[go: up one dir, main page]

CN109150702B - High-performance mobile access gateway for communicating information internal and external networks and method thereof - Google Patents

High-performance mobile access gateway for communicating information internal and external networks and method thereof Download PDF

Info

Publication number
CN109150702B
CN109150702B CN201810935485.1A CN201810935485A CN109150702B CN 109150702 B CN109150702 B CN 109150702B CN 201810935485 A CN201810935485 A CN 201810935485A CN 109150702 B CN109150702 B CN 109150702B
Authority
CN
China
Prior art keywords
request
end processor
information
response information
intermediate library
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810935485.1A
Other languages
Chinese (zh)
Other versions
CN109150702A (en
Inventor
陈星明
胡牧
蒋厚明
王俊
顾学海
胡昊伟
解翀
司佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nari Information and Communication Technology Co
Original Assignee
Nari Information and Communication Technology Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nari Information and Communication Technology Co filed Critical Nari Information and Communication Technology Co
Priority to CN201810935485.1A priority Critical patent/CN109150702B/en
Publication of CN109150702A publication Critical patent/CN109150702A/en
Application granted granted Critical
Publication of CN109150702B publication Critical patent/CN109150702B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a high-performance mobile access gateway for communicating an information internal network and an information external network and a method thereof, wherein the gateway comprises a front-end processor, a middle library and a rear-end processor, the front-end processor is arranged on the information external network and is directly connected with an external network mobile application and is also connected with the middle library through an isolation device, the rear-end processor and the middle library are arranged on the information internal network, the rear-end processor is directly connected with the middle library and is also directly connected with an internal network business application service, the access method is that the external network mobile application sends out an HTTP request, the HTTP request is written into the middle library through the front-end processor after mapping agent, the rear-end processor polls the middle library to obtain the request and forwards the request to the internal network business application service, then the received response is written into the middle library, and the front-end processor polls the middle library to obtain the response and sends the response to the external network mobile application to. The invention ensures that all business services and data can be deployed in the intranet, and greatly reduces the complexity and difficulty of the mobile application deployment of the extranet.

