CN113297587B

CN113297587B - Data storage method and system

Info

Publication number: CN113297587B
Application number: CN202010477454.3A
Authority: CN
Inventors: 廖武钧
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2020-05-29
Filing date: 2020-05-29
Publication date: 2024-02-13
Anticipated expiration: 2040-05-29
Also published as: CN113297587A

Abstract

The application provides a data storage method and a system, wherein the data storage method comprises the following steps: acquiring a storage request of target data; the storage request carries a disk identifier; acquiring node identifiers of encryption nodes distributed for the storage request from the encryption node cluster; invoking an encryption node corresponding to the node identifier, and encrypting the target data into encrypted data; and calling a storage node corresponding to the disk identifier, and storing the encrypted data to an encrypted disk corresponding to the disk identifier.

Description

Data storage method and system

Technical Field

The present disclosure relates to the field of data processing technologies, and in particular, to a data storage method and system.

Background

With the development of internet technology, cloud storage is accepted by more and more users, so that the cloud storage not only can bring convenience to the users, but also can ensure the safety of data, is a new development trend of the user storage data, and most of platforms corresponding to public cloud storage can carry out encryption processing on the data in a transparent encryption mode, so that the safety of the data can be improved while the operation of the users is reduced; however, the encryption and decryption algorithm applied in the encryption and decryption process of the data also needs to consume CPU computing resources, the consumed duty ratio is often not low, and when a certain encryption disk relates to a large amount of encryption computation, the computing resources corresponding to the encryption disk are occupied in a large amount, so that the data writing efficiency of the encryption disk is greatly influenced, and the storage efficiency of the user for storing the data is greatly influenced; an effective solution to this problem is needed.

Disclosure of Invention

In view of this, embodiments of the present application provide a data storage method. The present application is also directed to a data storage system, a computing device, and a computer-readable storage medium that address the technical shortcomings of the prior art.

According to a first aspect of an embodiment of the present application, there is provided a data storage method, including:

acquiring a storage request of target data; the storage request carries a disk identifier;

acquiring node identifiers of encryption nodes distributed for the storage request from the encryption node cluster;

invoking an encryption node corresponding to the node identifier, and encrypting the target data into encrypted data;

and calling a storage node corresponding to the disk identifier, and storing the encrypted data to an encrypted disk corresponding to the disk identifier.

Optionally, after the step of obtaining the storage request of the target data is performed and before the step of obtaining the node identifier of the encrypted node allocated to the storage request from the encrypted node cluster is performed, the method further includes:

the attribute data of the target disk are read from the target disk corresponding to the disk identifier;

detecting whether the target disk is an encrypted disk storing encrypted data based on the attribute data;

If yes, the target disk is used as the encrypted disk, and the step of acquiring the node identification of the encrypted node distributed for the storage request from the encrypted node cluster is executed.

Optionally, the encryption node allocated for the storage request is determined by:

calculating the resource occupancy rate of the target data based on the data flow rate of the target data;

comparing the resource occupancy rate with the resource unused rate of each encryption node in the encryption node cluster;

and selecting a target encryption node as an encryption node allocated for the storage request according to the comparison result.

Optionally, the selecting a target encryption node according to the comparison result includes:

if the resource occupancy rate is smaller than or equal to the resource unused rate of each encryption node, selecting one encryption node from the encryption node cluster to be determined as the target encryption node;

or,

and if the resource occupancy rate is larger than the resource unused rate of each encryption node, selecting a plurality of encryption nodes according to the resource occupancy rate to determine the encryption nodes as the target encryption nodes.

Optionally, before the step of calling the storage node corresponding to the disk identifier and storing the encrypted data to the encrypted disk corresponding to the disk identifier is executed, the method further includes:

Generating a storage link according to the node identifier and the disk identifier;

correspondingly, the calling the encryption node corresponding to the node identifier encrypts the target data into encrypted data, which comprises the following steps:

invoking an encryption node corresponding to the node identifier in the storage link, and encrypting the target data into the encrypted data;

correspondingly, the calling the storage node corresponding to the disk identifier stores the encrypted data to the encrypted disk corresponding to the disk identifier, including:

and calling a storage node corresponding to the disk identifier in the storage link, and storing the encrypted data to the encrypted disk corresponding to the disk identifier.

Optionally, the obtaining the node identifier of the encrypted node allocated to the storage request from the encrypted node cluster includes:

reading metadata of the encrypted node cluster;

and determining the node identification of the encryption node allocated to the storage request according to the reading result.

Optionally, the method further comprises:

detecting the resource utilization rate of each encryption node in the encryption node cluster in a preset time period;

determining the total resource utilization rate corresponding to the encryption node cluster based on the resource utilization rate;

And adding a new encryption node in the encryption node cluster under the condition that the total resource utilization rate is larger than a preset utilization rate threshold value.

Optionally, after the step of calling the storage node corresponding to the disk identifier and storing the encrypted data to the encrypted disk corresponding to the disk identifier is executed, the method further includes:

generating reminding information according to the storage result, and determining a target user corresponding to the encrypted disk;

and sending the reminding information to the target user.

Optionally, after the step of calling the encryption node corresponding to the node identifier to encrypt the target data into encrypted data is executed, and before the step of calling the storage node corresponding to the disk identifier to store the encrypted data into the encrypted disk corresponding to the disk identifier is executed, the method further includes:

calling the encryption node to carry out secondary encryption on the encrypted data;

and calling the storage node corresponding to the disk identifier, and storing the secondary encrypted data obtained by secondary encryption to the encrypted disk corresponding to the disk identifier.

acquiring a reading request submitted by a target user, and sending an identity mark contained in the reading request to a key management interface;

determining the secondary encryption data corresponding to the ciphertext data according to the ciphertext data returned by the key management interface;

invoking at least one decryption node in a decryption node cluster, and performing decryption processing on the secondary ciphertext data to obtain the encrypted data;

decrypting the encrypted data based on the decryption node to obtain the target data;

and sending the target data to the target user.

