfully authenticated based on the network connection status of the data center, including:
分别从来自若干用户终端的连接请求中提取终端身份信息,将终端身份信息与预设终端名单进行对比,若终端身份信息存在于预设终端名单,则对用户终端认证成功;否则,对用户终端认证失败;Extract terminal identity information from connection requests from several user terminals respectively, and compare the terminal identity information with the preset terminal list. If the terminal identity information exists in the preset terminal list, the user terminal is authenticated successfully; otherwise, the user terminal is authenticated successfully. Authentication failed;
基于数据中心下属的可用网关,向认证成功的所有用户终端指定相应数据传输通道;Based on the available gateways under the data center, the corresponding data transmission channels are assigned to all user terminals that have been successfully authenticated;
数据传输通道使用调整模块用于基于数据传输通道的实时数据状态,调整用户终端对相应数据传输通道的使用权限,包括:The data transmission channel usage adjustment module is used to adjust the user terminal's usage rights for the corresponding data transmission channel based on the real-time data status of the data transmission channel, including:
获取每个数据传输通道在预定时间长度范围内的数据传输速率,若数据传输速率大于或等于预设速率阈值,则保持用户终端对相应数据传输通道的使用权限不变;若数据传输速率小于预设速率阈值,则暂停用户终端对相应数据传输通道的使用权限。Obtain the data transmission rate of each data transmission channel within a predetermined time length range. If the data transmission rate is greater than or equal to the preset rate threshold, the user terminal's permission to use the corresponding data transmission channel remains unchanged; if the data transmission rate is less than the preset rate threshold, If the rate threshold is set, the user terminal's permission to use the corresponding data transmission channel will be suspended.
上述技术方案的有益效果为:当用户所持智能手机等终端需要访问数据中心,以从数据中心获取相应数据时,需要将用户所持终端连接至数据中心,此时用户所持终端向数据中心发起连接请求,数据中心接收到连接请求后,从中提取终端身份信息,并将终端身份信息与数据中心的预设终端名单进行对比,判断用户所持终端是否属于已经认证的终端,将所有认证成功的终端进行标记。再基于数据中心所处网络的可用网关以及所有认证成功的终端当前在网络已接入的网关,向所有认证成功的终端指定相应数据传输通道,每个认证成功的终端具有对指定相应数据传输通道的最优先使用权限,这样能够保证认证成功的终端具有独立访问数据中心的条件,避免与其他终端发生访问串扰。此外,以每个数据传输通道在预定时间长度范围内的数据传输速率为基准,若数据传输速率大于或等于预设速率阈值,表明数据传输通道始终保持活跃工作状态,即需要继续维持用户终端对数据传输通道的使用权限不变,保证用户终端对数据中心的持续访问;若数据传输速率小于预设速率阈值,表明数据传输通道处于空闲状态,此时暂停用户终端对相应数据传输通道的使用权限,并赋予其他用户终端对数据传输通道的使用权限,可以提高数据传输通道在不同用户终端之间的流通使用效率。The beneficial effect of the above technical solution is: when the terminal held by the user, such as a smartphone, needs to access the data center to obtain corresponding data from the data center, the terminal held by the user needs to be connected to the data center. At this time, the terminal held by the user initiates a connection request to the data center. After receiving the connection request, the data center extracts the terminal identity information from it, compares the terminal identity information with the preset terminal list of the data center, determines whether the terminal held by the user is an authenticated terminal, and marks all successfully authenticated terminals. . Based on the available gateways of the network where the data center is located and the gateways currently connected to the network of all successfully authenticated terminals, corresponding data transmission channels are assigned to all successfully authenticated terminals. Each successfully authenticated terminal has the right to specify the corresponding data transmission channel. This ensures that successfully authenticated terminals have independent access to the data center and avoids access crosstalk with other terminals. In addition, based on the data transmission rate of each data transmission channel within a predetermined time range, if the data transmission rate is greater than or equal to the preset rate threshold, it indicates that the data transmission channel always remains in an active working state, that is, the user terminal needs to continue to maintain The usage rights of the data transmission channel remain unchanged, ensuring that the user terminal has continuous access to the data center; if the data transmission rate is less than the preset rate threshold, it indicates that the data transmission channel is idle, and the user terminal's usage rights of the corresponding data transmission channel are suspended at this time. , and granting other user terminals the right to use the data transmission channel, which can improve the efficiency of the circulation and use of the data transmission channel between different user terminals.
