Method and device for deploying security access control policy
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A security access control and policy technology, applied in the field of network security, can solve problems such as heavy configuration work, time-consuming, human configuration errors, etc.
Active Publication Date: 2015-11-25
HUAWEI CLOUD COMPUTING TECH CO LTD
View PDF4 Cites 26 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0006] The embodiment of the present invention provides a method and device for deploying a security access control policy, which is used to solve the problem in the prior art that the configuration of the security access control policy needs to be manually completed, resulting in heavy configuration work, time-consuming, and the possibility of human configuration errors sexual problems
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0148] refer to Figure 5 As shown, it is a specific flow chart of deploying security access control policies:
[0149] Step 501: The user determines the application template and the corresponding security template required for creating the application, generates an application creation instruction according to the confirmation result, and sends the application creation instruction to the cloud management platform through the client.
[0150] Step 502: The cloud management platform calls the virtualization platform interface according to the application creation instruction and the determined application template, creates a virtual machine VM in the application, and sets an IP address for each created VM, or uses DHCP for each created virtual machine. The machine is assigned an IP address.
[0151] Step 503: the virtualization platform sends a confirmation instruction to the cloud management platform, indicating that the VM is created successfully, and returns the IP address ...
Embodiment 2
[0157] refer to Figure 6 As shown, when the application is migrated, the cloud management platform resets the security access control policy for the migrated application.
[0158] Step 601: The user selects the application to be migrated, selects the destination network and destination firewall to which the application needs to be migrated, and generates an application migration command according to the selection result, and the user sends the application migration command to the cloud management platform through the client.
[0159] Wherein, the destination network generally refers to another network segment, and after the network segment changes, it may be in another firewall.
[0160] Step 602: The cloud management platform invokes the virtualization platform interface, uses the application template to create a corresponding new virtual machine for each application component in the application, obtains the IP address of each new virtual machine, and converts each applicati...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention relates to the field of network security, especially relates to a method and device for deploying a security access control policy, and is to solve the problems that, in the prior art, since the security access control policy needs to be configured manually, the configuration work is strenuous and time consuming, and possibility of man-made configuration errors exists. The method is characterized in that a cloud management platform determines an application template adopted by an application needing to be established according to an application establishing instruction, and a security template corresponding to the application template; the cloud management platform notifies a virtualization platform to establish a corresponding virtual machine for each application assembly in the application according to the application template, and obtains the IP address of each virtual machine established by the virtualization platform; the cloud management platform adopts the security template to generate a group of security access control policy corresponding to the application according to the IP address of each virtual machine; and the cloud management platform releases the group of security access control policy to the corresponding firewall. Therefore, automatic deployment of the security access control policy is realized.
Description
technical field [0001] The invention relates to the field of network security, in particular to a method and device for deploying a security access control strategy. Background technique [0002] A firewall is a network security system used to strengthen access control between networks and prevent external network users from illegally entering the internal network and accessing internal network resources. It checks the data packets transmitted between two or more networks according to certain security access policies to determine whether the communication between the networks is allowed. [0003] In practical applications, data center networks usually use firewalls to divide several security domains. Among them, a security domain is a logical area, which has the same or similar security protection requirements, and the security risk of data flow within the same security domain is small. However, due to different security levels, access between security domains is usually pr...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more