Optionally, if the detection result of detecting whether the target disk is an encrypted disk storing encrypted data based on the attribute data is no, the following steps are executed:

calling a storage node corresponding to the target disk, and storing the target data to the target disk;

generating storage reminding information according to a storage result, and determining a target user corresponding to the target disk;

And sending the storage reminding information to the target user.

According to a second aspect of embodiments of the present application, there is provided a data storage system comprising:

a computing unit, an encryption node cluster and a storage node cluster;

the computing unit is configured to acquire a storage request of target data; the storage request carries a disk identifier; acquiring node identifiers of encryption nodes distributed for the storage request from the encryption node cluster; transmitting the target data and the node identification to the encrypted node cluster, and transmitting the disk identification to the storage node cluster;

the encryption node cluster is configured to call an encryption node corresponding to the node identifier, and encrypt the target data into encrypted data; sending the encrypted data to the storage node cluster;

the storage node cluster is configured to call a storage node corresponding to the disk identifier, and store the encrypted data to an encrypted disk corresponding to the disk identifier.

According to a third aspect of embodiments of the present application, there is provided a computing device comprising:

a memory and a processor;

the memory is for storing computer-executable instructions, and the processor is for executing the computer-executable instructions:

According to a fourth aspect of embodiments of the present application, there is provided a computer readable storage medium storing computer executable instructions which, when executed by a processor, implement the steps of the data storage method.

According to the data storage method provided by the embodiment of the application, after the storage request carrying the disk identifier is acquired, the node identifier of the encryption node allocated to the storage request from the encryption node cluster is acquired, then the encryption node corresponding to the node identifier is called, encryption processing is carried out on target data, the storage node corresponding to the disk identifier is called, the encrypted data are stored to the encryption disk corresponding to the disk identifier, the encryption process of the target data is completed independently by the allocated encryption node, the cost of deploying the encryption node for each encryption disk is effectively saved, and the encryption processing operation is carried out independently by the encryption node in the encryption node cluster, so that the data storage efficiency can be further improved under the condition that other upstream and downstream node services are not affected.

Drawings

FIG. 1 is a flow chart of a method for storing data according to an embodiment of the present application;

FIG. 2 is a schematic diagram illustrating an encryption process in a data storage method according to an embodiment of the present application;

FIG. 3 is a process flow diagram of a data processing method applied to scene one according to an embodiment of the present application;

FIG. 4 is a schematic diagram of a data storage framework provided in accordance with one embodiment of the present application;

FIG. 5 is a process flow diagram of a data processing method applied to scene two according to an embodiment of the present application;

FIG. 6 is a schematic diagram of a data storage system according to an embodiment of the present application;

FIG. 7 is a block diagram of a computing device according to one embodiment of the present application.

Detailed Description

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is, however, susceptible of embodiment in many other ways than those herein described and similar generalizations can be made by those skilled in the art without departing from the spirit of the application and the application is therefore not limited to the specific embodiments disclosed below.

The terminology used in one or more embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of one or more embodiments of the application. As used in this application in one or more embodiments and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present application refers to and encompasses any or all possible combinations of one or more of the associated listed items.

It should be understood that, although the terms first, second, etc. may be used in one or more embodiments of the present application to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, a first may also be referred to as a second, and similarly, a second may also be referred to as a first, without departing from the scope of one or more embodiments of the present application. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.

First, terms related to one or more embodiments of the present application will be explained.

Cloud server: the server is provided by a cloud host manufacturer and is produced based on a cloud computing technology, so that a user can operate and manage in a remote login mode; the use mode of the system is the same as that of a common remote physical server;

yun Cipan: disk instances build on top of a distributed storage system. The cloud server can be used as a computer disk for reading and writing;

encryption disk: a cloud disk for encrypting and storing data; a user reads and writes a disk in the system, encrypts and decrypts the IO request in the storage system, the encrypted data is really stored in the physical disk, and the decrypted plaintext data is read by the user.

In the present application, a data storage method is provided, and the present application relates to a data storage system, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments.

Fig. 1 shows a flowchart of a data storage method according to an embodiment of the present application, which specifically includes the following steps:

step S102, a storage request of target data is acquired.

In practical application, the cloud storage mode is applied by more and more users, and the security of the cloud storage is also a main topic focused by the users; in general, the public cloud storage disk provided by the cloud storage platform adopts a transparent encryption mode to encrypt data, and the encryption process is completed by the storage node corresponding to the encryption disk, and the calculation resource consumed by the CPU (Central processing Unit) of the algorithm for encrypting and decrypting the data is larger, so that the efficiency when the data is written into the encryption disk is lower, the service quality of the node is seriously influenced, and the data storage efficiency is greatly improved.

In order to improve data storage efficiency, after a storage request carrying a disk identifier is acquired, the node identifier of an encryption node allocated to the storage request from an encryption node cluster is acquired, then the encryption node corresponding to the node identifier is called, encryption processing is performed on target data, the storage node corresponding to the disk identifier is called, the encrypted data is stored to an encryption disk corresponding to the disk identifier, the encryption process of the target data is completed by the allocated encryption node independently, cost of allocating the encryption node to each encryption disk is effectively saved, and encryption processing operation is performed by the encryption node in the encryption node cluster independently, so that data storage efficiency can be further improved under the condition that other upstream and downstream node services are not affected.

In the implementation, the target data specifically refers to data to be stored, which may be multimedia data, project data of an enterprise, attribute data of a user, or the like; correspondingly, the storage request can be a request submitted by a user with a storage target data requirement through a front-end interaction interface; for example, a user needs to store data corresponding to video on a platform providing cloud storage service, at this time, the user submits a storage request of the video data through an application program corresponding to the platform, and the platform of the cloud storage service stores the video data to a cloud disk corresponding to the user according to the storage request, so that the video data can be saved for the user to call at any time.

Based on this, in the case of acquiring a storage request for target data, storage processing will be performed on the target data according to the storage request, and since disks corresponding to different users have different settings, it is required to detect whether encryption needs to be performed on the target data according to a disk identifier carried in the storage request, in this embodiment, the specific implementation manner is as follows:

if yes, the target disk is used as the encrypted disk, and the following step S104 is executed;

if not, calling a storage node corresponding to the target disk, and storing the target data to the target disk;

and sending the storage reminding information to the target user.