优选地,数据查找与存储模块用于基于用户终端的数据获取请求,在数据中心调用数据缓存空间,并将从数据中心查找得到的数据存储至数据缓存空间,包括:Preferably, the data search and storage module is used to call the data cache space in the data center based on the user terminal's data acquisition request, and store the data searched from the data center into the data cache space, including:
从用户终端的数据获取请求中提取期望获取的数据关键词,基于数据关键词,在数据中心进行数据查找,以此确定用户终端期望获取数据的数据量;Extract the desired data keywords from the user terminal's data acquisition request, and perform data search in the data center based on the data keywords to determine the amount of data the user terminal expects to obtain;
基于数据量,在数据中心调用至少一个处于空闲状态的数据缓存空间;其中,调用的所有数据缓存空间的总空间量不小于数据量;Based on the amount of data, call at least one idle data cache space in the data center; where the total space amount of all data cache spaces called is not less than the amount of data;
将从数据中心查找得到的数据进行拆分后,分别存储至调用的数据缓存空间;The data retrieved from the data center is split and stored separately in the called data cache space;
数据转移模块用于基于用户终端对数据传输通道的使用权限,将数据从数据缓存空间转移至数据传输通道,包括:The data transfer module is used to transfer data from the data cache space to the data transmission channel based on the user terminal's permission to use the data transmission channel, including:
当用户终端具有对相应数据传输通道的使用权限时,将数据从数据缓存空间转移至数据传输通道,以此将数据发送至用户终端。When the user terminal has the right to use the corresponding data transmission channel, the data is transferred from the data cache space to the data transmission channel, thereby sending the data to the user terminal.
上述技术方案的有益效果为:对用户终端发出的数据获取请求进行识别,提取用户终端期望获取的数据关键词,再将数据关键词与数据中心的数据存储目录进行对比,在数据中心查找定位出期望获取的数据所在位置,并且进一步确定用户终端期望获取的数据的数据量大小。数据中心内部预先设定有若干数据缓存空间,每个数据缓存空间用于对从数据中心查找定位的数据对应的数据副本进行缓存,直到完成所有数据的查找定位后,再将全部数据副本转移到数据传输通道并进一步发送至用户终端,数据缓存空间作为数据中心的数据中转站,使得只有所有数据完成查找定位后才统一将数据副本进行发送,避免同时进行数据查找定位和发送导致数据发送紊乱的情况。每个数据缓存空间的大小是有限的,不一定能够满足将查找定位的所有数据整体进行缓存的需求,此时基于期望获取的数据的数据量大小,在数据中心调用至少一个处于空闲状态的数据缓存空间,并且使调用的所有数据缓存空间的总空间量不小于数据量,从而保证对所有数据的完整缓存,再将从数据中心查找得到的数据进行拆分后,分别存储至调用的数据缓存空间,这样后续可以快速将数据从数据缓存空间转移至数据传输通道,提高数据向用户终端的发送速度。The beneficial effects of the above technical solution are: identifying the data acquisition request issued by the user terminal, extracting the data keywords that the user terminal expects to obtain, and then comparing the data keywords with the data storage directory of the data center, and searching and locating the data in the data center. The location of the data expected to be obtained is located, and the amount of data expected to be obtained by the user terminal is further determined. There are several data cache spaces preset inside the data center. Each data cache space is used to cache the data copies corresponding to the data searched and located from the data center. After the search and positioning of all data is completed, all data copies are transferred to The data transmission channel is further sent to the user terminal. The data cache space serves as the data transfer station of the data center, so that only after all the data has completed the search and positioning, the data copies are sent uniformly, avoiding the simultaneous data search, positioning and sending, which leads to chaotic data sending. Condition. The size of each data cache space is limited and may not be able to meet the need to cache all the searched and located data. At this time, based on the amount of data expected to be obtained, at least one idle data is called in the data center Cache space, and make the total space of all data cache spaces called not less than the amount of data, thereby ensuring complete caching of all data, and then split the data retrieved from the data center and store them in the called data cache respectively. space, so that the data can be quickly transferred from the data cache space to the data transmission channel and the speed of sending data to the user terminal can be improved.