Description

High-performance mobile access gateway for communicating information internal and external networks and method thereof
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a high-performance mobile access gateway for communicating an information internal network and an information external network and a method thereof.
Background
With the improvement of automation level and the development of communication technology and network technology, each large office system increasingly depends on an information network to ensure safe, reliable and efficient operation of business and service, and the safety of the information network is directly related to the safe and stable operation of the system, so that the key technology research on system information safety is very important.
In response to the security requirement of the information network system, the physical isolation technology has been widely applied to the construction of the information network. A physical isolation device is erected between an information inner network and an information outer network of a national power grid company, only SQL is allowed to penetrate through the isolation device from the information outer network to enter the information inner network, and a normal HTTP request cannot reach the information inner network from the information outer network. At present, the national network information extranet mobile application can only access the service application service deployed in the information extranet, but cannot directly access the service deployed in the information intranet. Therefore, in order to support the mobile application of the extranet, each business system must deploy a corresponding mobile service in the extranet, or even develop a set of mobile service supporting the mobile application of the extranet alone, but cannot reuse the mobile application service already built in the extranet, which undoubtedly increases the development cost of the mobile application of the extranet, and meanwhile, deploying the business application service in the extranet brings the risk of data leakage and other potential safety hazards.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a high-performance mobile access gateway for communicating an information internal network and an information external network and a method thereof.
In order to achieve the purpose, the invention is realized by the following technical scheme:
the outer network mobile application carries out data interaction and bidirectional communication with the inner network business application service through the gateway, realizes data sharing and multiplexing, adds a new mobile access gateway node according to the requirement when the access amount is overlarge, realizes dynamic expansion, automatically and uniformly distributes tasks to each node, and has stronger transverse expandability and certain intelligence.
The invention relates to a high-performance mobile access gateway for communicating an information internal network and an information external network, which comprises a front-end processor, an intermediate library and a rear-end processor, wherein the front-end processor is deployed in the information external network, is directly connected with mobile application of the external network and is simultaneously connected with the intermediate library through an isolation device, the rear-end processor and the intermediate library are deployed in the information internal network, the rear-end processor is directly connected with the intermediate library, and is simultaneously directly connected with service application service of the internal network; the extranet mobile application sends the request to the front-end processor; the front-end processor receives the request, creates a session, modifies a target address of the request, converts the request into SQL and writes the SQL into the intermediate library through the isolation device; the post-positioned airplane polls the intermediate library to obtain a request, sends the request to an intranet business application service and waits for a response; after the post processor obtains the response information, the post processor converts the response into SQL and writes the SQL into the intermediate library, and simultaneously marks that the request can be cleaned; and the front-end processor polls the intermediate library to obtain response information, sends the response information to the external network mobile application according to the stored session, closes the session and marks that the response can be cleaned.
The front-end processor and the rear-end processor respectively comprise a session management module, a service discovery module, a service agent module, a task scheduling module and a data cleaning module; the session management module is used for establishing and closing sessions between the front-end processor and the external network mobile application and between the back-end processor and the internal network business application service and storing session information in the internal memory; the service discovery module is used for dynamically detecting and accessing the gateway service node, adding the discovered node into the cluster through a heartbeat mechanism, and deleting the disconnected node from the cluster; the service agent module is used for maintaining mapping information of the accessed business service, mapping addresses of the access requests and supporting dynamic addition, deletion and modification of the mapping information; the task scheduling module is used for storing the request or response information into a scheduling queue, assembling the request or response information into a batch SQL (structured query language) statement for the database, writing the SQL statement into the intermediate library, polling the intermediate library to acquire the request or response information and marking the cleanable request or response information; and the data cleaning module is used for deleting the request and response information marked as cleanable from the intermediate library and the memory at regular time.
