Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Secure protection method for container service and data processing method, device and equipment

A security protection and container technology, applied in the computer field, can solve problems such as the inability to fundamentally contain attacks, the inability of the cluster to provide services, and the unavailability of the control center to avoid the impact.

Active Publication Date: 2019-03-05
ALIBABA CLOUD COMPUTING LTD
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this cannot fundamentally prevent the occurrence of attacks. Some advanced attackers can continue to launch DDOS or other types of attacks by forging trusted IP addresses, etc.
However, once the management and control center suffers a large-scale attack, the entire management and control center will be unavailable, and all clusters will be unable to provide services. The losses caused by this are immeasurable, and security protection needs to be strengthened

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Secure protection method for container service and data processing method, device and equipment
  • Secure protection method for container service and data processing method, device and equipment
  • Secure protection method for container service and data processing method, device and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] This embodiment provides a security protection method for container services, such as figure 2 shown, including:

[0047] Step 110, the management and control center receives traffic of clusters in the external network through multiple access portals, and different access portals are used to receive traffic from different clusters or cluster groups;

[0048] In this application, the access portal has an IP address of the public network, and is an interface provided by the management and control center for accepting public network access. An access portal is usually represented by the IP address of the access portal or the domain name corresponding to the IP address.

[0049]In this embodiment, among the plurality of access entries, different access entries have different IP addresses and domain names; the domain name system is configured with the mapping relationship between the IP addresses and domain names of the plurality of access entries, which can be in the exter...

Embodiment 2

[0078] This embodiment provides a container service cluster configuration method, such as Figure 6 shown, including:

[0079] Step 210, when the management and control center with multiple access entrances configures clusters or cluster groups in the external network, it assigns different access entrances to different clusters or cluster groups;

[0080] Step 220, the management and control center sends the allocated address information of the access entry to the corresponding cluster or cluster group.

[0081] In this embodiment, the address information is the domain name of the management and control center; the management and control center may perform the above configuration when creating a new cluster or cluster group in the external network.

[0082] This embodiment also provides a management and control center for container services, including:

[0083] Multiple access entries for receiving traffic from the cluster;

[0084] The cluster configuration module is used ...

Embodiment 3

[0091] This embodiment provides a data processing method, such as Figure 7 shown, including:

[0092] Step 310, the first computing device of the public cloud receives access traffic through multiple access portals, wherein different access portals are used to receive traffic from different computing devices outside the public cloud;

[0093] Step 320, determining that the access traffic of at least one access entry in the plurality of access entries is abnormal;

[0094] Step 330, closing the access flow of the at least one access entry.

[0095] In this embodiment, the first computing device may be any device in the public cloud that can receive access traffic through multiple access portals, including but not limited to the management and control center of the public cloud. In this embodiment, the first computing device is also used for traffic monitoring, and when the traffic is abnormal, the corresponding access portal is closed. Stream processing; it may also be to n...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a secure protection method for a container service and a data processing method, device and equipment. The secure protection method comprises the following steps that: a management and control center receives flows of clusters in an external network through a plurality of access entrances, wherein different access entrances are used for receiving the flows from different clusters or cluster groups; the management and control center monitors the flows received by the plurality of access entrances; and if the flows of part of the access entrances are determined to be abnormal, part of the access entrances are closed. The data processing method comprises the following steps: receiving access flows through the plurality of access entrances; and when the access flow ofat least one access entrance in the plurality of access entrances is abnormal, closing the access flow of the at least one access entrance. The secure protection method and the data processing methodcan avoid an attack from a single cluster from affecting all the clusters managed and controlled by the whole management and control center.

Description

technical field [0001] The present invention relates to computer technology, and more specifically, to a container service security protection method, data processing method, device and equipment. Background technique [0002] A container (Container) can accommodate an application (Application, App) and provide a basic environment and service facilities. When the application traffic is relatively large, using only a single container is likely to exceed the preset load, resulting in abnormal or crashed applications, and unable to provide normal services; or when the application is relatively important and cannot interrupt the service, only using a single container cannot satisfy service reliability At this time, it is necessary to consider using multiple containers to deploy applications to achieve the purpose of improving concurrent access capabilities and avoiding single points of failure. The plurality of containers provide services to users as a whole, which is referred ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1408H04L63/1425H04L67/10
Inventor 孟小兵闫长海
Owner ALIBABA CLOUD COMPUTING LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com