【摘要】：近年來,隨著互聯(lián)網(wǎng)行業(yè)的快速發(fā)展,云計算技術(shù)應(yīng)運而生,并且在全世界范圍內(nèi)得到廣泛應(yīng)用和推廣,云計算作為網(wǎng)格計算的替代品,實現(xiàn)了數(shù)據(jù)的集中存儲、管理和共享,提供快捷方便的服務(wù)、高效精確的運算,還能大幅降低運營成本,保證業(yè)務(wù)連續(xù)性。凡事皆有利有弊,云計算雖說功能強大,但技術(shù)尚未成熟,在云計算的應(yīng)用過程中,國內(nèi)外出現(xiàn)安全事故的消息也不絕于耳,云計算的安全風(fēng)險逐漸引起人們的重視,從單一用戶到多租戶、可控的物理邊界到虛擬的網(wǎng)絡(luò)邊界,云安全的威脅無處不在,云計算的核心技術(shù)為虛擬化,虛擬網(wǎng)絡(luò)的安全直接關(guān)系到云的安全,為了實現(xiàn)真正意義上的數(shù)據(jù)安全,為了使用戶完全信賴云計算,讓云計算的作用得到更大限度的發(fā)揮,從而實現(xiàn)大規(guī)模的應(yīng)用和部署,必須保證虛擬網(wǎng)絡(luò)的安全。由此可見,對系統(tǒng)的需求十分迫切。 本文完成的主要工作包括： (1)調(diào)研了國內(nèi)外云計算的發(fā)展狀況,對比了當(dāng)前主流的虛擬化平臺,并分析了虛擬網(wǎng)絡(luò)防護系統(tǒng)所需要的理論和技術(shù),包括虛擬化技術(shù)Hypervisor、 ESX/ESXi和Libvirt,訪問控制技術(shù)IPTABLES, Web通信技術(shù)Django、Web.py和REST API; (2)從功能需求和性能需求等方面論述了虛擬網(wǎng)絡(luò)防護系統(tǒng)的需求,在此基礎(chǔ)上對系統(tǒng)進行了整體設(shè)計。為了兼顧系統(tǒng)的高可用性、穩(wěn)定性和可護展性,采用了B/S架構(gòu)為基本框架,系統(tǒng)按邏輯結(jié)構(gòu)劃分為展示層、控制層、接口層、功能模塊層和數(shù)據(jù)層；設(shè)計了用戶界面,定義了系統(tǒng)的基本功能,并對所有的功能模塊進行詳細的闡述； (3)研究分析了各大網(wǎng)站使用的框架,對比了主要的頁面開發(fā)語言,并由此確定了系統(tǒng)的開發(fā)框架。為了實現(xiàn)整體結(jié)構(gòu)的松耦合、靈活性和可伸縮性,選擇基于MVC(模型-視圖-控制)的軟件架構(gòu)模式；詳細闡述了展示層模塊、數(shù)據(jù)采集模塊、策略模塊以及關(guān)鍵數(shù)據(jù)庫的設(shè)計與實現(xiàn)過程； (4)對系統(tǒng)測試環(huán)境及部署環(huán)境進行了詳細闡述,通過功能測試、性能測試和安全測試驗證了系統(tǒng)的可用性。 本文設(shè)計和實現(xiàn)的虛擬網(wǎng)絡(luò)防護系統(tǒng)已經(jīng)在國家某市政府投入使用。系統(tǒng)針對虛擬網(wǎng)絡(luò)邊界模糊、多租戶以及資源管理困難等問題,采取劃分安全域的手段,以域策略來對虛擬網(wǎng)絡(luò)進行隔離,從而保護用戶數(shù)據(jù)的安全。經(jīng)驗證,系統(tǒng)運行穩(wěn)定且具備高可用性,達到了預(yù)期目標。
[Abstract]:In recent years, with the rapid development of the Internet industry, cloud computing technology emerges as the times require, and is widely used and popularized in the world. Cloud computing, as a substitute for grid computing, realizes the centralized storage, management and sharing of data. Provide fast and convenient services, efficient and accurate operation, but also significantly reduce operating costs, to ensure business continuity. Cloud computing has its advantages and disadvantages. Although cloud computing is powerful, its technology is not yet mature. In the process of cloud computing application, the news of security accidents at home and abroad is heard, and the security risks of cloud computing gradually attract people's attention. From single user to multi-tenant, controllable physical boundary to virtual network boundary, cloud security threat is ubiquitous, the core technology of cloud computing is virtualization, the security of virtual network is directly related to cloud security. In order to realize the real data security, to make the user trust cloud computing completely, to make the cloud computing function more fully, and to realize the large-scale application and deployment, the security of the virtual network must be guaranteed. Thus, the demand for the system is very urgent. The main works of this paper are as follows: (1) the development of cloud computing at home and abroad is investigated, the current mainstream virtualization platform is compared, and the theory and technology of virtual network protection system are analyzed. Including virtualization technology Hypervisor, ESX/ESXi and Libvirt, access control technology IPTABLES, Web communication technology Django,Web.py and REST API; (2) the requirements of virtual network protection system are discussed from the aspects of function requirement and performance requirement, and the system is designed as a whole. In order to take into account the high availability, stability and expansibility of the system, B / S architecture is adopted as the basic framework. The system is divided into display layer, control layer, interface layer, functional module layer and data layer according to the logical structure. The user interface is designed, the basic functions of the system are defined, and all the functional modules are described in detail. (3) the frame of each website is analyzed, the main page development languages are compared, and the development framework of the system is determined. In order to realize the loose coupling, flexibility and scalability of the whole structure, the software architecture model based on MVC (Model-View-Control) is chosen. The design and implementation of display layer module, data acquisition module, strategy module and key database are described in detail. (4) the system test environment and deployment environment are described in detail. The usability of the system is verified by function test, performance test and security test. The virtual network protection system designed and implemented in this paper has been put into use in a city government. Aiming at the problems of fuzzy boundary of virtual network, multi-tenancy and difficulty of resource management, the system adopts the method of dividing the security domain and isolating the virtual network by domain strategy, so as to protect the security of user data. It is proved that the system runs stably and has high availability and achieves the expected goal.
【學(xué)位授予單位】：中國科學(xué)院大學(xué)（工程管理與信息技術(shù)學(xué)院）
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前7條

1 張良銀;;淺論C/S和B/S體系結(jié)構(gòu)[J];工程地質(zhì)計算機應(yīng)用;2006年04期

2 Eric Schmidt;網(wǎng)絡(luò)就是計算機[J];今日電子;1995年01期

3 DarleneYaplee;“網(wǎng)絡(luò)就是計算機”[J];電子產(chǎn)品世界;1995年01期

4 陳樂;楊小虎;;MVC模式在分布式環(huán)境下的應(yīng)用研究[J];計算機工程;2006年19期

5 任中方,張華,閆明松,陳世福;MVC模式研究的綜述[J];計算機應(yīng)用研究;2004年10期

6 古俐明;;集群服務(wù)器負載均衡技術(shù)研究[J];微計算機信息;2007年12期

7 潘冰;;面向資源的RESTful Web應(yīng)用研究[J];微計算機應(yīng)用;2010年07期

，

本文編號：2364068