Cloud Security support for cloud computing center in Shandong Province

The "51cto.com comprehensive report", a cloud that has been so clouded over a year ago, has flooded into China. At the end of last year, 5 cities in China were identified as the first pilot work on cloud computing services, which was seen as a signal of landing from the cloud. 2011, is the industry's expected "landing" key year, even in the national "Twelve-Five" economic development, cloud computing will become a new driving engine. In Jinan, cloud computing has fallen quietly from the cloud, rooting, the cloud platform has converged on more than 150 servers and nearly 500T of storage, providing infrastructure services, platform services, software services, cloud storage services for enterprises or individuals, and online development and testing services for software development enterprises. At the same time, cloud computing platform is facing the security threat from the Internet, and how to protect the lessee important data assets resources security problem is also imminent. Here is a detailed account of the use of the network of Shandong Computing Center Nebula Company Security Solutions for the "cloud computing centers" escort the typical application. I. Background and Requirements August 6, 2010, as the first domestic to achieve cross-regional resource integration of the provincial Cloud Computing Center, the Shandong Province Cloud computing Center in Jinan unveiled the Veil, cloud computing platform also officially opened trial run. Today, the center has converged 14 software parks in the province, research institutes, colleges and universities and many other IT resources, and with a group of enterprises to establish cooperative relations, and jointly expand the cloud computing industry chain. At present, the Shandong Cloud Computing Center can provide infrastructure services, platform services, software services, enterprise or personal cloud storage services and software development enterprise-oriented online development, testing and other services, are mainly based on public welfare. Yang Meihong told reporters that the benefits of a cloud computing platform for software companies are clear: businesses don't have to struggle to buy a variety of designs, test professional software, and risk the use of piracy without having to bother to maintain, debug, and build, with the support of the most advanced software development environments, just on demand and low rents, Instant access to the required information services. In this way, the enterprise greatly reduced the cost of development, can be a limited amount of money into the recruitment of talent, key innovation and development, marketing and other key business areas. It is easy to see that the technology and services used by cloud computing can also be exploited by hackers to launch more sophisticated malware attacks against downloads, data upload statistics, flood attacks, and malicious code monitoring. Cloud computing has changed the way it serves, but it has not subverted the traditional security model, unlike in the era of cloud computing, where security devices and safety measures are deployed differently; Originally, the user wants to guarantee the security of the service, now by the cloud computing service provider to ensure the security of service delivery. As important as cloud computing security issues, the reliability and availability of cloud computing is a high priority. Cloud computing provides a great advantage for traditional security vendors to improve service quality and level. Below, the focus of the net Cloud Nebula Company for the Shandong ProvinceThe center provides a security solution that protects the application of cloud computing platform value chain promotion. Second, the solution Network Imperial Nebula Company according to Shandong Province Cloud computing Center's security demand, based on the platform architecture of the cloud computing Center in Shandong province, a layered security solution is proposed for Architecture service layer (IaaS), Platform service layer (PaaS), Application service layer (SaaS), and platform management system layer. This time, the focus is on the Architecture service Layer (IaaS) deployment of the network Royal Nebula Boundary security equipment to the entire Shandong Province Cloud computing Center System protection. In particular, in order to cope with the demand for large concurrency and high throughput data processing for the cloud platform in terms of processing speed and performance, we provide security devices based on multi-core architecture as a gateway-type online-deployed product. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' height= ' 581 ' alt= ' "src=" http://images.51cto.com/ Files/uploadimg/20111013/1657310.jpg "width=" 461 "border=" 0 "/> Shandong Province Cloud Computing Center network security topology First, in the Cloud Platform network, the most boundary deployment network Royal Nebula Anomaly Flow Management System guard, It is mainly used to detect and prevent abnormal traffic in real time and provide a high reliable environment for normal internet access requests. Second, after the network boundary guard, deploy the network Royal Nebula multicore Firewall Super V, which is mainly used to realize access control based on IP address, protocol and port. Guarantee that only legitimate applications can pass the firewall. At the same time, for the important applications to provide bandwidth security function, the firewall uses two-machine hot standby mode, to achieve high reliability support. Third, after the firewall, the deployment of the network Royal Nebula multi-core Power V-ips, mainly implemented in the firewall access control based on the application layer of malicious attacks, intrusion and infiltration, do deep detection filtering. Kill all malicious acts on the Internet border. IPs adopts single link line operation to ensure the high reliability of the link. Four, in the core switch to deploy SSL VPN application Security gateway SAG, mainly provide remote access, to achieve user isolation, authentication and data encryption. The deployment of SSL VPN main two functions: 1, for the cloud platform developers and managers to provide remote access, convenient remote development and system maintenance, 2, for the lessee management personnel to provide remote and reliable access to facilitate remote maintenance of their own systems. Five, in the core switch to deploy the network Royal Nebula Database Audit system, to achieve the cloud platform in the database access, maintenance and management to provide a log record, facilitate the post audit. VI. deployment of the net Cloud Application Security monitoring APM, due to the complexity of the application system, an online application often involves multiple threads of multiple servers, thus appearingThe probability of the problem is also increasing, the time for the problem feedback is also getting longer, even after the failure of a long time no one knows. APM can monitor every thread in the whole system in real time, and if there is a problem, it can quickly alarm, so as to ensure the first time to find fault or exceed the critical state of performance. Seven, unified centralized management of the entire security equipment and log archiving, audit, deployment of the Network Nebula Security management platform Leadsec Manager. In order to avoid the cloud computing Center Virtual Host in the different security domains between the mutual access, the network Royal Nebula to provide users with a virtual host firewall, UTM products, to protect Cloud computing center virtual access to security protection and filtering. The telecommunication-grade multi-core security equipment provided by the Net Nebula, with its outstanding performance and complete functionality, as well as a complete solution from the competition to stand out, for users to save investment, avoid distributed deployment, unified centralized management, protect user investment, the system more stable, so that the cloud computing system value chain has been promoted. Security Product Deployment Instructions: 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' height= ' 477 ' alt= ' "src=" http:// Images.51cto.com/files/uploadimg/20111013/1657311.jpg "width=" 666 "border=" 0 "/> Three, the implementation of the effect of the current cloud computing center in Shandong province, the cloud platform is operating normally, Especially in the deployment of the Network Nebula Security equipment, security has been greatly enhanced at the same time, embodied in the following: 1, limited from the Internet to the Cloud Platform service Resources IP address, protocol and port number access control, at the same time on the cloud Platform for key application services to provide bandwidth security. 2, to withstand DDoS attacks from the Internet, to ensure that only a clean flow into the cloud platform system. 3, can detect scanning, buffer overflow, trojan, worm, spyware, phishing, IP poofing and other attacks, and real-time active blocking, so that cloud platform network system from malicious infiltration and attack. 4, the provision of remote access services, isolation users, for the cloud Platform system maintenance personnel and tenant system maintenance personnel to provide trusted access. 5, the realization of the database access and management audit, a full range of upgrade to the database security audit. Features description At present, cloud computing is in full swing, for the security of cloud computing, but also the beholder. But the real landing for cloud computing is less secure. For the cloud-era security solutions provider to win this project, the Division I in the cloud computing age, security in the era of cloud security projects to provide reference value and sample case. Multi-core High performance provides SaaS (security as a service) safety and service Network Nebula products high-performance throughput processing canForce is the basis for the protection of Shandong's cloud computing center. On this basis, the products of the Net Nebula also have high-performance virtualization, each high-performance hardware firewall can be virtual 4,096 virtual firewalls, in the user network to form a huge massive processing of the firewall cloud, for the tenant to provide SaaS firewall services. In addition to the firewall, the network Royal Nebula Guard, IPS, UTM, AVG and other full range of network products are virtualized, can provide tenants with all kinds of SaaS security and service protection. Full-line product support IPV6, to meet the needs of users in the future development by virtue of the full range of product support IPV6 function to achieve the future upgrade of the user network, the net Cloud Nebula by virtue of years of deep understanding of network security and technology precipitation, the first in the industry will be all security products support IPV6 protocol, , packet filtration, virus filtration, anti-IPv6 Synflood, Udpflood and other DDoS attacks, but also can realize the intrusion prevention function based on IPV6 network. Finally, the net Cloud Nebula with its products forward-looking and more close to the user needs of the feature features, users and cloud computing industry recognition. Cloud based virtual firewall and virtual UTM product Network Cloud first developed in the industry based on the virtual firewall and virtual UTM products, for cloud computing internal Virtual Server network control and security filtering, the network Royal Nebula will continue to lead new technology ideas, open up new areas of network security industry. "Responsible editor: Watch Happiness TEL: (010) 68476606" Original: The Net Cloud Cloud provides the security support for the clouds in Shandong province return to network security home