优选地,连接模式变更模块用于基于数据中心当前的用户终端连接状态,判断数据中心是否处于超负荷连接状态;并当处于超负荷连接状态时,对所有用户终端进行二次认证后,变更数据中心与用户终端的连接模式,包括:Preferably, the connection mode changing module is used to determine whether the data center is in an overloaded connection state based on the current user terminal connection status of the data center; and when it is in the overloaded connection state, perform secondary authentication on all user terminals and change the data. The connection mode between the center and user terminals includes:
获取数据中心当前连接的用户终端数量,若用户终端数量大于或等于预设数量阈值,则判断数据中心处于超负荷连接状态;Obtain the number of user terminals currently connected to the data center. If the number of user terminals is greater than or equal to the preset number threshold, it is determined that the data center is in an overloaded connection state;
当处于超负荷连接状态时,对所有用户终端进行二次认证,识别其中存在的活跃用户终端;其中活跃用户终端是指与数据中心实时进行数据交互的用户终端;再断开数据中心与非活跃用户终端的连接关系。When in an overloaded connection state, perform secondary authentication on all user terminals to identify active user terminals among them; active user terminals refer to user terminals that interact with the data center in real time; then disconnect the data center from the inactive ones. The connection relationship of the user terminal.
上述技术方案的有益效果为:当数据中心当前连接的用户终端数量过多,数据中心自身的数据传输带宽将无法保证对所有用户终端进行及时高效的数据传输。以数据中心当前连接的用户终端数量为基准,判断数据中心是否处于超负荷连接状态,并进一步对所有用户终端进行二次认证,及时断开数据中心与非活跃用户终端的连接关系,有效将非活跃用户终端原先占用的数据传输带宽释放。The beneficial effect of the above technical solution is: when there are too many user terminals currently connected to the data center, the data transmission bandwidth of the data center itself will not be able to guarantee timely and efficient data transmission to all user terminals. Based on the number of user terminals currently connected to the data center, it is judged whether the data center is in an overloaded connection state, and further performs secondary authentication on all user terminals, promptly disconnects the data center from inactive user terminals, and effectively removes inactive users. The data transmission bandwidth originally occupied by active user terminals is released.
优选地,数据传输通道检查模块用于基于数据中心的数据传输日志,判断是否发生数据传输安全事件,并对数据传输通道进行数据检查,以此确定是否关闭数据传输通道,包括:Preferably, the data transmission channel inspection module is used to determine whether a data transmission security event occurs based on the data transmission log of the data center, and performs data inspection on the data transmission channel to determine whether to close the data transmission channel, including:
从数据中心的数据传输日志中提取对用户终端发送数据的进程记录,对进程记录进行分析,判断是否发生数据传输流量异常的安全事件;若存在,则对相应数据传输通道进行数据抽样检查,判断数据传输通道是否被非法劫持;若被非法劫持,则关闭相应数据传输通道。Extract the process record of sending data to the user terminal from the data transmission log in the data center, analyze the process record, and determine whether a security event with abnormal data transmission traffic has occurred; if so, perform a data sampling inspection on the corresponding data transmission channel to determine Whether the data transmission channel has been illegally hijacked; if it has been illegally hijacked, close the corresponding data transmission channel.
上述技术方案的有益效果为:从数据中心的数据传输日志中提取对用户终端发送数据的进程记录,从进程记录中识别对用户终端发送数据过程中的数据流量变化情况,若数据流量变化情况表明对用户终端存在发送数据流量过大时,即判断发生数据传输流量异常的安全事件,此时对相应数据传输通道进行数据抽样检查,分析采集的数据样本中是否存在非法代码,若存在,则表明数据传输通道被非法劫持,此时关闭相应数据传输通道,避免数据中心受到波及,有效提高数据中心的数据安全性。The beneficial effect of the above technical solution is: extract the process record of sending data to the user terminal from the data transmission log of the data center, and identify the data flow changes in the process of sending data to the user terminal from the process records. If the data flow changes indicate When there is excessive data traffic sent by the user terminal, it is determined that a security event occurs with abnormal data transmission traffic. At this time, a data sampling inspection is performed on the corresponding data transmission channel to analyze whether there is illegal code in the collected data samples. If it exists, it indicates The data transmission channel is illegally hijacked. At this time, the corresponding data transmission channel is closed to prevent the data center from being affected and effectively improve the data security of the data center.