The front-end processor and the rear-end processor adopt a peer-to-peer design, namely adopt the same design architecture to realize two-way communication; when a request is sent from an information outer network to an information inner network, a mobile access gateway deployed in the information outer network is called a front-end processor, and a mobile access gateway deployed in the information inner network is called a rear-end processor; on the contrary, when a request is sent from the information intranet to the information extranet, the mobile access gateway deployed in the information intranet is equivalent to a front-end processor, and the mobile access gateway deployed in the information extranet is equivalent to a back-end processor.
The intermediate database is an oracle or mysql database.
The invention relates to a high-performance mobile access method for communicating information internal and external networks, which comprises the following steps:
when the outer network mobile application initiatively initiates a request, the request is firstly sent to a front-end processor, the front-end processor receives the request, creates a session, detects whether an available rear-end processor node exists, modifies a target address of the request if the available rear-end processor node exists, converts the request into an SQL statement and writes the SQL statement into an intermediate library through an isolation device, and directly sends failure information to the outer network mobile application if the available rear-end processor node does not exist; the post-positioned machine polls the intermediate library to obtain request information, sends the request to a real intranet business application service and waits for response information of the intranet business application service; after the intranet business application service returns response information, the post-processor converts the response information into SQL statements and writes the SQL statements into an intermediate library, and simultaneously marks that the request can be cleaned; the front-end processor polls the intermediate library to obtain response information, sends the response information to the external network mobile application, and marks that the response can be cleaned; the front-end processor and the back-end processor delete the request and response information marked as cleanable at regular time;
when the intranet business application service initiatively initiates a request, the request is firstly sent to a post-positioned machine, the post-positioned machine receives the request and then creates a session, detects whether an available front-positioned machine node exists or not, modifies a target address of the request if the available front-positioned machine node exists, then converts the request into an SQL statement and writes the SQL statement into an intermediate library, and if the available front-positioned machine node does not exist, directly sends failure information to the intranet business application service; the front-end processor polls the intermediate library to obtain request information, sends the request to the external network mobile application and waits for response information; after the response information is returned by the extranet mobile application, the front-end processor converts the response information into SQL statements, writes the SQL statements into the intermediate library through the isolation device, and marks that the request can be cleaned; the post-positioned airplane polls the intermediate library to obtain response information, sends the response information to the intranet business application service, and marks that the response can be cleaned; and the front-end processor and the back-end processor delete the request and response information marked as cleanable at regular time.
The method for establishing the session after the front-end processor receives the request comprises the following steps: the front-end processor is connected with the external network mobile application through the socket to establish a session, and the session and the request information are stored in the memory.
The method for detecting whether the available post machine node exists comprises the following specific steps: the front-end processor dynamically monitors available rear-end processor nodes through a heartbeat mechanism, if a new node is found, the node is added into the cluster, and if the node is found to be disconnected, the node is deleted from the cluster.
The specific method for modifying the target address of the request is as follows: the front-end processor inquires the mapping address of the service from the intermediate library through a timing task and stores the mapping address in the memory to support the dynamic addition, deletion and modification of the mapping address; after receiving the request, the front-end processor inquires a mapping address matched with the request from a memory and replaces the address of the request with the mapping address;
the method for converting the request into the SQL statement comprises the following specific steps: the front-end processor adds the request into a request scheduling queue; and the front-end processor takes out the requests from the scheduling queue in batches, converts the request information into byte arrays and assembles the byte arrays into SQL (structured query language) statements inserted in batches.
The method for acquiring the request information by polling the intermediate repository by the postposition machine comprises the following specific steps: the post processor queries a request from the intermediate library through a timing task and analyzes request information from the byte array;
the post-processor converts the response information into SQL statements, and the specific method is as follows: the post processor adds the response into a response scheduling queue; and the post processor takes out the responses from the scheduling queue in batches, converts the response information into byte arrays and assembles the byte arrays into SQL (structured query language) statements inserted in batches.
The method for the front-end processor to poll the intermediate library to acquire the response information comprises the following specific steps: the front-end processor queries a response from the intermediate library through a timing task and analyzes response information from the byte array;
the method for deleting the request and response information marked as cleanable at regular time comprises the following specific steps: the post processor deletes the request information marked as cleanable from the intermediate library and the memory through the timing task; and the front-end processor deletes the response information marked as cleanable from the intermediate library and the memory through the timing task.
