Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for deploying security access control policy

A security access control and policy technology, applied in the field of network security, can solve problems such as heavy configuration work, time-consuming, human configuration errors, etc.

Active Publication Date: 2015-11-25
HUAWEI CLOUD COMPUTING TECH CO LTD
View PDF4 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The embodiment of the present invention provides a method and device for deploying a security access control policy, which is used to solve the problem in the prior art that the configuration of the security access control policy needs to be manually completed, resulting in heavy configuration work, time-consuming, and the possibility of human configuration errors sexual problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for deploying security access control policy
  • Method and device for deploying security access control policy
  • Method and device for deploying security access control policy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0148] refer to Figure 5 As shown, it is a specific flow chart of deploying security access control policies:

[0149] Step 501: The user determines the application template and the corresponding security template required for creating the application, generates an application creation instruction according to the confirmation result, and sends the application creation instruction to the cloud management platform through the client.

[0150] Step 502: The cloud management platform calls the virtualization platform interface according to the application creation instruction and the determined application template, creates a virtual machine VM in the application, and sets an IP address for each created VM, or uses DHCP for each created virtual machine. The machine is assigned an IP address.

[0151] Step 503: the virtualization platform sends a confirmation instruction to the cloud management platform, indicating that the VM is created successfully, and returns the IP address ...

Embodiment 2

[0157] refer to Figure 6 As shown, when the application is migrated, the cloud management platform resets the security access control policy for the migrated application.

[0158] Step 601: The user selects the application to be migrated, selects the destination network and destination firewall to which the application needs to be migrated, and generates an application migration command according to the selection result, and the user sends the application migration command to the cloud management platform through the client.

[0159] Wherein, the destination network generally refers to another network segment, and after the network segment changes, it may be in another firewall.

[0160] Step 602: The cloud management platform invokes the virtualization platform interface, uses the application template to create a corresponding new virtual machine for each application component in the application, obtains the IP address of each new virtual machine, and converts each applicati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of network security, especially relates to a method and device for deploying a security access control policy, and is to solve the problems that, in the prior art, since the security access control policy needs to be configured manually, the configuration work is strenuous and time consuming, and possibility of man-made configuration errors exists. The method is characterized in that a cloud management platform determines an application template adopted by an application needing to be established according to an application establishing instruction, and a security template corresponding to the application template; the cloud management platform notifies a virtualization platform to establish a corresponding virtual machine for each application assembly in the application according to the application template, and obtains the IP address of each virtual machine established by the virtualization platform; the cloud management platform adopts the security template to generate a group of security access control policy corresponding to the application according to the IP address of each virtual machine; and the cloud management platform releases the group of security access control policy to the corresponding firewall. Therefore, automatic deployment of the security access control policy is realized.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and device for deploying a security access control strategy. Background technique [0002] A firewall is a network security system used to strengthen access control between networks and prevent external network users from illegally entering the internal network and accessing internal network resources. It checks the data packets transmitted between two or more networks according to certain security access policies to determine whether the communication between the networks is allowed. [0003] In practical applications, data center networks usually use firewalls to divide several security domains. Among them, a security domain is a logical area, which has the same or similar security protection requirements, and the security risk of data flow within the same security domain is small. However, due to different security levels, access between security domains is usually pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0227H04L63/10G06F21/604H04L63/0209H04L63/105H04L67/10H04L63/20H04L41/0843H04L61/5014H04L41/0895H04L41/0897G06F9/45558G06F2009/45587G06F2009/45595H04L63/0263
Inventor 刘春亮贾海青孙斗
Owner HUAWEI CLOUD COMPUTING TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com