In recent years, due to the migration of business resources to the cloud, hybrid cloud providers need to provide centralized cloud services to various municipal government offices. Currently, the cloud infrastructure physical platform already has complete security protection equipment. However, in the security protection requirements of the GB/T 22239-2019 (Level Protection 2.0) system that came into effect on December 1, 2019, there are deficiencies in the private cloud security protection aspects. To meet the cloud security requirements for the various business systems of the internal networks of various commissions and bureaus for level protection, and to provide a secure and comprehensive cloud environment to meet the north-south and east-west protection requirements for the business of the commissions and bureaus, and to ensure that important business meets the requirements of level three security protection, a cloud security system construction is carried out. The hardware platform architecture is as follows:
The cloud security management platform is designed to assist Haoke users in building a public security infrastructure for Haoke cloud tenants, and to provide private cloud security operation services, including:
- control panel
It provides various interactive functions related to the security operation services of private clouds. Through the WEB human-computer interaction interface, it helps the providers of Haikan private clouds to carry out security operation services, and helps the tenants of Haikan private clouds to conveniently manage the security of cloud assets and conveniently obtain various security services.
- Private cloud security resource pool
It includes a security SDN controller and switches responsible for the flow and scheduling of security resources, a security resource pool management system and platform, as well as various security capability components that need to provide security services.
The private cloud security management platform is deployed in a bypass manner on the core switch. It adopts a highly cohesive and low-coupling design and deployment approach, functioning independently. During deployment, it can be deeply integrated with the private cloud computing management platform and the virtualization platform to enable the operation of security services.
Regarding the various security capabilities provided to tenants, they mainly focus on the three main boundaries of the tenants. These are: the tenant VPC boundary, the boundary of the business systems within the VPC, and the host boundary.
Review of Private Cloud Security System Construction Topology
For virtual machines on the VMware platform, Shanlian has a complete security solution.
