Data processing system, method, apparatus and gateway node based on hybrid cloud deployment
By storing different types of data in private and public clouds in a hybrid cloud deployment model and processing the data through an API gateway node, the problems of data security and processing efficiency in hybrid cloud deployment are solved, achieving secure data storage and efficient processing.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA UNIONPAY
- Filing Date
- 2023-08-07
- Publication Date
- 2026-06-05
AI Technical Summary
In a hybrid cloud deployment model, how to ensure secure data storage and efficient data processing, especially finding a balance between the flexibility of public clouds and the security of private clouds, is a key challenge.
The data processing system, deployed in a hybrid cloud, stores sensitive user information and service configuration data in the private cloud, and stores stateful data and system-derived data generated in the public cloud in the public cloud. Data elements are transferred between the two through an API gateway node for processing and updating.
It enables secure data storage and efficient processing in a hybrid cloud deployment model, reduces the number of communications between private and public clouds, improves data processing efficiency, and ensures the security of users' sensitive information.
Smart Images

Figure CN117155927B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data processing technology, and in particular to data processing systems, methods, apparatus and gateway nodes based on hybrid cloud deployment. Background Technology
[0002] The open platform gateway handles the external access of many key business interfaces, such as marketing open interfaces and credit scoring data interfaces. Because the open platform gateway needs to support the elastic demands of some businesses or face sudden surges in traffic, it requires scaling up its machine base significantly. However, if the system is only deployed in a private cloud data center, rapid scaling is not feasible in the short term, and for cost reduction and efficiency considerations, not many machines will be reserved in the long term. Public clouds offer high flexibility, strong scalability, and powerful computing capabilities, making hybrid cloud-based API gateway applications the best solution to these problems. However, public clouds offer relatively poor data security and storage guarantees.
[0003] Therefore, in hybrid cloud deployment models, ensuring secure data storage and efficient data processing are urgent technical issues that need to be addressed. Summary of the Invention
[0004] This application provides a data processing system, method, apparatus, and gateway node based on hybrid cloud deployment, to address the problem of how to ensure secure data storage and efficient data processing in a hybrid cloud deployment mode.
[0005] In a first aspect, this application provides a data processing system based on hybrid cloud deployment, the system comprising: a first API gateway node, a first data storage module and an edge module deployed in a private cloud, and a second API gateway node and a second data storage module deployed in a public cloud;
[0006] The first data storage module is used to store all user-sensitive information data, service configuration data, and system-derived data; the second data storage module is used to store all stateful data, service configuration data, and system-derived data generated by the public cloud.
[0007] The first API gateway node is used to receive a first API request, obtain user sensitive information data and service configuration data required to process the first API request from the first data storage module, and send the data elements of the stateful data required to process the first API request to the second API gateway node, so that the second API gateway node updates the stateful data stored in the second data storage module after processing the data elements.
[0008] The second API gateway node is used to receive the second API request, obtain user sensitive information data required for processing the second API request from the first data storage module through the edge module, obtain service configuration data required for processing the second API request from the second data storage module, and update the stateful data stored in the second data storage module after processing the second API request.
[0009] Secondly, this application provides a data processing method based on hybrid cloud deployment, applied to the first API gateway node in a private cloud deployment, including:
[0010] Upon receiving a first API request, the system retrieves user-sensitive information and service configuration data required for processing the first API request from a first data storage module deployed in a private cloud. It then sends the data elements of the stateful data required for processing the first API request to a second API gateway node deployed in a public cloud, enabling the second API gateway node to process the data based on these data elements and update the stateful data stored in the second data storage module deployed in the public cloud.
[0011] Thirdly, this application provides a data processing method based on hybrid cloud deployment, applied to a second API gateway node deployed in a public cloud, comprising:
[0012] Upon receiving a second API request, the system retrieves user-sensitive information data required for processing the second API request from the first data storage module deployed in the private cloud via an edge module deployed in the private cloud, and retrieves service configuration data required for processing the second API request from the second data storage module deployed in the public cloud. After processing the second API request, the system updates the stateful data stored in the second data storage module.
[0013] Fourthly, this application provides a data processing apparatus based on hybrid cloud deployment, comprising:
[0014] The first data processing unit is configured to receive a first API request, obtain user-sensitive information data and service configuration data required for processing the first API request from a first data storage module deployed in a private cloud, and send the data elements of the stateful data required for processing the first API request to a second API gateway node deployed in a public cloud, so that the second API gateway node updates the stateful data stored in the second data storage module deployed in the public cloud after processing the data elements.
[0015] Fifthly, this application provides a data processing apparatus based on hybrid cloud deployment, the apparatus comprising:
[0016] The second data processing unit is used to receive the second API request, obtain user sensitive information data required for processing the second API request from the first data storage module deployed in the private cloud through the edge module deployed in the private cloud, obtain service configuration data required for processing the second API request from the second data storage module deployed in the public cloud, and update the stateful data stored in the second data storage module after processing the second API request.