从上述实施例的内容可知,该多用户场景的数据中心运行控制方法和系统对用户终端进行认证,并向认证成功的用户终端指定与数据中心的数据传输通道,并调整用户终端对数据传输通道的使用权限,实现不同用户终端同时独立访问数据中心;还调用数据缓存空间作为数据访问的中转站,用于完整存储用户终端所需数据,提高向用户终端返回数据的效率,有效缩短用户终端对数据中心的访问占用时间;还在数据中心处于超负荷连接状态时,二次认证用户终端和变更与用户终端的连接模式,有效释放数据中心的连接带宽资源,加快与用户终端的数据交互效率;以及发生数据传输安全事件时,对数据传输通道进行数据检查和确定是否关闭数据传输通道,避免用户终端窃取篡改数据,保证数据中心的数据安全。It can be seen from the contents of the above embodiments that the data center operation control method and system in a multi-user scenario authenticates user terminals, designates a data transmission channel with the data center to the successfully authenticated user terminal, and adjusts the data transmission channel of the user terminal. The usage rights enable different user terminals to access the data center independently at the same time; the data cache space is also called as a transfer station for data access to completely store the data required by the user terminal, improve the efficiency of returning data to the user terminal, and effectively shorten the user terminal's access to the data center. The data center access time is occupied; when the data center is in an overloaded connection state, the user terminal is authenticated twice and the connection mode with the user terminal is changed, effectively releasing the connection bandwidth resources of the data center and accelerating the efficiency of data interaction with the user terminal; And when a data transmission security incident occurs, perform data inspection on the data transmission channel and determine whether to close the data transmission channel to prevent user terminals from stealing and tampering with data and ensure data security in the data center.
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310828315.4A CN116545784B (en) | 2023-07-07 | 2023-07-07 | Data center operation control method and system for multi-user scene |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310828315.4A CN116545784B (en) | 2023-07-07 | 2023-07-07 | Data center operation control method and system for multi-user scene |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116545784A CN116545784A (en) | 2023-08-04 |
| CN116545784B true CN116545784B (en) | 2023-09-08 |
Family
ID=87452888
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310828315.4A Active CN116545784B (en) | 2023-07-07 | 2023-07-07 | Data center operation control method and system for multi-user scene |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116545784B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117040925B (en) * | 2023-10-08 | 2023-12-15 | 国网四川省电力公司信息通信公司 | Data security interactive control method and system for multiple working terminals |
| CN117272392B (en) * | 2023-11-21 | 2024-03-15 | 国网四川省电力公司信息通信公司 | Data security protection and backup control method and system for terminal |
| CN117915432B (en) * | 2024-03-19 | 2024-06-07 | 中铁四局集团有限公司 | Relay network transmission optimization method |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002021838A1 (en) * | 2000-09-06 | 2002-03-14 | Robert Agresta | Entertainment server with portable terminal |
| CN102737159A (en) * | 2011-03-15 | 2012-10-17 | 西门子公司 | Operation of a data processing network with multiple geographically decentralised data centres |
| WO2016110062A1 (en) * | 2015-01-09 | 2016-07-14 | 华为技术有限公司 | Network quality of service adjustment method and apparatus |
| CN107872517A (en) * | 2017-10-23 | 2018-04-03 | 北京奇艺世纪科技有限公司 | A kind of data processing method and device |
| CN108092808A (en) * | 2017-12-12 | 2018-05-29 | 郑州云海信息技术有限公司 | A kind of method for managing security of data center's total management system |
| CN110149235A (en) * | 2019-05-28 | 2019-08-20 | 中山大学 | A kind of tree network agency plant for supporting multi-user and multiple network protocol, dynamic extending |
| CN110928911A (en) * | 2019-12-10 | 2020-03-27 | 北大方正集团有限公司 | Review request processing system, method, apparatus, computer readable storage medium |
| CN113378151A (en) * | 2021-06-23 | 2021-09-10 | 上海红阵信息科技有限公司 | Unified identity authentication system and method based on mimicry structure |
| CN114422197A (en) * | 2021-12-25 | 2022-04-29 | 百安居信息技术(上海)有限公司 | Permission access control method and system based on policy management |
| CN115985441A (en) * | 2023-01-14 | 2023-04-18 | 何梦婷 | Intelligent statistical analysis system applied to medical data center |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009145987A2 (en) * | 2008-03-30 | 2009-12-03 | Symplified, Inc. | System, method, and apparatus for single sign-on and managing access to resources across a network |