In practical application, because different users have different demands for data to be stored, when selecting a disk for storing the data, an encrypted disk and an unencrypted disk can be selected, wherein the encrypted disk is used for storing the data after encryption processing, and the unencrypted disk is used for storing the data which is not subjected to encryption processing; the target user is a user with a requirement for storing target data; the attribute data specifically refers to data such as a disk type, a disk size and the like of the target disk.

Based on the above, after the storage request is acquired, whether the disk storing the target data is an encrypted disk is detected, specifically, whether the target disk is an encrypted disk storing the encrypted data is detected based on the attribute data after the attribute data is read from the target disk corresponding to the disk identifier, if so, the target disk is an encrypted disk, and the subsequent encryption processing process is executed after the target data is encrypted; if not, the target disk is not an encrypted disk, so that the target data is stored in the target disk; and generating reminding information according to the storage result, and sending the reminding information to the target user.

For example, when a user a has a corresponding data disk F in the cloud storage platform and there is a need to store target data to the data disk F, a storage request is submitted through a front-end interface of the cloud storage platform, and at this time, the cloud storage platform detects whether encryption processing is required to be performed on the target data according to a disk identifier f_1 carried in the storage request, that is, determines the data disk F according to the disk identifier f_1, and reads corresponding type data in the data disk F;

when the data disk F is detected to be a non-encrypted disk based on the type data, encryption processing is not needed on the target data, the target data is written into the data disk F according to a storage node corresponding to the disk identifier F_1, storage completion information is generated according to a storage result and is sent to the user A, and the user A is reminded of finishing storing the target data;

and under the condition that the data disk F is an encrypted disk based on the type data, determining that the target data can be written into the data disk F after encryption processing, namely, carrying out subsequent encryption and storage according to the disk identifier F_1.

In summary, before storing the target data, it is determined whether the target data needs encryption processing, so that the target data can be stored after being encrypted or stored without encryption according to the determination result, and the accuracy of the data storage path is ensured while the data storage efficiency is improved, and further the encryption resource consumption is saved.

Step S104, obtaining the node identification of the encryption node distributed for the storage request from the encryption node cluster.

Specifically, on the basis of acquiring the storage request carrying the disk identifier, it is determined that the target data needs to be written into the encrypted disk, that is, the node identifier of the encrypted node allocated to the storage request in the encrypted node cluster is determined, where the disk identifier refers to the unique identifier of the encrypted disk, and the encrypted node cluster refers to a cluster formed by a large number of encrypted nodes. The encryption node is supported by the hardware encryption component, and the encryption component can be called to carry out encryption processing by distributing the encryption node.

In practical application, each encryption node contained in the encryption node cluster is provided with a node identifier, when target data is written into an encryption disk after encryption processing is needed, the encryption node is allocated for a storage request to complete encryption, so that the encryption processing of the target data can be completed without independently configuring the encryption node for each encryption disk, and the cost for deploying an encryption component is greatly reduced.

Based on the above, after determining the node identifier, the storage process of the target data specifically refers to that the target data is encrypted by calling an encryption node corresponding to the node identifier to obtain encrypted data, the encrypted data is fed back to the computing node by the encryption node, the computing node sends the encrypted data to the storage node according to the disk identifier, and finally the storage node corresponding to the disk identifier is called to store the encrypted data to the encrypted disk.

In the process, in order to improve the storage efficiency of the target data, a storage link can be generated according to the node identifier and the disk identifier, so that the encryption node does not need to interact with the computing node for many times in the process of storing the target data, the encryption node can determine the address of storing the target data according to the storage link, and the encryption data can be directly issued to the storage node according to the disk identifier in the storage link for storage processing. The storage link is specifically a path generated by a pointer to the target data, and writing of the target data to the encrypted disk after the target data is encrypted by the encryption node can be completed according to the storage link.

Further, when the encryption node is allocated to the storage request in the encryption node cluster, in order to improve the encryption efficiency in the encryption processing process, the encryption node may be selected according to the resource unused rate, and the specific implementation manner in this embodiment is as follows:

Specifically, firstly, determining the data flow of the target data, calculating the resource occupancy rate of the target data based on the data flow, secondly, comparing the resource occupancy rate with the resource unused rate of each encryption node in the encryption node cluster, and finally, selecting a target encryption node according to a comparison result as an encryption node allocated to the storage request for a subsequent encryption processing process.

The resource occupancy rate specifically refers to the occupancy rate of a computing resource of one encryption node used for encrypting the target resource, and the resource unused rate specifically refers to the occupancy rate of a computing resource unused by each encryption node in the encryption node cluster; both of the above-mentioned duty ratios can be understood as the ratio of occupying the CPU.

Further, in the process of selecting the target encryption node according to the comparison result, there may be an encryption node that cannot realize the encryption process of the target data, and the encryption process may be implemented by selecting a plurality of encryption nodes to encrypt in combination, or the encryption process of the target data may be completed by selecting an encryption node, and in this embodiment, the process of determining the target encryption node is as follows:

If the resource occupancy rate is smaller than or equal to the resource unused rate of each encryption node, selecting one encryption node from the encryption node cluster to be determined as the target encryption node; or if the resource occupancy rate is greater than the resource unused rate of each encryption node, selecting a plurality of encryption nodes according to the resource occupancy rate to determine the plurality of encryption nodes as the target encryption node.

Specifically, after comparing the resource occupancy rate with the resource unused rate of each encryption node, if the resource occupancy rate is smaller than or equal to the resource unused rate of each encryption node, it is indicated that any encryption node in the encryption node cluster can complete encryption processing on the target data, and then any encryption node in the encryption node cluster is selected to determine that the encryption node is the target encryption node, so that the node identification of the encryption node is determined later, and the encryption processing process is performed;

if the resource occupancy rate is greater than the resource unused rate of each encryption node, it is indicated that any encryption node in the encryption node cluster cannot independently complete the encryption processing on the target data, and a plurality of encryption node combinations can be selected as the target encryption node according to the resource occupancy rate, so as to be used for subsequently determining the node identifier of the encryption node and performing the encryption processing.