[0017] Sixthly, this application provides an API gateway node, including a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus;
[0018] Memory, used to store computer programs;
[0019] A processor, when executing a program stored in memory, implements the steps of the method described.
[0020] In a seventh aspect, this application provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the steps of the method described.
[0021] This application provides a data processing system, method, apparatus, and gateway node based on hybrid cloud deployment. The system includes: a first API gateway node, a first data storage module, and an edge module deployed in a private cloud; and a second API gateway node and a second data storage module deployed in a public cloud. The first data storage module stores all user-sensitive information data, service configuration data, and system-derived data. The second data storage module stores all stateful data, service configuration data, and system-derived data generated by the public cloud. The first API gateway node receives a first API request, obtains the user-sensitive information data and service configuration data required to process the first API request from the first data storage module, and sends data elements of the stateful data required to process the first API request to the second API gateway node, so that the second API gateway node processes the data according to the data elements and updates the stateful data stored in the second data storage module. The second API gateway node receives a second API request, obtains the user-sensitive information data required to process the second API request from the first data storage module through the edge module, obtains the service configuration data required to process the second API request from the second data storage module, processes the second API request, and updates the stateful data stored in the second data storage module.
[0022] The above technical solution has the following advantages or beneficial effects:
[0023] In this application, a first API gateway node, a first data storage module, and an edge module are deployed in a private cloud, while a second API gateway node and a second data storage module are deployed in a public cloud. Considering that stateful data requires high accuracy and has limited use cases; user-sensitive information data has a high query frequency and low update frequency, requiring extremely high security; service configuration data has a high query frequency and low update frequency; and system-derived data has a high need for retention and secondary use, the first data storage module in the private cloud stores all user-sensitive information data, service configuration data, and system-derived data, while the second data storage module in the public cloud stores all stateful data, service configuration data, and system-derived data generated in the public cloud, thus ensuring the security of user-sensitive information data. The first API gateway node retrieves user-sensitive information and service configuration data required for processing the first API request from the first data storage module; it then sends the stateful data elements required for processing the first API request to the second API gateway node. The second API gateway node processes the data and updates the stateful data stored in the second data storage module. The second API gateway node, through its edge module, retrieves user-sensitive information and service configuration data required for processing the second API request from the first data storage module, processes the second API request, and updates the stateful data stored in the second data storage module. This reduces the number of communications between the private and public clouds, improving data processing efficiency. In a hybrid cloud deployment model, it balances secure data storage with efficient data processing. Attached Figure Description
[0024] To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0025] Figure 1 A schematic diagram of the data processing system architecture based on hybrid cloud deployment is provided for this application;
[0026] Figure 2 A schematic diagram of the data processing system architecture based on hybrid cloud deployment is provided for this application;
[0027] Figure 3 A schematic diagram of the data processing system architecture based on hybrid cloud deployment is provided for this application;
[0028] Figure 4 The flowchart for processing user-sensitive information data provided in this application;
[0029] Figure 5 Flowchart of data processing for service configuration provided in this application;
[0030] Figure 6 The system-derived data processing flowchart provided in this application;
[0031] Figure 7 The stateful data processing flowchart provided for this application;
[0032] Figure 8 This application provides a schematic diagram of the data processing process based on hybrid cloud deployment.
[0033] Figure 9 This application provides a schematic diagram of the data processing process based on hybrid cloud deployment.
[0034] Figure 10 This is a schematic diagram of the API gateway node structure provided in this application. Detailed Implementation
[0035] To make the objectives and implementation methods of this application clearer, the exemplary implementation methods of this application will be clearly and completely described below with reference to the accompanying drawings of the exemplary embodiments of this application. Obviously, the exemplary embodiments described are only some embodiments of this application, and not all embodiments.
[0036] It should be noted that the brief descriptions of terms in this application are only for the convenience of understanding the embodiments described below, and are not intended to limit the embodiments of this application. Unless otherwise stated, these terms should be understood in their ordinary and common meaning.
[0037] The terms "first," "second," "third," etc., used in the specification, claims, and accompanying drawings of this application are used to distinguish similar or related objects or entities, and do not necessarily imply a specific order or sequence, unless otherwise specified. It should be understood that such terms are interchangeable where appropriate.
[0038] The terms “comprising” and “having”, and any variations thereof, are intended to cover but not exclude inclusion, for example, a product or device that includes a range of components is not necessarily limited to all of the components that are clearly listed, but may include other components that are not clearly listed or that are inherent to such product or device.
[0039] The term "module" refers to any known or subsequently developed hardware, software, firmware, artificial intelligence, fuzzy logic, or combination of hardware and / or software code that is capable of performing the functions associated with that element.
[0040] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit them. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some or all of the technical features therein. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of this application.
