Cloud data center service subnet security management method and system

Abstract

The invention discloses a cloud data center service subnet security management method and system. The cloud data center service subnet security management method comprises the steps: according to service security requirements of each service subnet, determining a firewall rule corresponding to the service security requirements of each service subnet; by referring to the firewall rule corresponding to each service subnet, configuring a virtual firewall corresponding to each service subnet; by utilizing all configured virtual firewalls, performing security protection on access data of each service subnet; wherein the service security requirements of each service subnet are data access security requirements between a service subnet and another service subnet in a cloud data center. According to the cloud data center service subnet security management method and system, the virtual firewalls capable of being configured in the interior of a physical server are introduced; furthermore, each virtual firewall can be configured with the self corresponding firewall rule according to the service security requirements of different service subnets; therefore, a purpose that a security protection function is provided for different service subnets in the data center so as to improve the security of internal data in the cloud data center is implemented.

Description

technical field [0001] The invention relates to the technical field of cloud computing and firewall design, in particular to a security management method and system for a cloud data center service subnet. Background technique [0002] At present, with the rapid development of cloud computing and large-scale data centers, more and more enterprises and governments choose to rent cloud data center services. For example, an enterprise leases the services of a cloud data center to run its business and store all business data. These business data are related to the normal operation of the enterprise and even involve the core secrets of the enterprise. Once the key data of the cloud data center is illegally read or destroyed , will cause the core business of the enterprise to fail to operate normally, which in turn will bring irreparable losses to the enterprise. It can be seen that this brings great challenges to the security design and management of cloud data centers. [0003]...

AI Technical Summary

Problems solved by technology

However, since traditional physical hardware firewalls cannot be deployed inside physical hosts (also known as physical servers), they can only provide security protection for the network entrance of the cloud data center, but cannot provide security protection between different business subnets in the data center. function, affecting the security of data inside the cloud data center

[0004] The above challenges have brought great complexity to the security design of cloud data centers, and the existence of this contradiction has seriously affected the development of data centers and the requirements of enterprises for data center security, and has become a technical problem that needs to be solved urgently. Therefore, There is an urgent need for a new security management method for cloud data center business subnets to solve the above problems

Images