In addition, in the case that all computing resources of some encryption nodes may not be used in the encryption node cluster, in order to accelerate encryption processing efficiency of target data, the encryption node with unused computing resources may be preferentially selected, that is, in the case that the resource occupancy rate is less than or equal to all computing resources of the encryption node with unused computing resources, a node identifier corresponding to the unused encryption node is selected to perform a subsequent encryption processing process; or under the condition that the resource occupancy rate is larger than all computing resources of the unused encryption nodes, selecting node identifiers corresponding to the plurality of unused encryption nodes to carry out subsequent encryption processing.

Along the above example, under the condition that it is determined that the target data of the user a needs to be encrypted, at this time, an encryption node needs to be allocated for a storage request of the user a for subsequent encryption processing, firstly, calculating the resource occupancy rate of the target resource to be 70% based on the data traffic of the target data, and then comparing the resource occupancy rate to 70% with the resource unused rates of the encryption nodes in the encryption node cluster;

if an unused encryption node exists in the encryption node cluster (the resource unused rate is 100%), selecting a node identifier E_1 of the unused encryption node E1 in the encryption node cluster, and generating a storage link by combining the disk identifier F_1 for a subsequent encryption storage process;

If the encryption nodes in the encryption node cluster are all in a called state, and the resource unused rate of each encryption node is less than 70% of the resource occupancy rate, selecting a combination of the encryption node E2 (resource unused rate 30%) and the encryption node E3 (resource unused rate 50%) in the encryption node cluster as a target encryption node, determining a node identifier E_2 of the encryption node E2 and a node identifier E_3 of the encryption node E3, and generating a storage link by combining a disk identifier F_1 for a subsequent encryption storage process.

By selecting the encryption nodes to be configured in a cluster deployment mode, the deployment cost of the encryption nodes can be saved, when the encryption processing target data is required to be encrypted, the encryption nodes are distributed according to the storage request to complete the subsequent encryption processing process, the consumption of computing resources is effectively saved, and the management of the secret keys used in the encryption process can be effectively improved.

Further, in order to accelerate the efficiency of the subsequent encryption processing and improve the efficiency of storing the target data, the node identifier is determined by reading the metadata of the encrypted node cluster, and in this embodiment, the specific implementation manner is as follows:

Reading metadata of the encrypted node cluster;

Specifically, firstly, metadata of the encrypted node cluster is read, secondly, the node identification of the encrypted node allocated to the storage request is determined according to a reading result, and finally, subsequent encryption and storage are carried out based on the disk identification and the node identification.

In practical application, the metadata specifically refers to data recorded with related description information of each encryption node in the encryption node cluster, so that node identification of the encryption node can be quickly queried after the encryption node is distributed, and further storage efficiency of target data is improved.

Step S106, the encryption node corresponding to the node identification is called, and the target data is encrypted into encrypted data.

Specifically, on the basis of determining the node identifier, further, encrypting data and storing the data based on the node identifier and the disk identifier, specifically, invoking an encryption node corresponding to the node identifier, and encrypting the target data to obtain the encrypted data; in addition, in order to accelerate the data storage efficiency and save the interaction times of the encryption node and the storage node, the encryption node corresponding to the node identifier in the storage link can be called to encrypt the target data to obtain the encrypted data, so that the encryption node can determine the storage node according to the storage link, the data is not required to be fed back to the computing node to encrypt, and the subsequent data storage can be directly carried out according to the storage link.

Referring to fig. 2, on one hand, target data may be preprocessed (a storage request for the target data and a node identifier are obtained) by a computing node, then the target data is issued to an encryption node according to the node identifier for encryption processing, and finally the encrypted data is stored to an encryption disk according to a storage node corresponding to the disk identifier; as shown in fig. 2, the other party may go through a storage link generated by the computing node, where the storage link is computing node 2> and encrypting node 1> and the storage node 1, the computing node 2 sends the target data to the encrypting node 1, the encrypting node 1 encrypts the target data to obtain encrypted data, and then the encrypting node 1 sends the encrypted data to the storage node, and the encrypted data is stored in an encrypted disk corresponding to the disk identifier.

Further, after the encryption node corresponding to the node identifier is called to encrypt the target data into encrypted data, in order to ensure the security of the data, the encrypted data may be further encrypted by the encryption node, and finally the secondarily encrypted data may be stored in an encryption disk, where in this embodiment, the specific implementation manner is as follows:

Calling the encryption node to carry out secondary encryption on the encrypted data; and then executing the following step S108, wherein correspondingly, the step S108 specifically refers to calling the storage node corresponding to the disk identifier, and storing the secondary encrypted data obtained by secondary encryption into the encrypted disk corresponding to the disk identifier.

Taking the determined storage link containing the node identifier E_1 and the disk identifier F_1 as an example, describing the secondary encryption process, further, carrying out encryption processing on target data by calling an encryption node E1 corresponding to the node identifier E_1 in the storage link to obtain encrypted data M1, then calling the encryption node E1 to carry out secondary encryption on the encrypted data M1 to obtain secondary encrypted data M2, and finally storing the secondary encrypted data M2 to an encryption disk corresponding to the disk identifier F_1; the data security can be effectively improved through a secondary encryption mode.

In addition, in order to avoid the situation that the data traffic written into the encryption disk in the same period is too large, the situation that the computing resources of the encryption nodes in the encryption node cluster are occupied may occur, at this time, if there is data to be encrypted, the problem that no encryption node is available will occur, and the encryption efficiency of the data is reduced to a great extent.