[0041] For ease of explanation, the above description has been provided in conjunction with specific embodiments. However, the above exemplary discussion is not intended to be exhaustive or to limit the embodiments to the specific forms disclosed above. Various modifications and variations can be obtained based on the above teachings. The selection and description of the above embodiments are for the purpose of better explaining the principles and practical applications, thereby enabling those skilled in the art to better utilize the described embodiments and various different variations of embodiments suitable for specific use considerations.
[0042] Figure 1 The schematic diagram of the data processing system architecture based on hybrid cloud deployment provided in this application includes: a first API gateway node 11, a first data storage module 12 and an edge module 13 deployed in a private cloud, and a second API gateway node 21 and a second data storage module 22 deployed in a public cloud.
[0043] The first data storage module is used to store all user-sensitive information data, service configuration data, and system-derived data; the second data storage module is used to store all stateful data, service configuration data, and system-derived data generated by the public cloud.
[0044] The first API gateway node is used to receive a first API request, obtain user sensitive information data and service configuration data required to process the first API request from the first data storage module, and send the data elements of the stateful data required to process the first API request to the second API gateway node, so that the second API gateway node updates the stateful data stored in the second data storage module after processing the data elements.
[0045] The second API gateway node is used to receive the second API request, obtain user sensitive information data required for processing the second API request from the first data storage module through the edge module, obtain service configuration data required for processing the second API request from the second data storage module, and update the stateful data stored in the second data storage module after processing the second API request.
[0046] This application categorizes data into stateful data and stateless data. Stateless data is further divided into user-sensitive information, service configuration, and system-derived data based on its source and purpose. The characteristics of each data type are analyzed, and the data is stored in a hybrid cloud according to these characteristics.
[0047] The characteristics of each data category are as follows:
[0048] Stateful data is often used to assist in functions such as flow control and limiting the number of calls. It requires high accuracy and has limited use cases. User-sensitive information data is queried frequently but updated infrequently, requiring extremely high security. Service configuration data is queried frequently but updated infrequently. System-derived data, mainly referring to processing records and statistical data generated during the operation of the API gateway application, has a high need for retention and secondary use.
[0049] Sensitive user information data includes authentication certificates, message encryption keys, notification message signature certificates, and contact information. Service configuration data includes service routing protocol configuration, service routing address configuration, flow control configuration, and message processing rule configuration. System-derived data includes call volume statistics, flow control result data, alarm records, and call log data. Stateful data includes user TPS flow control counts and service call quota control counts.
[0050] Hybrid cloud includes private and public clouds. The private cloud deploys a first API gateway node, a first data storage module, and an edge module, while the public cloud deploys a second API gateway node and a second data storage module. It should be noted that an API gateway node can be a single API gateway node or a cluster of multiple API gateway nodes. An API refers to a set of definitions, programs, and protocols, i.e., an Application Programming Interface.
[0051] To balance secure data storage and efficient data processing, based on the characteristics of each data type, all user-sensitive information, service configuration data, and system-derived data are stored in the private cloud, while all stateful data, service configuration data, and system-derived data generated in the public cloud are stored in the public cloud. Specifically, the first data storage module deployed in the private cloud stores all user-sensitive information, service configuration data, and system-derived data; the second data storage module deployed in the public cloud stores all stateful data, service configuration data, and system-derived data generated in the public cloud.
[0052] Based on the aforementioned data storage configuration, the first API gateway node in the private cloud receives the first API request and retrieves the user-sensitive information and service configuration data required for processing the first API request from the first data storage module. It then sends the data elements of the stateful data required for processing the first API request to the second API gateway node, enabling the second API gateway node to process the data based on these data elements and update the stateful data stored in the second data storage module. The second API gateway node receives the second API request, retrieves the user-sensitive information and service configuration data required for processing the second API request from the first data storage module via the edge module, processes the second API request, and then updates the stateful data stored in the second data storage module.
[0053] In this application, a first API gateway node, a first data storage module, and an edge module are deployed in a private cloud, while a second API gateway node and a second data storage module are deployed in a public cloud. Considering that stateful data requires high accuracy and has limited use cases; user-sensitive information data has a high query frequency and low update frequency, requiring extremely high security; service configuration data has a high query frequency and low update frequency; and system-derived data has a high need for retention and secondary use, the first data storage module in the private cloud stores all user-sensitive information data, service configuration data, and system-derived data, while the second data storage module in the public cloud stores all stateful data, service configuration data, and system-derived data generated in the public cloud, thus ensuring the security of user-sensitive information data. The first API gateway node retrieves user-sensitive information and service configuration data required for processing the first API request from the first data storage module; it then sends the stateful data elements required for processing the first API request to the second API gateway node. The second API gateway node processes the data and updates the stateful data stored in the second data storage module. The second API gateway node, through its edge module, retrieves user-sensitive information and service configuration data required for processing the second API request from the first data storage module, processes the second API request, and updates the stateful data stored in the second data storage module. This reduces the number of communications between the private and public clouds, improving data processing efficiency. In a hybrid cloud deployment model, it balances secure data storage with efficient data processing.