Compared with the prior art, the invention has the following beneficial effects:
the high-performance mobile access gateway for communicating the information internal and external networks provided by the invention realizes bidirectional penetration of HTTP requests in the internal and external networks, can ensure that the requests sent by the external network mobile application penetrate through the isolation device to access the internal network business application service, and can also send the requests sent by the internal network business application service to the external network mobile application, thereby solving the problem that the information internal network business service cannot be accessed by the information external network mobile application, and simultaneously solving the problem that the business mobile application service instruction of the information internal network cannot reach the information external network, so that the external network mobile application can reuse the existing business service of the internal network, the development cost of the external network mobile application is reduced, and the data security is improved.
The high-performance mobile access gateway for communicating the internal network and the external network of the information has universality, does not depend on any business service, can be independently deployed, does not need to modify any business service, and can provide an HTTP request penetration function for any accessed business application service.
The high-performance mobile access gateway for communicating the information internal and external networks has expandability, supports cluster deployment, supports dynamic addition of nodes into a cluster through a service discovery module under the condition of no shutdown, enables the newly added nodes to be in a service state, and distributes concurrency pressure.
The high-performance mobile access gateway for communicating the information internal and external networks supports dynamic access of the business application service, dynamically increases, deletes and modifies the mapping address of the business application service through the service agent module, and provides an HTTP request penetration function for the business application service.
The high-performance mobile access gateway for communicating the information internal and external networks adopts a high-concurrency design, firstly writes requests into a scheduling queue, assembles the requests into a batch of database and inserts SQL sentences, and then operates the database in batch through the isolation device, so that the access frequency of the isolation device and the database is reduced, and the overall performance of the system is improved.
Drawings
FIG. 1 is a block diagram of a high performance mobile access gateway for connectivity between an information intranet and an extranet according to the present invention;
fig. 2 is a flowchart of external network side request initiation of a high performance mobile access method for communicating information internal and external networks according to the present invention;
fig. 3 is a flow chart of an intranet-side request initiation of a high-performance mobile access method for communicating information with an intranet and an extranet according to the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further described with the specific embodiments.
As shown in fig. 1, the present invention provides a high performance mobile access gateway for communicating information between internal and external networks, which includes three parts, a front-end processor, a middle library and a back-end processor. The front-end processor is deployed in an information outer network, the rear-end processor and the intermediate library are deployed in an information inner network, the front-end processor is directly connected with outer network mobile application and is simultaneously connected with the intermediate library through an isolation device, and the rear-end processor is directly connected with the intermediate library and is simultaneously directly connected with an inner network business application service.
The front-end processor and the rear-end processor adopt a peer-to-peer design, namely adopt the same design architecture to realize two-way communication; when a request is sent from an information outer network to an information inner network, a mobile access gateway deployed in the information outer network is called a front-end processor, and a mobile access gateway deployed in the information inner network is called a rear-end processor; on the contrary, when a request is sent from the information intranet to the information extranet, the mobile access gateway deployed in the information intranet is equivalent to a front-end processor, and the mobile access gateway deployed in the information extranet is equivalent to a back-end processor.
The front-end processor and the back-end processor comprise five functional modules of session management, service discovery, service agent, task scheduling and data cleaning. The session management module is used for establishing and closing sessions between the front-end processor and the external network mobile application and between the back-end processor and the internal network business application service, and storing session information in the internal memory; the service discovery module is used for dynamically detecting and accessing gateway service nodes, adding the discovered nodes into the cluster through a heartbeat mechanism, and deleting the disconnected nodes from the cluster; the service agent module is used for maintaining mapping information of accessed business services, performing address mapping on access requests and supporting dynamic addition, deletion and modification of the mapping information; the task scheduling module is used for storing the request or response information into a scheduling queue, assembling the request or response information into a batch SQL (structured query language) statement for the database, writing the SQL statement into the intermediate library, polling the intermediate library to acquire the request or response information and marking the cleanable request or response information; and the data cleaning module is used for deleting the request and response information marked as cleanable from the intermediate library and the memory at regular time.
In this embodiment, the intermediate library is an oracle or mysql database.
The invention also provides a high-performance mobile access method for communicating the information internal and external networks, which is respectively described according to whether the request is initiated from an external network mobile application terminal or an internal network business application server terminal.
As shown in fig. 2, when an extranet mobile application actively initiates a request, the request is first sent to a front-end processor, the front-end processor receives the request and then creates a session, detects whether there is an available backend node, modifies a target address of the request if there is, then converts the request into an SQL statement and writes the SQL statement into an intermediate repository through an isolation device, and if not, directly sends failure information to the extranet mobile application; the post-positioned airplane polls the intermediate library to obtain request information, sends the request to a real intranet business application service and waits for response information of the business application service; after the intranet business application service returns response information, the post processor converts the response information into SQL statements and writes the SQL statements into the intermediate library, and simultaneously marks that the request can be cleaned; the front-end processor polls the intermediate library to obtain response information, sends the response information to the external network mobile application, and marks that the response can be cleaned; the front-end processor and the back-end processor delete the request and response information marked as cleanable at regular time.
The specific method for creating the session after the front-end processor receives the request is as follows: the front-end processor is connected with the external network mobile application through the socket to establish a session, and the session and the request information are stored in the memory;
the specific method for detecting whether the available post machine node exists is as follows: the front-end processor dynamically monitors available nodes of the rear-end processor through a heartbeat mechanism, if a new node is found, the new node is added into the cluster, and if the node is found to be disconnected, the node is deleted from the cluster;
the specific method for modifying the target address of the request comprises the following steps: the front-end processor inquires the mapping address of the service from the intermediate library through a timing task and stores the mapping address in the memory to support the dynamic addition, deletion and modification of the mapping address; after receiving the request, the front-end processor inquires a mapping address matched with the request from a memory and replaces the address of the request with the mapping address;
the specific method for converting the request into the SQL statement comprises the following steps: the front-end processor adds the request into a request scheduling queue; the front-end processor takes out the requests from the request scheduling queue in batches, converts the request information into byte arrays and assembles the byte arrays into SQL (structured query language) statements inserted in batches;
the specific method for the postposition airplane polling intermediate library to obtain the request information comprises the following steps: the post processor inquires a request from the intermediate library through a timing task and analyzes request information from the byte array;
the specific method for converting the response information into the SQL statement by the post processor is as follows: the post processor adds the response into a response scheduling queue; the post-processor takes out the responses from the response scheduling queue in batches, converts the response information into byte arrays and assembles the byte arrays into SQL (structured query language) statements inserted in batches;
the specific method for the front-end processor to poll the intermediate library to acquire the response information comprises the following steps: the front-end processor queries a response from the intermediate library through a timing task and analyzes response information from the byte array;
the specific method for deleting the request and response information marked as cleanable regularly is as follows: the post processor deletes the request information marked as cleanable from the intermediate library and the memory through the timing task; the front-end processor deletes the response information marked as cleanable from the intermediate library and the memory through the timing task.
As shown in fig. 3, when an intranet service application service actively initiates a request, the request is first sent to a backend machine, the backend machine receives the request and creates a session, detects whether an available front-end machine node exists, modifies a target address of the request if the available front-end machine node exists, converts the request into an SQL statement and writes the SQL statement into an intermediate repository, and if the available front-end machine node does not exist, directly sends failure information to the intranet service application service; the front-end processor polls the intermediate library to obtain request information, sends the request to the external network mobile application and waits for response information; after the response information is returned by the extranet mobile application, the front-end processor converts the response information into SQL statements and writes the SQL statements into the intermediate library through the isolation device, and meanwhile, the request is marked to be cleanable; the post-positioned airplane polls the intermediate library to obtain response information, sends the response information to the intranet business application service, and marks that the response can be cleaned; the front-end processor and the back-end processor delete the request and response information marked as cleanable at regular time.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (3)

1. A high-performance mobile access method for communicating information internal and external networks is characterized by comprising the following steps:
when the outer network mobile application initiatively initiates a request, the request is firstly sent to a front-end processor, the front-end processor receives the request, creates a session, detects whether an available rear-end processor node exists, modifies a target address of the request if the available rear-end processor node exists, converts the request into an SQL statement and writes the SQL statement into an intermediate library through an isolation device, and directly sends failure information to the outer network mobile application if the available rear-end processor node does not exist; the post-positioned machine polls the intermediate library to obtain request information, sends the request to a real intranet business application service and waits for response information of the intranet business application service; after the intranet business application service returns response information, the post-processor converts the response information into SQL statements and writes the SQL statements into an intermediate library, and simultaneously marks that the request can be cleaned; the front-end processor polls the intermediate library to obtain response information, sends the response information to the external network mobile application, and marks that the response can be cleaned; the front-end processor and the back-end processor delete the request and response information marked as cleanable at regular time;
when the intranet business application service initiatively initiates a request, the request is firstly sent to a post-positioned machine, the post-positioned machine receives the request and then creates a session, detects whether an available front-positioned machine node exists or not, modifies a target address of the request if the available front-positioned machine node exists, then converts the request into an SQL statement and writes the SQL statement into an intermediate library, and if the available front-positioned machine node does not exist, directly sends failure information to the intranet business application service; the front-end processor polls the intermediate library to obtain request information, sends the request to the external network mobile application and waits for response information; after the response information is returned by the extranet mobile application, the front-end processor converts the response information into SQL statements, writes the SQL statements into the intermediate library through the isolation device, and marks that the request can be cleaned; the post-positioned airplane polls the intermediate library to obtain response information, sends the response information to the intranet business application service, and marks that the response can be cleaned; the front-end processor and the back-end processor delete the request and response information marked as cleanable at regular time;
the front-end processor receives the request and then creates a session, and the specific method comprises the following steps:
the front-end processor is connected with the external network mobile application through a socket to establish a session, and the session and the request information are stored in the memory;
the method for detecting whether the available post machine node exists comprises the following specific steps:
the front-end processor dynamically monitors available nodes of the rear-end processor through a heartbeat mechanism, if a new node is found, the new node is added into the cluster, and if the node is found to be disconnected, the node is deleted from the cluster;
the specific method for modifying the target address of the request is as follows: the front-end processor inquires the mapping address of the service from the intermediate library through a timing task and stores the mapping address in the memory to support the dynamic addition, deletion and modification of the mapping address; after receiving the request, the front-end processor inquires a mapping address matched with the request from a memory and replaces the address of the request with the mapping address;
the method for converting the request into the SQL statement comprises the following specific steps: the front-end processor adds the request into a request scheduling queue; the front-end processor takes out requests from the scheduling queue in batches, converts request information into byte arrays and assembles the byte arrays into SQL (structured query language) statements inserted in batches;
the method for acquiring the request information by polling the intermediate library by the postposition machine comprises the following specific steps: the post processor queries a request from the intermediate library through a timing task and analyzes request information from the byte array;
the post-processor converts the response information into SQL statements, and the specific method is as follows: the post processor adds the response into a response scheduling queue; the post processor takes out the responses from the scheduling queue in batch, converts the response information into byte arrays and assembles the byte arrays into SQL (structured query language) statements inserted in batch;
the method for the front-end processor to poll the intermediate library to obtain the response information comprises the following specific steps: the front-end processor queries a response from the intermediate library through a timing task and analyzes response information from the byte array;
the method for deleting the request and response information marked as cleanable at regular time comprises the following specific steps: the post processor deletes the request information marked as cleanable from the intermediate library and the memory through the timing task; and the front-end processor deletes the response information marked as cleanable from the intermediate library and the memory through the timing task.
2. A high-performance mobile access gateway for communicating an information intranet and an extranet for realizing the method of claim 1, which is characterized by comprising a front-end processor, an intermediate library and a back-end processor, wherein the front-end processor is deployed in the information extranet, is directly connected with extranet mobile applications and is simultaneously connected with the intermediate library through an isolation device, the back-end processor and the intermediate library are deployed in the information intranet, the back-end processor is directly connected with the intermediate library, and is simultaneously directly connected with intranet business application services;
the extranet mobile application sends a request to a front-end processor; the front-end processor receives the request, creates a session, modifies a target address of the request, converts the request into SQL and writes the SQL into the intermediate library through the isolation device; the post-positioned airplane polls the intermediate library to obtain a request, sends the request to an intranet business application service and waits for a response; after the post processor obtains the response information, the post processor converts the response into SQL and writes the SQL into the intermediate library, and simultaneously marks that the request can be cleaned; the front-end processor polls the intermediate library to obtain response information, sends the response information to the external network mobile application according to the stored session, closes the session and marks that the response can be cleaned;
the front-end processor and the rear-end processor respectively comprise a session management module, a service discovery module, a service agent module, a task scheduling module and a data cleaning module;
the session management module is used for establishing and closing sessions between the front-end processor and the external network mobile application and between the back-end processor and the internal network business application service, and storing session information in the internal memory;
the service discovery module is used for dynamically monitoring available nodes of the front-end processor through a heartbeat mechanism, dynamically monitoring the available nodes of the front-end processor through the heartbeat mechanism by the rear-end processor, adding the nodes into the cluster if new nodes are found, and deleting the nodes from the cluster if the nodes are found to be disconnected;
the service agent module is used for maintaining mapping address information of the accessed service, performing address mapping on the access request and supporting dynamic addition, deletion and modification of the mapping address information;
the task scheduling module is used for storing the request or response information into a scheduling queue, assembling the request or response information into a batch SQL (structured query language) statement for the database, writing the SQL statement into the intermediate library, polling the intermediate library to acquire the request or response information and marking the cleanable request or response information;
the data cleaning module is used for deleting the request and the response information marked as cleanable from the intermediate library and the memory at regular time;
the front-end processor and the rear-end processor adopt a peer-to-peer design and the same design architecture to realize bidirectional communication.
3. A high performance mobile access gateway for connectivity to intranets and extranet according to claim 2, wherein the intermediate repository is an oracle or mysql database.
CN201810935485.1A 2018-08-16 2018-08-16 High-performance mobile access gateway for communicating information internal and external networks and method thereof Active CN109150702B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810935485.1A CN109150702B (en) 2018-08-16 2018-08-16 High-performance mobile access gateway for communicating information internal and external networks and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810935485.1A CN109150702B (en) 2018-08-16 2018-08-16 High-performance mobile access gateway for communicating information internal and external networks and method thereof

Publications (2)

Publication Number Publication Date
CN109150702A CN109150702A (en) 2019-01-04
CN109150702B true CN109150702B (en) 2021-02-05

Family

ID=64789744

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810935485.1A Active CN109150702B (en) 2018-08-16 2018-08-16 High-performance mobile access gateway for communicating information internal and external networks and method thereof

Country Status (1)

Country Link
CN (1) CN109150702B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743399B (en) * 2019-01-14 2021-09-03 浙江外国语学院 Internal and external network data transmission method and system for multi-task scheduling of physical examination center
CN110266517B (en) * 2019-05-21 2021-10-29 深圳壹账通智能科技有限公司 External service calling method and device based on gateway and terminal equipment
CN110674509B (en) * 2019-07-30 2021-06-29 浙江华云信息科技有限公司 System for realizing cross-network high-frequency data secure transmission and working method thereof
CN110943993A (en) * 2019-12-02 2020-03-31 北京锐安科技有限公司 Method and device for requesting preposition, computer equipment and storage medium
CN111526124B (en) * 2020-03-26 2022-06-24 郑州信大捷安信息技术股份有限公司 Isolated communication system and method based on internal and external networks
CN111988283A (en) * 2020-07-30 2020-11-24 浙江兰德纵横网络技术股份有限公司 Data transmission method, system, device and computer readable storage medium
CN111818187B (en) * 2020-09-03 2021-01-22 国网汇通金财(北京)信息科技有限公司 Intranet and extranet communication method and system
CN111800519A (en) * 2020-09-07 2020-10-20 国网汇通金财(北京)信息科技有限公司 Communication system, method and device
CN112398847B (en) * 2020-11-12 2022-11-01 华侨大学 Intranet penetration method and system based on TCP Socket and improved heartbeat mechanism
CN112565220A (en) * 2020-11-26 2021-03-26 南京南瑞信息通信科技有限公司 HTTP service gateway implementation method based on state network isolation device safety
CN112637176B (en) * 2020-12-17 2021-08-20 山东云天安全技术有限公司 Industrial network data isolation method, device and storage medium
CN113032354A (en) * 2021-03-31 2021-06-25 广东电网有限责任公司 Data sharing and real-time high-frequency interaction method between internal and external network applications
CN113285961B (en) * 2021-07-21 2021-09-24 国网浙江省电力有限公司信息通信分公司 Electric power internal and external network information interaction method based on cache database
CN114422165A (en) * 2021-11-30 2022-04-29 江苏瑞中数据股份有限公司 Service penetration method and system of SQL proxy security isolation device
CN114124976B (en) * 2021-11-30 2024-06-25 北京中电普华信息技术有限公司 Service request processing system and method for realizing penetration of internal and external networks

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618671A (en) * 2013-11-20 2014-03-05 国家电网公司 Large-scale data acquisition service multi-group distribution system and distribution method thereof
CN203574674U (en) * 2013-11-20 2014-04-30 国家电网公司 Large-scale data acquisition business multi-group distribution system
CN104184735A (en) * 2014-08-26 2014-12-03 国家电网公司 Electric marketing mobile application safe protection system
CN106330963A (en) * 2016-10-11 2017-01-11 江苏电力信息技术有限公司 A method for cross-network multi-node log collection
CN106528783A (en) * 2016-11-08 2017-03-22 国网上海市电力公司 Virtual reality power grid production management platform
CN107018134A (en) * 2017-04-06 2017-08-04 北京中电普华信息技术有限公司 A kind of distribution terminal secure accessing platform and its implementation
CN107707464A (en) * 2017-07-05 2018-02-16 国网浙江省电力公司 A kind of front-end system that mass data interaction is carried out based on Distributed Message Queue