Specifically, detecting the resource utilization rate of each encryption node in the encryption node cluster in a preset time period, summing the resource utilization rates to determine the total resource utilization rate corresponding to the encryption node cluster, comparing the total resource utilization rate with a preset utilization rate threshold at the moment, and under the condition that the total resource utilization rate is smaller than or equal to the preset utilization rate threshold, indicating that each encryption node in the encryption node cluster can encrypt more target data without any processing; and under the condition that the total resource utilization rate is larger than a preset utilization rate threshold value, the situation that computing resources of the encryption nodes are not distributed enough when each encryption node in the encryption node cluster performs encryption processing on target data with larger data traffic is indicated, and the encryption node cluster is subjected to capacity expansion, and new encryption nodes are added to be used for scenes with larger data traffic on the target data.

In addition, a graph can be constructed according to the relation between time and the total encrypted data, so that the data flow of the encrypted data at each moment can be more intuitively analyzed, then the encrypted nodes can be increased according to the total data flow corresponding to the wave peaks, and the encrypted nodes (the encrypted nodes which are unused for a long time exist in the encrypted node cluster) can be reduced, thereby realizing the effective utilization of the computing resources of the encrypted nodes and avoiding the occurrence of the condition of computing resource waste.

In practical application, the preset time period may be set according to a practical application scenario, and may be set to 1 day, 3 days or 7 days, which is not limited herein.

For example, the encryption node cluster includes 1 ten thousand encryption nodes, the resource utilization rate of each encryption node exceeds 90%, the total resource utilization rate corresponding to the encryption node cluster is determined to be 90% through statistics, at this time, the total resource utilization rate is determined to be greater than the preset utilization rate threshold by comparing the total resource utilization rate 90% with the preset utilization rate threshold of 85%, at this time, it is indicated that the calculation load of the encryption nodes included in the encryption node cluster is greater, 11 new encryption nodes are added according to the comparison result, the total resource utilization rate can be reduced to less than the preset utilization rate threshold of 85%, and the encryption processing can be completed more efficiently by the encryption node cluster.

By detecting the encryption node cluster in a preset time period, new encryption nodes can be added according to actual application scenes under the condition of high resource utilization rate, encryption processing efficiency for target data is improved, the encryption nodes can be reduced, and resource waste is avoided.

Step S108, the storage node corresponding to the disk identifier is called, and the encrypted data is stored in the encrypted disk corresponding to the disk identifier.

Specifically, after the encryption node is called to encrypt the target data, encrypted data is obtained, further, a storage node corresponding to the disk identifier is called, the encrypted data is stored in an encrypted disk corresponding to the disk identifier, and the data storage process is completed; in addition, in order to accelerate the data storage efficiency, a storage node corresponding to the disk identifier in the storage link can be called, the encrypted data is stored to an encrypted disk corresponding to the disk identifier, and the data storage process is completed.

Further, after the encrypted data is stored in the encrypted disk corresponding to the disk identifier, in order to facilitate a user corresponding to the encrypted disk to know the data writing situation in time, reminding information may be generated according to the data storage result and sent to the target user, where in this embodiment, the specific implementation manner is as follows:

and sending the reminding information to the target user.

In practical application, the reminding information specifically refers to information for reminding the target user data storage specific details corresponding to the encrypted disk.

Along the above example, after the target data of the user a is encrypted by the encryption node E1, the obtained encrypted data is stored in the encrypted disk F corresponding to the disk identifier f_1, at this time, the reminding information is generated according to the storage result, the reminding information includes the available space, the used space and the data storage completion information of the encrypted disk F, and finally the reminding information is sent to the user a, so that the user can monitor the related information of the encrypted disk more conveniently, and the experience effect of the user is effectively improved.

In addition, after the data storage is completed, if the target user needs to read the data in the encrypted disk, the target user needs to decrypt the data in the encrypted disk at this time, so that the target user can obtain the target data and complete the data reading, and in this embodiment, the specific implementation manner is as follows:

Determining that the ciphertext data corresponds to the secondary encryption data according to the ciphertext data returned by the key management interface;

and sending the target data to the target user.

Specifically, the key management interface is an interface for managing ciphertext data corresponding to data stored in an encrypted disk, after a reading request submitted by a user is obtained, an identity mark contained in the reading request is sent to the key management interface, and the key management interface reads the ciphertext data according to the identity mark and returns the ciphertext data.

At this time, determining secondary encrypted data (i.e., data for performing secondary encryption on the encrypted data) corresponding to the ciphertext data, calling at least one decryption node in a decryption node cluster, performing decryption processing on the secondary encrypted data to obtain the encrypted data, performing decryption processing on the encrypted data by the decryption node to obtain the target data, and finally sending the target data to the target user.

In practical application, the decryption node cluster specifically refers to a cluster corresponding to the encryption node cluster, and is used for performing decryption processing on data to be decrypted; in addition, the decryption node cluster may also be the encryption node cluster, that is, encryption processing and decryption processing may be completed by using the encryption nodes included in the encryption node cluster, which may further save resource consumption.

For example, after storing the target data to the encrypted disk corresponding to the disk identifier f_1, receiving a read request submitted by the user a, at this time, sending the identity identifier a_1 of the user a included in the read request to the key management interface, determining the secondary encrypted data M2 corresponding to the ciphertext data under the condition that ciphertext data returned by the key management interface for the identity identifier a_1 is received, at this time, invoking the encryption node E8 included in the encryption node cluster to decrypt the secondary encrypted data M2 to obtain the encrypted data M1, performing secondary decryption on the encrypted data M1 by the encryption node E8 to obtain the target data, and returning the target data to the user a.

In addition, in the process of decrypting the data, the decryption node is also selected according to the data flow of the data to be decrypted, so as to complete the decryption process of the data to be decrypted, the process of selecting the decryption node in the decryption process is similar to the process of selecting the encryption node, and the specific process can refer to the process of selecting the encryption node, which is not repeated here.

According to the data storage method provided by the embodiment, after the storage request carrying the disk identifier is acquired, the node identifier of the encryption node allocated to the storage request from the encryption node cluster is acquired, then the encryption node corresponding to the node identifier is called, the target data is encrypted, the storage node corresponding to the disk identifier is called, the encrypted encryption data are stored to the encryption disk corresponding to the disk identifier, the encryption process of the target data is completed by the allocated encryption node independently, the cost of allocating the encryption node to each encryption disk is effectively saved, and the encryption processing operation is carried out by the encryption node in the encryption node cluster independently, so that the data storage efficiency can be further improved under the condition that other upstream and downstream node services are not affected.

The application of the data storage method provided in the present application in the first scenario is taken as an example, and the data storage method is further described below with reference to fig. 3 and fig. 4. Fig. 3 shows a process flow diagram of a data storage method applied to scene one according to an embodiment of the present application, and fig. 4 shows a schematic diagram of a data storage framework according to an embodiment of the present application, specifically referring to the following steps:

Step S302, a storage request submitted by a target user for target data is acquired.

In a cloud storage scene, in order to provide a convenient data storage requirement for a user, the user can open a cloud disk on a platform corresponding to the cloud storage, the data can be ensured not to be lost by storing the data to the cloud disk, and the hardware disk corresponding to the cloud disk is centrally managed by the platform corresponding to the cloud storage, so that the safety of the data can be effectively ensured;

referring to fig. 4, data is written through terminal software facing to a user in a computing node, then the data is processed by an operating system and virtualization platform software in a virtual machine in the computing node, a storage link is generated according to a first block storage in the computing node (the first block storage is not controlled by a second block storage, and is an upper module above the first block storage, and a block storage system below) again, then the storage link and target data are sent to an encryption node, encryption processing is completed by an encryption component, encrypted data is generated, and finally data storage operation is completed by an encryption disk (final storage place) corresponding to the storage node.

Based on the above, in order to improve the security of the data and facilitate the operation of the user, the cloud storage corresponding platform adopts a transparent encryption mode to realize the encryption process of the data, in this process, in order to improve the encryption efficiency of the data, the cloud storage corresponding platform completes the encryption processing of the data by setting an encryption node cluster, and in the scene of encrypting and storing the data, firstly, the interaction process with the user needs to be completed through the computing node, specifically, the user can submit a storage request through a front end interaction interface corresponding to the computing node; secondly, the computing node sends target data to the encryption nodes contained in the encryption node cluster according to the storage request of the user to carry out encryption processing to obtain encrypted data; and finally, storing the encrypted data to an encrypted disk by a storage node to finish the storage of the data.

Step S304, the attribute data of the target disk corresponding to the disk identifier contained in the storage request is read.

Specifically, a disk identifier included in the storage request is obtained, and attribute data of a target disk is read from a target disk corresponding to the disk identifier, where the attribute data of the target disk specifically refers to disk type data, storage space data, available storage space data, and the like of the target disk.

Step S306, detecting whether the target disk is an encrypted disk storing encrypted data based on the attribute data; if not, executing step S308; if yes, step S310 is executed.

Step S308, the target data is sent to the storage node, the storage node finishes storing the target data to the target disk, and a storage completion reminder is sent to the target user.

Specifically, when the target disk is not an encrypted disk, the target data is directly sent to the storage node without encryption processing, and the storage node is used for completing the storage of the target data to the target disk.

Step S310, a storage link is generated according to the disk identification and the node identification of the encryption node allocated for the storage request in the encryption node cluster.

In specific implementation, the process of generating the storage link may refer to the corresponding descriptions in the above embodiments, which are not repeated here.

Step S312, the target data is sent to the encryption node corresponding to the node identifier according to the storage link, the encryption node encrypts the target data into encrypted data, and the encryption node sends the encrypted data to the storage node corresponding to the disk identifier in the storage link.

Specifically, after the storage link is determined, the computing node sends the storage link to the storage node and the encryption node, and simultaneously sends the target data to the encryption node corresponding to the node identifier, the encryption node completes the encryption processing process of the target data, and the encrypted data obtained by the encryption processing is transmitted to the next stage in the storage link, specifically, after the encryption node completes the encryption of the target data, the encrypted data is sent to the storage node, and the data storage operation is performed.

In step S314, the storage node corresponding to the disk identifier in the storage link receives the encrypted data sent by the encryption node, and the storage node stores the encrypted data to the encrypted disk corresponding to the disk identifier.

Specifically, after receiving the encrypted data issued by the encryption node, the storage node determines an encrypted disk according to the disk identifier of the generated storage link, and stores the encrypted data in the encrypted disk, thereby completing the data storage operation.

Step S316, generating reminding information according to the storage result and sending the reminding information to the target user.

Specifically, after the encrypted data is stored in the encrypted disk, reminder information is generated at this time, and the reminder information includes available storage space information, used storage space information, data storage completion information and the like of the encrypted disk.

According to the data storage method, the process of encrypting the target data is completed by the distributed encryption nodes independently, cost of deploying the encryption nodes for each encryption disk is effectively saved, encryption processing operation is carried out by the encryption nodes in the encryption node cluster independently, data storage efficiency can be further improved under the condition that service of other upstream and downstream nodes is not affected, data storage is completed by combining the storage links, interaction times of the encryption nodes and the computing nodes can be saved, and data storage efficiency is further improved.

The application of the data storage method provided in the present application in the second scenario is taken as an example, with reference to fig. 5, and the data storage method is further described below. Fig. 5 shows a process flow chart of a data storage method applied to a second scenario according to an embodiment of the present application, specifically referring to the following steps:

Step S502, a read request submitted by a target user for the read data is acquired.

In a cloud storage scene, in order to provide a convenient data storage requirement for a user, the user can open a cloud disk on a platform corresponding to cloud storage, the data can be ensured not to be lost by storing the data to the cloud disk, and the hardware disk corresponding to the cloud disk is centrally managed by the platform corresponding to cloud storage, so that the safety of the data can be effectively ensured.

Based on this, in order to ensure the security of the data, the data stored in the encrypted disk is encrypted, and if the target user needs to read the encrypted data in the encrypted disk, the target user needs to decrypt the encrypted data before the target user obtains the plaintext data (target data); firstly, a computing node sends a data reading request to a storage node, the storage node extracts encrypted data according to the reading request after receiving the storage request, then at least one encryption node in an encryption node cluster is selected to decrypt the encrypted data to obtain target data, finally the target data is transmitted back to the computing node by the encryption node, and the target data is transmitted back to a target user by the computing node.

Step S504, extracting attribute data of a target disk corresponding to the disk identifier contained in the read request.

Specifically, a disk identifier included in the read request is obtained, and attribute data of a target disk is read in a target disk corresponding to the disk identifier, where the attribute data of the target disk specifically refers to disk type data, storage space data, available storage space data, and the like of the target disk.

Step S506, detecting whether the target disk is an encrypted disk storing encrypted data based on the attribute data; if not, executing step S508; if yes, go to step S510.

In step S508, the storage node corresponding to the disk identifier reads the read data from the target disk corresponding to the disk identifier, and sends the read data to the computing node, and the computing node sends the read data to the target user.

Specifically, under the condition that the target disk is not an encrypted disk, decryption processing is not needed for the read data, the read data is directly sent to the computing node, and the computing node forwards the read data to the target user.

Step S510, according to the disk identification and the node identification of the encryption and decryption node allocated for the reading request in the encryption and decryption node cluster, a reading link is generated.

Specifically, the encryption and decryption node cluster specifically refers to a cluster formed by nodes capable of encrypting and decrypting data; further, in the case that the target disk is an encrypted disk, the read data can be sent to the target user only after decryption, and in order to improve the decryption efficiency, the encryption and decryption nodes are selected from the encryption and decryption node clusters according to the resource occupancy rate of the read data to complete the data confidentiality operation.

Step S512, the storage node corresponding to the disk identifier in the read link acquires the read data from the encrypted disk corresponding to the disk identifier according to the read request, and the storage node sends the read data to the encryption and decryption node corresponding to the node identifier in the read link.

Step S514, the encryption and decryption node corresponding to the node identification in the reading link receives the read data issued by the storage node, the encryption and decryption node decrypts the read data into target data, and the encryption and decryption node sends the target data to the calculation node of the reading link.

In step S516, the computing node sends the target data to the target user.

Specifically, after the read data is decrypted to obtain the target data, the target data is forwarded to the target user through the computing node, so that the target user can obtain the read data.

In summary, the process of decrypting the read data is completed by the distributed encryption and decryption nodes independently, so that the cost of deploying the encryption and decryption nodes for each encryption disk is effectively saved, and the encryption and decryption nodes in the encryption and decryption node cluster independently perform decryption operation, so that the data decryption processing efficiency is further improved under the condition that the services of other upstream and downstream nodes are not affected.

Corresponding to the above method embodiments, the present application further provides a data storage system embodiment, and fig. 6 shows a schematic structural diagram of a data storage system according to an embodiment of the present application. As shown in fig. 6, the data storage system 600 includes:

a computing unit 602, an encryption node cluster 604 and a storage node cluster 606;

the computing unit 602 is configured to obtain a storage request of target data; the storage request carries a disk identifier; acquiring node identifiers of encryption nodes distributed for the storage request from the encryption node cluster; transmitting the target data and the node identification to the encrypted node cluster 604 and the disk identification to the storage node cluster 606;

The encryption node cluster 604 is configured to invoke an encryption node corresponding to the node identifier, and encrypt the target data into encrypted data; sending the encrypted data to the storage node cluster 606;

the storage node cluster 606 is configured to call a storage node corresponding to the disk identifier, and store the encrypted data to an encrypted disk corresponding to the disk identifier.

In an alternative embodiment, the data storage system 600 further includes:

the detection unit is configured to read attribute data of a target disk corresponding to the disk identifier from the target disk; detecting whether the target disk is an encrypted disk storing encrypted data based on the attribute data;

if yes, the target disk is taken as the encrypted disk, and the computing unit 602 is operated.

In an alternative embodiment, the encryption node allocated for the storage request is determined by:

In an optional embodiment, the selecting a target encryption node according to the comparison result includes:

or,

In an alternative embodiment, the computing unit 602 is further configured to: generating a storage link according to the node identifier and the disk identifier;

accordingly, the encryption node cluster 604 is further configured to: invoking an encryption node corresponding to the node identifier in the storage link, and encrypting the target data into encrypted data;

accordingly, the storage node cluster 606 is further configured to: and calling a storage node corresponding to the disk identifier in the storage link, and storing the encrypted data to an encrypted disk corresponding to the disk identifier.

In an alternative embodiment, the computing unit 602 is further configured to:

reading metadata of the encrypted node cluster; and determining the node identification of the encryption node allocated to the storage request according to the reading result.

In an alternative embodiment, the data storage system 600 further includes:

an adding unit configured to detect resource usage of each encryption node in the encryption node cluster in a preset time period; determining the total resource utilization rate corresponding to the encryption node cluster based on the resource utilization rate; and adding a new encryption node in the encryption node cluster under the condition that the total resource utilization rate is larger than a preset utilization rate threshold value.

In an alternative embodiment, the data storage system 600 further includes:

the reminding unit is configured to generate reminding information according to the storage result and determine a target user corresponding to the encrypted disk; and sending the reminding information to the target user.

In an alternative embodiment, the encryption node cluster 604 is further configured to:

accordingly, the storage node cluster 606 is further configured to:

In an alternative embodiment, the data storage system 600 further includes:

the decryption unit is configured to acquire a reading request submitted by a target user and send an identity mark contained in the reading request to the key management interface; determining that the ciphertext data corresponds to the secondary encryption data according to the ciphertext data returned by the key management interface; invoking at least one decryption node in a decryption node cluster, and performing decryption processing on the secondary ciphertext data to obtain the encrypted data; decrypting the encrypted data based on the decryption node to obtain the target data; and sending the target data to the target user.

In an optional embodiment, if the detection result of the detection unit is no, the storage unit is operated:

the storage unit is configured to call a storage node corresponding to the target disk and store the target data to the target disk; generating storage reminding information according to a storage result, and determining a target user corresponding to the target disk; and sending the storage reminding information to the target user.

According to the data storage system provided by the embodiment, after the storage request carrying the disk identifier is acquired, the node identifier of the encryption node allocated to the storage request from the encryption node cluster is acquired, then the encryption node corresponding to the node identifier is called, the target data is encrypted, the storage node corresponding to the disk identifier is called, the encrypted encryption data is stored to the encryption disk corresponding to the disk identifier, the encryption process of the target data is completed by the allocated encryption node independently, the cost of allocating the encryption node to each encryption disk is effectively saved, and the encryption processing operation is carried out by the encryption node in the encryption node cluster independently, so that the data storage efficiency can be further improved under the condition that other upstream and downstream node services are not affected.

The above is an exemplary scenario of a data storage system of the present embodiment. It should be noted that, the technical solution of the data storage system and the technical solution of the data storage method belong to the same conception, and details of the technical solution of the data storage system, which are not described in detail, can be referred to the description of the technical solution of the data storage method.

Fig. 7 illustrates a block diagram of a computing device 700 provided in accordance with an embodiment of the present application. The components of computing device 700 include, but are not limited to, memory 710 and processor 720. Processor 720 is coupled to memory 710 via bus 730, and database 750 is used to store data.

Computing device 700 also includes access device 740, access device 740 enabling computing device 700 to communicate via one or more networks 760. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. The access device 740 may include one or more of any type of network interface, wired or wireless (e.g., a Network Interface Card (NIC)), such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.

In one embodiment of the present application, the above-described components of computing device 700, as well as other components not shown in FIG. 7, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device illustrated in FIG. 7 is for exemplary purposes only and is not intended to limit the scope of the present application. Those skilled in the art may add or replace other components as desired.

Computing device 700 may be any type of stationary or mobile computing device including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smart phone), wearable computing device (e.g., smart watch, smart glasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 700 may also be a mobile or stationary server.

Wherein the processor 720 is configured to execute the following computer-executable instructions:

or,

reading metadata of the encrypted node cluster;

Optionally, the method further comprises:

and sending the reminding information to the target user.

and sending the target data to the target user.

and sending the storage reminding information to the target user.

The foregoing is a schematic illustration of a computing device of this embodiment. It should be noted that, the technical solution of the computing device and the technical solution of the data storage method belong to the same concept, and details of the technical solution of the computing device, which are not described in detail, can be referred to the description of the technical solution of the data storage method.

An embodiment of the present application also provides a computer-readable storage medium storing computer instructions that, when executed by a processor, are configured to:

The above is an exemplary version of a computer-readable storage medium of the present embodiment. It should be noted that, the technical solution of the storage medium and the technical solution of the data storage method belong to the same concept, and details of the technical solution of the storage medium which are not described in detail can be referred to the description of the technical solution of the data storage method.

The foregoing describes specific embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

The computer instructions include computer program code that may be in source code form, object code form, executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.

It should be noted that, for the sake of simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily all necessary for the present application.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.

The above-disclosed preferred embodiments of the present application are provided only as an aid to the elucidation of the present application. Alternative embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the teaching of this application. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. This application is to be limited only by the claims and the full scope and equivalents thereof.

Claims

1. A data storage method, comprising:

if yes, taking the target disk as an encryption disk;

invoking a storage node corresponding to the disk identifier, and storing the encrypted data to an encrypted disk corresponding to the disk identifier;

wherein the encryption node allocated for the storage request comprises: calculating the resource occupancy rate of the target data based on the data traffic of the target data, comparing the resource occupancy rate with the resource unused rate of each encryption node in the encryption node cluster, and selecting a target encryption node as an encryption node allocated to the storage request according to a comparison result.

2. The data storage method according to claim 1, the selecting a target encryption node according to the comparison result, comprising:

or,

3. The data storage method according to claim 1, wherein the calling the storage node corresponding to the disk identifier stores the encrypted data to the encrypted disk corresponding to the disk identifier before the step of executing, further comprises:

4. The data storage method according to claim 1, wherein the obtaining the node identification of the encrypted node allocated for the storage request from the encrypted node cluster includes:

reading metadata of the encrypted node cluster;

5. The data storage method of claim 1, further comprising:

6. The data storage method according to claim 1, wherein the step of calling the storage node corresponding to the disk identifier to store the encrypted data to the encrypted disk corresponding to the disk identifier is performed, further comprises:

and sending the reminding information to the target user.

7. The data storage method according to claim 1, wherein after the step of calling the encryption node corresponding to the node identifier to encrypt the target data into encrypted data is performed, and before the step of calling the storage node corresponding to the disk identifier to store the encrypted data into the encrypted disk corresponding to the disk identifier is performed, the method further comprises:

8. The data storage method according to claim 7, wherein the step of calling the storage node corresponding to the disk identifier to store the encrypted data to the encrypted disk corresponding to the disk identifier is performed, further comprises:

invoking at least one decryption node in a decryption node cluster, and performing decryption processing on the secondary encrypted data to obtain the encrypted data;

And sending the target data to the target user.

9. The data storage method according to claim 1, wherein the detecting whether the target disk is an encrypted disk storing encrypted data based on the attribute data is no, and the following steps are performed:

and sending the storage reminding information to the target user.

10. A data storage system, comprising:

the computing unit, encrypt the node cluster, store the node cluster and detection unit;

the computing unit is configured to acquire a storage request of target data; the storage request carries a disk identifier;

the detection unit is configured to read attribute data of a target disk corresponding to the disk identifier from the target disk; detecting whether the target disk is an encrypted disk storing encrypted data based on the attribute data; if yes, taking the target disk as the encrypted disk, and operating the computing unit;

The computing unit is further configured to obtain a node identifier of an encrypted node allocated to the storage request from the encrypted node cluster; transmitting the target data and the node identification to the encrypted node cluster, and transmitting the disk identification to the storage node cluster;

the storage node cluster is configured to call a storage node corresponding to the disk identifier, and store the encrypted data to an encrypted disk corresponding to the disk identifier;

11. A computing device, comprising:

a memory and a processor;

if yes, taking the target disk as an encryption disk;

12. A computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of the data storage method of any one of claims 1 to 9.