[0054] Figure 2 The schematic diagram of the data processing system architecture based on hybrid cloud deployment provided in this application includes: a management module 14 deployed in the private cloud, a stateful data management module 23 deployed in the public cloud, and a stateless data processing engine 24.
[0055] The management module is used to update the user sensitive information data and service configuration data to the first data storage module for storage, and to read the system derived data stored in the first data storage module;
[0056] The stateless data processing engine is used to periodically read service configuration data from the first data storage module through the edge module and update it to the second data storage module for storage; and periodically read system derived data from the second data storage module and update it to the first data storage module for storage through the edge module.
[0057] The stateful data management module is used to receive the data elements, process the data, and then update the stateful data stored in the second data storage module.
[0058] The stateless data processing engine can periodically read service configuration data from the private cloud in the first data storage module via edge module 13 and update it for storage in the second data storage module; it can also periodically read system-derived data from the second data storage module and update it for storage in the first data storage module via edge module 13. This ensures that both the first and second data storage modules store service configuration data and system-derived data, thereby improving data processing efficiency and reducing communication frequency.
[0059] Figure 3 The schematic diagram of the data processing system architecture based on hybrid cloud deployment provided in this application shows that the first API gateway node includes a first cache 311 and a first data update engine 321.
[0060] The first API gateway node is used to, upon receiving the first API request, determine the required first user sensitive information class data based on the user identification information carried in the first API request; if the first user sensitive information class data does not exist in the first cache, the first user sensitive information class data is read from the first data storage module through the first data update engine and stored in the first cache; if the first user sensitive information class data exists in the first cache, the first user sensitive information class data is read from the first cache.
[0061] The first API gateway node is used to determine whether the first user sensitive information data is valid based on the refresh time of the first user sensitive information data if the first cache exists. If it is valid, the first user sensitive information data is read from the first cache. If not, the first user sensitive information data is read from the first data storage module through the first data update engine and stored in the first cache. The first user sensitive information data is read from the first cache and the refresh time of the first user sensitive information data is recorded.
[0062] The refresh time of the first user sensitive information data refers to the time when the first user sensitive information data is stored in the first cache. The data in the first cache has a valid time length. Based on the refresh time and the valid time length, it can be determined whether the first user sensitive information data is valid. For example, if the refresh time of the first user sensitive information data is 8:00 and the valid time length is 5 minutes, then the first user sensitive information data is valid before 8:05, and expires after 8:05.
[0063] The second API gateway node includes a second cache 312 and a second data update engine 322;
[0064] The second API gateway node is used to, upon receiving the second API request, determine the required second user sensitive information class data based on the user identification information carried in the second API request; if the second user sensitive information class data does not exist in the second cache, the second user sensitive information class data is read from the first data storage module through the second data update engine and the edge module and stored in the second cache; if the second user sensitive information class data exists in the second cache, the second user sensitive information class data is read from the second cache.
[0065] The second API gateway node is used to determine whether the second user sensitive information data is valid based on the refresh time of the second user sensitive information data if the second cache exists. If it is valid, the second user sensitive information data is read from the second cache. If not, the second user sensitive information data is read from the first data storage module through the second data update engine and the edge module and stored in the second cache. The second user sensitive information data is read from the second cache and the refresh time of the second user sensitive information data is recorded.
[0066] This application proposes a data processing scheme based on hybrid cloud deployment. Data processing includes API gateway application data storage and querying. This scheme enables secure storage and efficient processing of API gateway application data deployed on a hybrid cloud, while ensuring unified management of result data within a private cloud. Sensitive user information is stored entirely in the private cloud database, enhancing the security of sensitive data. It reduces the number of communications between the private and hybrid clouds during the operation of API gateway applications deployed on a hybrid cloud, improving API request processing speed. By fully utilizing the scalability and computing power of the public cloud, it ensures the accuracy of stateful data in API gateway applications deployed on a hybrid cloud.
[0067] Based on the concept of data decentralization, this application proposes storing different types of data from API gateway applications deployed in hybrid clouds in different data storage modules on private and public clouds. Sensitive user data is stored in a private cloud database deployed in the enterprise's internal data center to ensure data security. At the same time, leveraging the advantages of public clouds, such as high computing power and strong continuity, stateful data with high computing requirements is stored on the public cloud.
[0068] In this application, the modules deployed in the private cloud include a first API gateway node (cluster), a management module, a first data storage module, and an edge module for cloud applications to access the local data storage module. The modules deployed in the public cloud include a second API gateway node (cluster), a stateful data management module, a stateless data processing engine, and a second data storage module. All API gateway nodes in the cross-cloud deployed API gateway node (cluster) maintain a user-sensitive information cache and a data update engine. The first data storage module deployed in the private cloud stores the final full set of user-sensitive information data, service configuration data, and system-derived data. The second data storage module deployed in the public cloud stores the current full set of stateful data, full set of service configuration data, and system-derived data generated by the public cloud API gateway cluster.
[0069] Figure 4 The flowchart for processing user-sensitive information data provided in this application is as follows: Figure 4As shown in step (1), the management module updates the user sensitive information to the private cloud's first data storage module. Each API gateway node maintains a user sensitive information class cache and a data update engine, and defines a sensitive data validity period. Request processing: The API gateway node reads the user sensitive information in the cache according to the user identifier; if the required user data is not in the cache, the data update engine reads from the private cloud's first data storage module and stores it in the cache (as shown in steps (2)-(4)), and records the refresh time; if the required user data exists in the cache and the refresh time is within the valid time, it is read and used directly; if the required user data exists in the cache and the refresh time has exceeded the valid time, the data update engine reads from the private cloud's first data storage module and updates it in the cache (as shown in steps (2)-(4)), and updates the refresh time. The private cloud's data update engine directly accesses the data in the private cloud's data storage module, while the data update engine in the public cloud API gateway node accesses the data in the private cloud's first data storage module through the private cloud's edge module.
[0070] Figure 5 The service configuration data processing flowchart provided in this application is as follows: Figure 5 As shown in step (5), service configuration data is maintained in the first data storage module of the private cloud and is maintained and updated by the management module deployed in the private cloud. As shown in steps (6)-(8), the stateless data processing engine of the public cloud periodically reads the full amount of service configuration data in the first data storage module of the private cloud through the edge module of the private cloud and updates it to the second data storage module of the public cloud. As shown in step (9), when the API gateway node needs to query service configuration information, it only needs to read the data storage module of its cloud.
[0071] Figure 6 The system-derived data processing flowchart provided in this application is as follows: Figure 6 As shown in steps (10)-(11), system-derived data is generally generated in two ways: one is log-type and statistical data generated during the operation of the API gateway, and the other is data obtained from the sedimentation of stateful data. As shown in steps (12)-(14), the stateless data processing engine reads the system-derived data from the second data storage module of the public cloud periodically according to the characteristics of different data, and updates it from the edge module of the private cloud to the first data storage module of the private cloud, thereby achieving the goal of storing the complete result data in the private cloud.
[0072] Figure 7 The stateful data processing flowchart provided for this application is as follows: Figure 7As shown in step (15), according to the API request processing logic, if the API gateway node needs to perform stateful data-related operations, it will transmit the key elements to the stateful data management module. As shown in step (16), after completing the data query and calculation, the stateful data management module will uniformly update the stateful data in the data storage module.
[0073] In this application, the distributed API gateway node, management module, edge module, stateful data management module, and stateless data processing engine are application systems implemented using the Spring framework. The data storage module uses a MySQL database, and the API gateway cluster is deployed in a containerized manner on either a private cloud or a public cloud.
[0074] For this application, the API gateway clusters deployed across clouds have the same logic for processing API requests, and the API gateway clusters deployed in private clouds can support the minimum business volume, while the scale of the API gateway clusters in public clouds can be dynamically expanded or reduced according to actual business needs.
[0075] In this application, the API gateway application supports API requests that conform to the HTTP protocol. A unified load balancer is deployed in front of the API gateway cluster deployed across clouds to route user requests to services on private or public clouds according to a certain ratio.
[0076] In this application, the management module provides users with a visual interface for managing sensitive user information and service configuration data, and allows users to query system-derived data.
[0077] In this application, a cross-cloud dedicated line is established between the private cloud and the public cloud for secure communication between the two clouds. Both the edge module and the stateful data management module in this solution provide entry points for cross-cloud calls, and agree with the calling side to use the SM4 symmetric algorithm for full-message encryption and the SM3 digest algorithm and SM2 asymmetric algorithm for message integrity verification.
[0078] In this application, the caching in the API gateway node is implemented using the LoadingCache caching utility class from the open-source Guava package.
[0079] The Chinese translations of the English terms used in this application are shown in the table below:
[0080]
[0081]
[0082] Figure 8 The data processing diagram provided in this application, based on a hybrid cloud deployment and applied to the first API gateway node in a private cloud deployment, includes the following steps:
[0083] S101: Receive the first API request and obtain the user sensitive information data and service configuration data required to process the first API request from the first data storage module deployed in the private cloud.
[0084] S102: Send the data elements of the stateful data required to process the first API request to the second API gateway node deployed in the public cloud, so that the second API gateway node processes the data according to the data elements and updates the stateful data stored in the second data storage module deployed in the public cloud.
[0085] The method includes:
[0086] Upon receiving the first API request, the required first user sensitive information class data is determined based on the user identification information carried in the first API request. If the first user sensitive information class data is not present in the first cache of the first API gateway node, the first user sensitive information class data is read from the first data storage module through the first data update engine in the first API gateway node and stored in the first cache. If the first user sensitive information class data is present in the first cache, the first user sensitive information class data is read from the first cache.