| US20100077208A1 (en) * | 2008-09-19 | 2010-03-25 | Microsoft Corporation | Certificate based authentication for online services |
| US9021594B2 (en) * | 2013-06-19 | 2015-04-28 | International Business Machines Corporation | Intelligent risk level grouping for resource access recertification |
-
2023
- 2023-07-07 CN CN202310828315.4A patent/CN116545784B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002021838A1 (en) * | 2000-09-06 | 2002-03-14 | Robert Agresta | Entertainment server with portable terminal |
| CN102737159A (en) * | 2011-03-15 | 2012-10-17 | 西门子公司 | Operation of a data processing network with multiple geographically decentralised data centres |
| WO2016110062A1 (en) * | 2015-01-09 | 2016-07-14 | 华为技术有限公司 | Network quality of service adjustment method and apparatus |
| CN107872517A (en) * | 2017-10-23 | 2018-04-03 | 北京奇艺世纪科技有限公司 | A kind of data processing method and device |
| CN108092808A (en) * | 2017-12-12 | 2018-05-29 | 郑州云海信息技术有限公司 | A kind of method for managing security of data center's total management system |
| CN110149235A (en) * | 2019-05-28 | 2019-08-20 | 中山大学 | A kind of tree network agency plant for supporting multi-user and multiple network protocol, dynamic extending |
| CN110928911A (en) * | 2019-12-10 | 2020-03-27 | 北大方正集团有限公司 | Review request processing system, method, apparatus, computer readable storage medium |
| CN113378151A (en) * | 2021-06-23 | 2021-09-10 | 上海红阵信息科技有限公司 | Unified identity authentication system and method based on mimicry structure |
| CN114422197A (en) * | 2021-12-25 | 2022-04-29 | 百安居信息技术(上海)有限公司 | Permission access control method and system based on policy management |
| CN115985441A (en) * | 2023-01-14 | 2023-04-18 | 何梦婷 | Intelligent statistical analysis system applied to medical data center |
Non-Patent Citations (1)
| Title |
|---|
| 基于桌面云的计算资源控制保护方案;王健;李昶;韩磊;韩臻;;信息网络安全(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116545784A (en) | 2023-08-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116545784B (en) | Data center operation control method and system for multi-user scene | |
| EP3570515B1 (en) | Method, device, and system for invoking network function service | |
| CN101309272B (en) | Authentication server and mobile communication terminal access controlling method of virtual private network | |
| WO2022062639A1 (en) | Data transmission method and apparatus, and electronic device and storage medium | |
| CN106982430B (en) | Portal authentication method and system based on user use habits | |
| CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
| CN113221093B (en) | Single sign-on system, method, equipment and product based on block chain | |
| CN113051570B (en) | Server access monitoring method and device | |
| WO2016165505A1 (en) | Connection control method and apparatus | |
| CN111931163A (en) | Method, system, equipment and storage medium for controlling multi-service platform authority | |
| WO2021143028A1 (en) | Internet of things equipment authentication method, electronic device and storage medium | |
| WO2024169595A1 (en) | Service invocation method in hybrid cloud environment, and electronic device and system | |
| CN120378470A (en) | Multi-device cooperative control method and device, computer device and storage medium | |
| CN110909030B (en) | Information processing method and server cluster | |
| WO2023011233A1 (en) | Traffic management method and apparatus, device, and computer-readable storage medium | |
| CN111147468A (en) | User access method, device, electronic equipment and storage medium | |
| CN107645474A (en) | Log in the method for open platform and log in the device of open platform | |
| US20240348589A1 (en) | Method, server, and computer program product for identity authentication | |
| CN115396145B (en) | Blockchain access control method based on centralized strategy | |
| CN110266657A (en) | Authentication method and device, resource access method and device, storage medium | |
| CN111125653A (en) | High-concurrency unified authentication method based on Nginx and Redis | |
| CN110636511B (en) | Authorized spectrum sharing system and method in mass internet of things equipment access environment | |
| CN110198294A (en) | Security attack detection method and device | |
| CN116975805A (en) | Data processing method, device, equipment, storage medium and product | |
| CN114416282A (en) | Connection control method, device, related equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |