Openstack based agent deployment system and method

Abstract

The invention relates to an openstack based agent deployment system and method, and relates to the field of cloud computing. The openstack based agent deployment system comprises a server, a first management access switch, a second management access switch, a management core switch and at least one computing node, wherein the server is connected with the management core switch through the second management access switch, and the management core switch is connected with the first management access switch. The characteristics lie in that each computing node comprises an agent virtual machine and a management virtual switch, and an agent management network card of the agent virtual machine is bound to the management virtual switch; each computing node corresponds to one computing node management network card, the computing node management network card accesses to a port of the first management access switch, and the management virtual switch binds the computing node management network card. The openstack based agent deployment system reduces forwarding paths, improves the network forwarding performance and reduce the later workload of the operation and maintenance personnel under the condition of conforming to third-level requirements of classified protection.

Description

technical field [0001] The invention relates to the field of cloud computing, in particular to an openstack-based agent deployment system and method. Background technique [0002] When building a cloud computing IAAS (Infrastructure as a Service) based on openstack, some agents, such as monitoring agents, antivirus agents, and database auditing, need to be deployed if the Class III security requirements are met. In general, when deploying a cloud computing IaaS platform that meets the Class III security requirements, the network must be divided into three networks: management network, business network, and storage network, and the three networks must be isolated from each other. [0003] Such as figure 1 As shown, in a cloud data center that meets the third-level security guarantee, the operation and maintenance monitoring management system, database audit system, and cloud anti-virus system must be deployed in the operation and maintenance management area, and these system...

AI Technical Summary

Problems solved by technology

[0004] (1) if figure 1 As shown, due to the design of the openstack architecture, the virtual machine can only communicate with the outside world through the business network, but the business network and the management network cannot communicate with each other, so the agent cannot communicate with the server, because the server is deployed in the operation and maintenance management area

If the system is to work normally, it is necessary to connect the management plane and the business plane, such as figure 2 As shown in the figure, a network cable is connected between the management firewall and the service firewall; however, this will leave potential safety hazards and does not meet the requirements of the third-level security protection

[0005] (2) if figure 2 As shown, in the case of forcibly connecting the management network and the business network, the proxy communicates with the server, and the data flow path becomes: proxy → business virtual switch → business access switch → business core switch → business firewall → management firewall → management Core switch → management access switch → server; the forwarding path is very long, which reduces the proxy efficiency and affects the network forwarding performance of the proxy virtual machine

[0006] (3) In the case of forcibly opening up the management network and the business network, it is necessary to set up corresponding firewall security policies to isolate the corresponding network segments, which increases additional configuration work. As the number of tenants increases, the policies also increase; Greatly increase the workload of operation and maintenance personnel in the later stage

Images