[0087] The method includes:
[0088] If the first user sensitive information data exists in the first cache, determine whether the first user sensitive information data is valid based on the refresh time of the first user sensitive information data. If it is valid, read the first user sensitive information data from the first cache. If not, read the first user sensitive information data from the first data storage module through the first data update engine and store it in the first cache. Read the first user sensitive information data from the first cache and record the refresh time of the first user sensitive information data.
[0089] Figure 9 The data processing diagram provided in this application, based on a hybrid cloud deployment and applied to a second API gateway node deployed in a public cloud, includes the following steps:
[0090] S201: Receive the second API request and obtain the user-sensitive information data required to process the second API request from the first data storage module deployed in the private cloud through the edge module deployed in the private cloud.
[0091] S202: Obtain the service configuration class data required to process the second API request from the second data storage module deployed in the public cloud, and update the stateful data stored in the second data storage module after processing the second API request.
[0092] The method includes:
[0093] Upon receiving the second API request, the required second user sensitive information class data is determined based on the user identification information carried in the second API request. If the second user sensitive information class data is not present in the second cache of the second API gateway node, the second user sensitive information class data is read from the first data storage module through the second data update engine in the second API gateway node and the edge module, and stored in the second cache. If the second user sensitive information class data is present in the second cache, the second user sensitive information class data is read from the second cache.
[0094] The method includes:
[0095] If the second user sensitive information data exists in the second cache, determine whether the second user sensitive information data is valid based on the refresh time of the second user sensitive information data. If it is valid, read the second user sensitive information data from the second cache. If not, read the second user sensitive information data from the first data storage module through the second data update engine and the edge module, and store it in the second cache. Read the second user sensitive information data from the second cache and record the refresh time of the second user sensitive information data.
[0096] The data processing apparatus based on hybrid cloud deployment provided in this application includes:
[0097] The first data processing unit is configured to receive a first API request, obtain user-sensitive information data and service configuration data required for processing the first API request from a first data storage module deployed in a private cloud, and send the data elements of the stateful data required for processing the first API request to a second API gateway node deployed in a public cloud, so that the second API gateway node updates the stateful data stored in the second data storage module deployed in the public cloud after processing the data elements.
[0098] The first data processing unit is configured to, upon receiving the first API request, determine the required first user sensitive information class data based on the user identification information carried in the first API request; if the first user sensitive information class data is not present in the first cache of the first API gateway node, read the first user sensitive information class data from the first data storage module through the first data update engine in the first API gateway node and store it in the first cache; if the first user sensitive information class data exists in the first cache, read the first user sensitive information class data from the first cache.
[0099] The first data processing unit is configured to, if the first user sensitive information data exists in the first cache, determine whether the first user sensitive information data is valid based on the refresh time of the first user sensitive information data; if valid, read the first user sensitive information data from the first cache; if invalid, read the first user sensitive information data from the first data storage module through the first data update engine and store it in the first cache; read the first user sensitive information data from the first cache and record the refresh time of the first user sensitive information data.
[0100] The data processing apparatus based on hybrid cloud deployment provided in this application includes:
[0101] The second data processing unit is used to receive the second API request, obtain user sensitive information data required for processing the second API request from the first data storage module deployed in the private cloud through the edge module deployed in the private cloud, obtain service configuration data required for processing the second API request from the second data storage module deployed in the public cloud, and update the stateful data stored in the second data storage module after processing the second API request.
[0102] The second data processing unit is used to, upon receiving the second API request, determine the required second user sensitive information class data based on the user identification information carried in the second API request; if the second user sensitive information class data does not exist in the second cache of the second API gateway node, the second user sensitive information class data is read from the first data storage module through the second data update engine in the second API gateway node and the edge module, and stored in the second cache; if the second user sensitive information class data exists in the second cache, the second user sensitive information class data is read from the second cache.
[0103] The second data processing unit is configured to, if the second user sensitive information data exists in the second cache, determine whether the second user sensitive information data is valid based on the refresh time of the second user sensitive information data; if valid, read the second user sensitive information data from the second cache; if invalid, read the second user sensitive information data from the first data storage module through the second data update engine and the edge module, and store it in the second cache; read the second user sensitive information data from the second cache, and record the refresh time of the second user sensitive information data.
[0104] This application also provides an API gateway node, such as Figure 10 As shown, it includes: processor 501, communication interface 502, memory 503 and communication bus 504, wherein processor 501, communication interface 502 and memory 503 communicate with each other through communication bus 504.
[0105] The memory 503 stores a computer program, which, when executed by the processor 501, causes the processor 501 to perform any of the above method steps.
[0106] The communication bus mentioned in the API gateway node above can be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus, etc. This communication bus can be divided into address bus, data bus, control bus, etc. For ease of illustration, it is represented by only one thick line in the diagram, but this does not indicate that there is only one bus or one type of bus.
[0107] Communication interface 502 is used for communication between the aforementioned API gateway node and other devices.
[0108] The memory may include random access memory (RAM) or non-volatile memory (NVM), such as at least one disk storage device. Optionally, the memory may also be at least one storage device located remotely from the aforementioned processor.
[0109] The processors mentioned above can be general-purpose processors, including central processing units, network processors (NPs), etc.; they can also be digital signal processors (DSPs), application-specific integrated circuits, field-programmable gate arrays or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
[0110] This application also provides a computer-readable storage medium storing a computer program executable by an API gateway node, which, when run on the API gateway node, causes the API gateway node to perform any of the above method steps.
[0111] Although preferred embodiments of this application have been described, those skilled in the art, upon learning the basic inventive concept, can make other changes and modifications to these embodiments. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments as well as all changes and modifications falling within the scope of this application.
[0112] Obviously, those skilled in the art can make various modifications and variations to this application without departing from the spirit and scope of this application. Therefore, if such modifications and variations fall within the scope of the claims of this application and their equivalents, this application also intends to include such modifications and variations.
Claims
1. A data processing system based on hybrid cloud deployment, characterized in that, The system includes: a first API gateway node, a first data storage module, and an edge module deployed in a private cloud; and a second API gateway node and a second data storage module deployed in a public cloud. The first data storage module is used to store all user-sensitive information data, service configuration data, and system-derived data; the second data storage module is used to store all stateful data, service configuration data, and system-derived data generated by the public cloud. The first API gateway node is used to receive a first API request, obtain user sensitive information data and service configuration data required to process the first API request from the first data storage module, and send the data elements of the stateful data required to process the first API request to the second API gateway node, so that the second API gateway node updates the stateful data stored in the second data storage module after processing the data elements. The second API gateway node is used to receive the second API request, obtain user sensitive information data required for processing the second API request from the first data storage module through the edge module, obtain service configuration data required for processing the second API request from the second data storage module, and update the stateful data stored in the second data storage module after processing the second API request.
2. The system as described in claim 1, characterized in that, The system includes: a management module deployed in the private cloud, a stateful data management module deployed in the public cloud, and a stateless data processing engine. The management module is used to update the user sensitive information data and service configuration data to the first data storage module for storage, and to read the system derived data stored in the first data storage module; The stateless data processing engine is used to periodically read service configuration data from the first data storage module through the edge module and update it to the second data storage module for storage; and periodically read system derived data from the second data storage module and update it to the first data storage module for storage through the edge module. The stateful data management module is used to receive the data elements, process the data, and then update the stateful data stored in the second data storage module.
3. The system as described in claim 1, characterized in that, The first API gateway node includes a first cache and a first data update engine; The first API gateway node is used to determine the required first user sensitive information class data based on the user identification information carried in the first API request after receiving the first API request; If the first user sensitive information data does not exist in the first cache, the first user sensitive information data is read from the first data storage module through the first data update engine and stored in the first cache. If the first user sensitive information data exists in the first cache, the first user sensitive information data is read from the first cache.
4. The system as described in claim 1, characterized in that, The second API gateway node includes a second cache and a second data update engine; The second API gateway node is used to determine the required second user sensitive information class data based on the user identification information carried in the second API request after receiving the second API request; If the second user sensitive information data does not exist in the second cache, the second user sensitive information data is read from the first data storage module through the second data update engine and the edge module and stored in the second cache. If the second user sensitive information data exists in the second cache, the second user sensitive information data is read from the second cache.
5. The system as described in claim 3, characterized in that, The first API gateway node is used to determine whether the first user sensitive information data is valid based on the refresh time of the first user sensitive information data if the first cache exists. If it is valid, the first user sensitive information data is read from the first cache. If not, the first user sensitive information data is read from the first data storage module through the first data update engine and stored in the first cache. The first user sensitive information data is read from the first cache and the refresh time of the first user sensitive information data is recorded.
6. The system as described in claim 4, characterized in that, The second API gateway node is used to determine whether the second user sensitive information data is valid based on the refresh time of the second user sensitive information data if the second cache exists. If it is valid, the second user sensitive information data is read from the second cache. If not, the second user sensitive information data is read from the first data storage module through the second data update engine and the edge module and stored in the second cache. The second user sensitive information data is read from the second cache and the refresh time of the second user sensitive information data is recorded.
7. A data processing method based on hybrid cloud deployment, characterized in that, The first API gateway node used in private cloud deployments includes: Upon receiving a first API request, the system retrieves user-sensitive information and service configuration data required for processing the first API request from a first data storage module deployed in a private cloud. It then sends the data elements of the stateful data required for processing the first API request to a second API gateway node deployed in a public cloud, enabling the second API gateway node to process the data based on these data elements and update the stateful data stored in the second data storage module deployed in the public cloud.
8. The method as described in claim 7, characterized in that, The method includes: Upon receiving the first API request, the required first user sensitive information class data is determined based on the user identification information carried in the first API request. If the first user sensitive information class data is not present in the first cache of the first API gateway node, the first user sensitive information class data is read from the first data storage module through the first data update engine in the first API gateway node and stored in the first cache. If the first user sensitive information class data is present in the first cache, the first user sensitive information class data is read from the first cache.
9. The method as described in claim 8, characterized in that, The method includes: If the first user sensitive information data exists in the first cache, determine whether the first user sensitive information data is valid based on the refresh time of the first user sensitive information data. If it is valid, read the first user sensitive information data from the first cache. If not, read the first user sensitive information data from the first data storage module through the first data update engine and store it in the first cache. Read the first user sensitive information data from the first cache and record the refresh time of the first user sensitive information data.
10. A data processing method based on hybrid cloud deployment, characterized in that, The second API gateway node used in public cloud deployments includes: Upon receiving a second API request, the system retrieves user-sensitive information data required for processing the second API request from the first data storage module deployed in the private cloud via an edge module deployed in the private cloud, and retrieves service configuration data required for processing the second API request from the second data storage module deployed in the public cloud. After processing the second API request, the system updates the stateful data stored in the second data storage module.
11. The method as described in claim 10, characterized in that, The method includes: Upon receiving the second API request, the required second user sensitive information class data is determined based on the user identification information carried in the second API request. If the second user sensitive information class data is not present in the second cache of the second API gateway node, the second user sensitive information class data is read from the first data storage module through the second data update engine in the second API gateway node and the edge module, and stored in the second cache. If the second user sensitive information class data is present in the second cache, the second user sensitive information class data is read from the second cache.
12. The method as described in claim 11, characterized in that, The method includes: If the second user sensitive information data exists in the second cache, determine whether the second user sensitive information data is valid based on the refresh time of the second user sensitive information data. If it is valid, read the second user sensitive information data from the second cache. If not, read the second user sensitive information data from the first data storage module through the second data update engine and the edge module, and store it in the second cache. Read the second user sensitive information data from the second cache and record the refresh time of the second user sensitive information data.
13. A data processing device based on hybrid cloud deployment, characterized in that, A first API gateway node deployed in a private cloud, the device comprising: The first data processing unit is configured to receive a first API request, obtain user-sensitive information data and service configuration data required for processing the first API request from a first data storage module deployed in a private cloud, and send the data elements of the stateful data required for processing the first API request to a second API gateway node deployed in a public cloud, so that the second API gateway node updates the stateful data stored in the second data storage module deployed in the public cloud after processing the data elements.
14. The apparatus as claimed in claim 13, characterized in that, The first data processing unit is configured to, upon receiving the first API request, determine the required first user sensitive information class data based on the user identification information carried in the first API request; If the first user sensitive information data does not exist in the first cache of the first API gateway node, the first user sensitive information data is read from the first data storage module through the first data update engine in the first API gateway node and stored in the first cache. If the first user sensitive information data exists in the first cache, the first user sensitive information data is read from the first cache.
15. The apparatus as claimed in claim 14, characterized in that, The first data processing unit is configured to, if the first user sensitive information data exists in the first cache, determine whether the first user sensitive information data is valid based on the refresh time of the first user sensitive information data; if valid, read the first user sensitive information data from the first cache; if invalid, read the first user sensitive information data from the first data storage module through the first data update engine and store it in the first cache; read the first user sensitive information data from the first cache and record the refresh time of the first user sensitive information data.
16. A data processing device based on hybrid cloud deployment, characterized in that, A second API gateway node deployed in a public cloud, the device comprising: The second data processing unit is used to receive the second API request, obtain user sensitive information data required for processing the second API request from the first data storage module deployed in the private cloud through the edge module deployed in the private cloud, obtain service configuration data required for processing the second API request from the second data storage module deployed in the public cloud, and update the stateful data stored in the second data storage module after processing the second API request.
17. The apparatus as claimed in claim 16, characterized in that, The second data processing unit is used to determine the required second user sensitive information class data based on the user identification information carried in the second API request after receiving the second API request; If the second user sensitive information data is not present in the second cache of the second API gateway node, the second user sensitive information data is read from the first data storage module through the second data update engine and the edge module in the second API gateway node and stored in the second cache. If the second user sensitive information data is present in the second cache, the second user sensitive information data is read from the second cache.
18. The apparatus as claimed in claim 17, characterized in that, The second data processing unit is configured to, if the second user sensitive information data exists in the second cache, determine whether the second user sensitive information data is valid based on the refresh time of the second user sensitive information data; if valid, read the second user sensitive information data from the second cache; if invalid, read the second user sensitive information data from the first data storage module through the second data update engine and the edge module, and store it in the second cache; read the second user sensitive information data from the second cache, and record the refresh time of the second user sensitive information data.
19. An API gateway node, characterized in that, It includes a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus; Memory, used to store computer programs; A processor, when executing a program stored in memory, implements the steps of the method according to any one of claims 7-9, or implements the steps of the method according to any one of claims 10-12.