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7631179B2 (en) * 2002-08-02 2009-12-08 The Boeing Company System, method and apparatus for securing network data
CN103812861B (en) * 2014-01-20 2017-02-08 广东电网公司电力科学研究院 Isolation method and system for IPSEC (internet protocol security) VPN (virtual private network) device
CN104125240B (en) * 2014-08-15 2018-03-23 国家电网公司 A kind of information outer net, information Intranet and intranet and extranet data interaction system and method
CN104298756A (en) * 2014-10-22 2015-01-21 浪潮软件集团有限公司 Method for exchanging data between databases based on internal and external networks
CN105516317B (en) * 2015-12-14 2020-03-10 北京科东电力控制系统有限责任公司 Efficient acquisition method for power consumption information with multi-level load sharing
CN106209801A (en) * 2016-06-28 2016-12-07 广东电网有限责任公司信息中心 Mobile solution platform and inner-external network data safety switching plane integrated system
CN107733871A (en) * 2017-09-15 2018-02-23 苏州中天赛诺信息技术有限公司 Network security shielding system
CN108234451A (en) * 2017-12-11 2018-06-29 厦门亿力吉奥信息科技有限公司 Electric power intranet and extranet request forwarding Proxy Method and computer readable storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618671A (en) * 2013-11-20 2014-03-05 国家电网公司 Large-scale data acquisition service multi-group distribution system and distribution method thereof
CN203574674U (en) * 2013-11-20 2014-04-30 国家电网公司 Large-scale data acquisition business multi-group distribution system
CN104184735A (en) * 2014-08-26 2014-12-03 国家电网公司 Electric marketing mobile application safe protection system
CN106330963A (en) * 2016-10-11 2017-01-11 江苏电力信息技术有限公司 A method for cross-network multi-node log collection
CN106528783A (en) * 2016-11-08 2017-03-22 国网上海市电力公司 Virtual reality power grid production management platform
CN107018134A (en) * 2017-04-06 2017-08-04 北京中电普华信息技术有限公司 A kind of distribution terminal secure accessing platform and its implementation
CN107707464A (en) * 2017-07-05 2018-02-16 国网浙江省电力公司 A kind of front-end system that mass data interaction is carried out based on Distributed Message Queue

Also Published As

Publication number Publication date
CN109150702A (en) 2019-01-04

Similar Documents

Publication Publication Date Title
CN109150702B (en) High-performance mobile access gateway for communicating information internal and external networks and method thereof
CN112000741B (en) Internal and external network data exchange system, method, device, computer equipment and medium
Tracey et al. A holistic architecture for the internet of things, sensing services and big data
JP2023532947A (en) Data transfer method, proxy server, storage medium and electronic device
CN110752943B (en) Distributed fault diagnosis system and method for power transmission line
CN104333512A (en) Distributed memory database access system and method
US9002787B2 (en) Method and apparatus for tracking device management data changes
CN104899274B (en) A kind of memory database Efficient Remote access method
CN113839977A (en) Message pushing method and device, computer equipment and storage medium
CN114448686B (en) Cross-network communication device and method based on micro-service
CN112905618A (en) Data processing method and device
CN110620819A (en) Block chain interaction method and device, computer equipment and readable storage medium
CN113055378A (en) Protocol conversion platform for industrial internet identification analysis and data docking method
EP3631639B1 (en) Communications for field programmable gate array device
CN112202862B (en) Method and device for synchronizing cluster data and files based on kafka
CN112417050A (en) Data synchronization method and device, system, storage medium and electronic device
CN105760398A (en) Log recording system and log record operating method
US9838950B2 (en) System and method of ANQP querying using a common ANQP group version
US7543300B2 (en) Interface for application components
CN103957252A (en) Method and system for obtaining log of cloud storage system
CN117879955A (en) Micro-service communication method, micro-service communication device, computer equipment and storage medium
CN107306290B (en) A session session sharing method and application server
CN111935316B (en) Method and device for acquiring front-end equipment catalog
Hao et al. Building a delay-tolerant cloud for mobile data
CN110290035B (en) Intelligent family data storage and access method and system based on K3S

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant